Data Protection Addendum
Effective June 22, 2022
This Data Protection Addendum (“Addendum”) forms part of the agreement between Customer and Modern Musician covering Customer’s use of the Services (as defined below) (“Agreement”).
I. Introduction
1. Definitions.
Capitalized terms not defined in this Section 1 will have the meaning given to them in this Addendum or the Agreement.
II. Controller and Processor
2. Relationship of the Parties
2.1 Modern Musician as a Processor. The parties acknowledge and agree that with regard to the processing of Customer Content, Customer may act either as a controller or processor and Modern Musician is a processor. Modern Musician will process Customer Content in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions).
2.2 Modern Musician as a Controller of Customer Account Data. The parties acknowledge that, with regard to the processing of Customer Account Data, Customer is a controller and Modern Musician is an independent controller, not a joint controller with Customer. Modern Musician will process Customer Account Data as a controller in order to (a) manage the relationship with Customer; (b) carry out Modern Musician’s core business operations, such as accounting and filing taxes; (c) detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of the Services; (d) perform identity verification; (e) comply with Modern Musician’s legal or regulatory obligation to retain Subscriber Records; and (f) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Modern Musician Privacy Policy.
2.3 Modern Musician as a Controller of Customer Usage Data. The parties acknowledge that, with regard to the processing of Customer Usage Data, Customer may act either as a controller or processor and Modern Musician is an independent controller, not a joint controller with Customer. Modern Musician will process Customer Usage Data as a controller in order to carry out the necessary functions as a communications service provider, such as: (a) Modern Musician’s accounting, tax, billing, audit, and compliance purposes; (b) to provide, optimize, and maintain the Services, platform and security; (c) to investigate fraud, spam, wrongful or unlawful use of the Services; (d) as required by applicable law or regulation; or (e) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Modern Musician Privacy Policy.
3. Purpose Limitation. Modern Musician will process personal data in order to provide the Services in accordance with the Agreement. "Details of Processing" of this Addendum further specifies the nature and purpose of the processing, the processing activities, the duration of the processing, the types of personal data and categories of data subjects.
4. Compliance. Customer is responsible for ensuring that (a) it has complied, and will continue to comply, with Applicable Data Protection Law in its use of the Services and its own processing of personal data and (b) it has, and will continue to have, the right to transfer, or provide access to, personal data to Modern Musician for processing in accordance with the terms of the Agreement and this Addendum.
III.Modern Musician as a Processor – Processing Customer Content
5. Customer Instructions. Customer appoints Modern Musician as a processor to process Customer Content on behalf of, and in accordance with, Customer’s instructions (a) as set forth in the Agreement, this Addendum, and as otherwise necessary to provide the Services to Customer, and which includes investigating security incidents and preventing spam, fraudulent activity, and violations of the Modern Musician Acceptable Use Policy, and detecting and preventing network exploits or abuse; (b) as necessary to comply with applicable law or regulation, including Applicable Data Protection Law; and (c) as otherwise agreed in writing between the parties (“Permitted Purposes”).
5.1 Lawfulness of Instructions. Customer will ensure that its instructions comply with Applicable Data Protection Law. Customer acknowledges that Modern Musician is neither responsible for determining which laws or regulations are applicable to Customer’s business nor whether Modern Musician’s provision of the Services meets or will meet the requirements of such laws or regulations. Customer will ensure that Modern Musician’s processing of Customer Content, when done in accordance with Customer’s instructions, will not cause Modern Musician to violate any applicable law or regulation, including Applicable Data Protection Law. Modern Musician will inform Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate any applicable law or regulation, including Applicable Data Protection Law.
5.2 Additional Instructions. Additional instructions outside the scope of the Agreement or this Addendum will be agreed to between the parties in writing, including any additional fees that may be payable by Customer to Modern Musician for carrying out such additional instructions.
6. Confidentiality
6.1 Responding to Third Party Requests. In the event any Third Party Request is made directly to Modern Musician in connection with Modern Musician’s processing of Customer Content, Modern Musician will promptly inform Customer and provide details of the same, to the extent legally permitted. Modern Musician will not respond to any Third Party Request without Customer’s prior consent, except as legally required to do so or to confirm that such Third Party Request relates to Customer.
6.2 Confidentiality Obligations of Modern Musician Personnel. Modern Musician will ensure that any person it authorizes to process Customer Content has agreed to protect personal data in accordance with Modern Musician's confidentiality obligations in the Agreement
7. Data Subject Rights. As part of the Services, Modern Musician provides Customer with a number of self-service features, including the ability to delete, obtain a copy of, or restrict use of Customer Content. Customer may use these self-service features to assist in complying with its obligations under Applicable Data Protection Law with respect to responding to requests from data subjects via the Services at no additional cost. To the extent Customer does not have the ability to resolve a data subject request through the self-service features, upon Customer’s request, Modern Musician will provide reasonable additional and timely assistance to assist Customer in complying with its data protection obligations with respect to data subject rights under Applicable Data Protection Law.
8. Impact Assessments and Consultations. Modern Musician will provide reasonable cooperation to Customer in connection with any data protection impact assessment (at Customer’s expense only if such reasonable cooperation will require Modern Musician to assign significant resources to that effort) or consultations with regulatory authorities that may be required in accordance with Applicable Data Protection Law.
9. Return or Deletion of Customer Content. Modern Musician will, in accordance with Section 3 (Duration of the Processing) of “Details of Processing” of this Addendum, delete or return to Customer any Customer Content stored within the Services.
9.1 Extension of Addendum. Upon termination of the Agreement, Modern Musician may retain Customer Content in storage for the time periods set forth in "Details of Processing" of this Addendum, provided that Modern Musician will ensure that Customer Content (a) is processed only as necessary for the Permitted Purposes and (b) remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.
9.2 Retention Required by Law. Notwithstanding anything to the contrary in this Section 10, Modern Musician may retain Customer Content, or any portion of it, if required by applicable law or regulation, including Applicable Data Protection Law, provided such Customer Content remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.
IV. Security and Audits
10. Security
10.1 Security Measures. Modern Musician has implemented and will maintain the technical and organizational security measures as set forth in the Agreement.
10.2 Determination of Security Requirements. Customer acknowledges the Services include certain features and functionalities that Customer may elect to use which impact the security of Customer Data processed by Customer’s use of the Services, such as, but not limited to, encryption of voice recordings, availability of multi-factor authentication on Customer’s account, or optional Transport Layer Security (TLS) encryption. Customer is responsible for reviewing the information Modern Musician makes available regarding its data security, including its audit reports, and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations, including its obligations under Applicable Data Protection Law. Customer is further responsible for properly configuring the Services and using features and functionalities made available by Modern Musician to maintain appropriate security in light of the nature of Customer Data processed as a result of Customer’s use of the Services.
10.3 Security Incident Notification. Modern Musician will provide notification of a Security Incident in the following manner:
Modern Musician will make reasonable efforts to identify a Security Incident, and to the extent a Security Incident is caused by Modern Musician’s violation of this Addendum, remediate the cause of such Security Incident. Modern Musician will provide reasonable assistance to Customer in the event that Customer is required under Applicable Data Protection Law to notify a regulatory authority or any data subjects impacted by a Security Incident.
V. International Provisions
11. Jurisdiction Specific Terms. To the extent Modern Musician processes personal data originating from and protected by Applicable Data Protection Law in one of the jurisdictions listed in "Jurisdiction Specific Terms" of this Addendum, the terms specified in "Jurisdiction Specific Terms" with respect to the applicable jurisdiction(s) apply in addition to the terms of this Addendum.
VI. Miscellaneous
12. Cooperation and Data Subject Rights. In the event that either party receives (a) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) or (b) any Third Party Request relating to the processing of Customer Account Data or Customer Usage Data conducted by the other party, such party will promptly inform such other party in writing. The parties agree to cooperate, in good faith, as necessary to respond to any Third Party Request and fulfill their respective obligations under Applicable Data Protection Law.
13. Conflict. In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) the applicable terms set forth in "Jurisdiction Specific Terms" of this Addendum; (2) the terms of this Addendum outside of "Jurisdiction Specific Terms"; (3) the Agreement; and (4) the Modern Musician Privacy Policy. Any claims brought in connection with this Addendum will be subject to the terms and conditions, including, without limitation, the exclusions and limitations set forth in the Agreement.
14. Failure to Perform. In the event that changes in law or regulation render performance of this Addendum impossible or commercially unreasonable, the parties may renegotiate this Addendum in good faith. If renegotiation would not cure the impossibility or the parties cannot reach an agreement, the parties may mutually agree to terminate the Agreement for convenience.
15. Updates. Modern Musician may update the terms of this Addendum from time to time; provided, however, Modern Musician will provide at least thirty (30) days prior written notice to Customer when an update is required as a result of (a) changes in Applicable Data Protection Law; (b) a merger, acquisition, or other similar transaction; or (c) the release of new products or services or material changes to any of the existing Services. The then-current terms of this Addendum are available at https://go.modernmusician.me/data-protection-addendum.
DETAILS OF PROCESSING
1. Nature and Purpose of the Processing. Modern Musician will process personal data as necessary to provide the Services under the Agreement. Modern Musician does not sell Customer’s personal data or Customer end users’ personal data and does not share such end users’ information with third parties for compensation or for those third parties’ own business interests.
1.1 Customer Content. Modern Musician will process Customer Content as a processor in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions) of this Addendum.
1.2 Customer Account Data. Modern Musician will process Customer Account Data as a controller for the purposes set forth in Section 2.2 (Modern Musician as a Controller of Customer Account Data) of this Addendum.
1.3 Customer Usage Data. Modern Musician will process Customer Usage Data as a controller for the purposes set forth in Section 2.3 (Modern Musician as a Controller of Customer Usage Data) of this Addendum.
2. Processing Activities.
2.1 Customer Content. Personal data contained in Customer Content will be subject to the following basic processing activities:
2.2 Customer Account Data. Personal data contained in Customer Account Data will be subject to the processing activities of providing the Services.
2.3 Customer Usage Data. Personal data contained in Customer Usage Data will be subject to the processing activities of providing the Services.
3. Duration of the Processing. The period for which personal data will be retained and the criteria used to determine that period is as follows:
3.1 Customer Content.
Services. Prior to the termination of the Agreement, (x) Modern Musician will process stored Customer Content for the Permitted Purposes until Customer elects to delete such Customer Content via the Services and (y) Customer agrees that it is solely responsible for deleting Customer Content via the Services. Modern Musician will (i) provide Customer thirty (30) days after the termination effective date to obtain a copy of any stored Customer Content via the Services; (ii) automatically delete any stored Customer Content thirty (30) days after the termination effective date; and (iii) automatically delete any stored Customer Content on Modern Musician’s back-up systems sixty (60) days after the termination effective date. Any Customer Content archived on Modern Musician’s back-up systems will be securely isolated and protected from any further processing, except as otherwise required by applicable law or regulation.
3.2 Customer Account Data. Modern Musician will process Customer Account Data as long as required (a) to provide the Services to Customer; (b) for Modern Musician’s legitimate business needs; or (c) by applicable law or regulation. Customer Account Data will be stored in accordance with the Modern Musician Privacy Policy.
3.3 Customer Usage Data. Upon termination of the Agreement, Modern Musician may retain, use, and disclose Customer Usage Data for the purposes set forth in Section 1.3 (Customer Usage Data) of this "Details of Processing", subject to the confidentiality obligations set forth in the Agreement. Modern Musician will anonymize or delete Customer Usage Data when Modern Musician no longer requires it for the purposes set forth in Section 1.3 (Customer Usage Data) of this "Details of Processing".
4. Categories of Data Subjects.
4.1 Customer Content. Customer’s end users.
4.2 Customer Account Data. Customer’s employees and individuals authorized by Customer to access Customer’s Modern Musician account or make use of the MFA Services or telephone number assignments received from Modern Musician.
4.3 Customer Usage Data. Customer’s end users.
5. Categories of Personal Data. Modern Musician processes personal data contained in Customer Account Data, Customer Content, and Customer Usage Data.
6. Sensitive Data or Special Categories of Data.
6.1 Customer Content. Sensitive Data may, from time to time, be processed via the Services where Customer or its end users choose to include Sensitive Data within the communications that are transmitted using the Services. Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting Customer’s end users to transmit or process, any Sensitive Data via the Services.
6.2 Customer Account Data and Customer Usage Data.
JURISDICTION SPECIFIC TERMS
1. Australia:
1.1 The definition of “Applicable Data Protection Law” includes the Australian Privacy Principles and the Australian Privacy Act (1988).
1.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law.
1.3 The definition of “Sensitive Data” includes “Sensitive Information” as defined under Applicable Data Protection Law.
2. Brazil:
2.1 The definition of “Applicable Data Protection Law” includes the Lei Geral de Proteção de Dados (LGPD).
2.2 The definition of “Security Incident” includes a security incident that may result in any relevant risk or damage to data subjects.
2.3 The definition of “processor” includes “operator” as defined under Applicable Data Protection Law.
3
. California:
3.1 The definition of “Applicable Data Protection Law” includes the California Consumer Privacy Act (CCPA).
3.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law and, for clarity, includes any Personal Information contained within Customer Account Data, Customer Content, and Customer Usage Data.
3.3 The definition of “data subject” includes “Consumer” as defined under Applicable Data Protection Law. Any data subject rights, as set forth in Section 8 (Data Subject Rights) of this Addendum, apply to Consumer rights. In regards to data subject requests, Modern Musician can only verify a request from Customer and not from Customer’s end user or any third party.
3.4 The definition of “controller” includes “Business” as defined under Applicable Data Protection Law.
3.5 The definition of “processor” includes “Service Provider” as defined under Applicable Data Protection Law.
3.6 Modern Musician will process, retain, use, and disclose personal data only as necessary to provide the Services under the Agreement, which constitutes a business purpose. Modern Musician agrees not to (a) sell (as defined by the CCPA) Customer’s personal data or Customer end users’ personal data; (b) retain, use, or disclose Customer’s personal data for any commercial purpose (as defined by the CCPA) other than providing the Services; or (c) retain, use, or disclose Customer’s personal data outside of the scope of the Agreement. Modern Musician understands its obligations under the Applicable Data Protection Law and will comply with them.
3.7 Modern Musician will implement and maintain reasonable security procedures and practices appropriate to the nature of the personal data it processes as set forth in Section 11 (Security) of this Addendum.
4. Canada:
4.1 The definition of “Applicable Data Protection Law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA).
4.2 Modern Musician will implement technical and organizational measures as set forth in Section 11 (Security) of this Addendum.
5. European Economic Area (EEA):
5.1 The definition of “Applicable Data Protection Law” includes the General Data Protection Regulation (EU 2016/679) (“GDPR”).
5.2 Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any GDPR fines issued or levied under Article 83 of the GDPR against the other party by a regulatory authority or governmental body in connection with such other party’s violation of the GDPR.
5.3 Customer acknowledges that Modern Musician, as a controller, may be required under Applicable Data Protection Law to notify a regulatory authority of Security Incidents involving Customer Usage Data. If a regulatory authority requires Modern Musician to notify impacted data subjects with whom Modern Musician does not have a direct relationship (e.g., Customer’s end users), Modern Musician will notify Customer of this requirement. Customer will provide reasonable assistance to Modern Musician to notify the impacted data subjects.
6. Israel:
6.1 The definition of “Applicable Data Protection Law” includes the Protection of Privacy Law (PPL).
6.2 The definition of “controller” includes “Database Owner” as defined under Applicable Data Protection Law.
6.3 The definition of “processor” includes “Holder” as defined under Applicable Data Protection Law.
6.4 Modern Musician will require that any personnel authorized to process Customer Content comply with the principle of data secrecy and have been duly instructed about Applicable Data Protection Law. Such personnel sign confidentiality agreements with Modern Musician in accordance with Section 6 (Confidentiality) of this Addendum.
6.5 Modern Musician must take sufficient steps to ensure the privacy of data subjects by implementing and maintaining the security measures as specified in Section 11 (Security) of this Addendum and complying with the terms of the Agreement.
7. Japan:
7.1 The definition of “Applicable Data Protection Law” includes the Act on the Protection of Personal Information (APPI).
7.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law.
7.3 The definition of “controller” includes “Business Operator” as defined under Applicable Data Protection Law. As a Business Operator, Modern Musician is responsible for the handling of personal data in its possession.
7.4 The definition of “processor” includes a business operator entrusted by the Business Operator with the handling of personal data in whole or in part (also a “trustee”), as defined under Applicable Data Protection Law. As a trustee, Modern Musician will ensure that the use of the entrusted personal data is securely controlled.
8. Mexico:
8.1 The definition of “Applicable Data Protection Law” includes the Federal Law for the Protection of Personal Data Held by Private Parties and its Regulations (FLPPIPPE).
8.2 When acting as a processor, Modern Musician will:
9. Singapore:
9.1 The definition of “Applicable Data Protection Law” includes the Personal Data Protection Act 2012 (PDPA).
9.2 Modern Musician will process personal data to a standard of protection in accordance with the PDPA by implementing adequate technical and organizational measures as set forth in Section 11 (Security) of this Addendum and complying with the terms of the Agreement.
10. Switzerland:
10.1 The definition of “Applicable Data Protection Law” includes the Swiss Federal Act on Data Protection.
11. United Kingdom (UK):
11.1 References in this Addendum to GDPR will to that extent be deemed to be references to the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018).
11.2 Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any UK GDPR fines issued or levied under Article 83 of the UK GDPR against the other party by a regulatory authority or governmental body in connection with such other party’s violation of the UK GDPR.
11.3 Customer acknowledges that Modern Musician, as a controller, may be required under Applicable Data Protection Law to notify a regulatory authority of Security Incidents involving Customer Usage Data. If a regulatory authority requires Modern Musician to notify impacted data subjects with whom Modern Musician does not have a direct relationship (e.g., Customer’s end users), Modern Musician will notify Customer of this requirement. Customer will provide reasonable assistance to Modern Musician to notify the impacted data subjects.
© All Rights Reserved
Modern Musician | StreetTeam | Music Relic Marketplace
P.O. Box 444, 9300 Conroy Windermere Rd,
Windermere, FL 34786, United States