PRIVACY POLICY

INTRODUCTION


We appreciate the fact that you are parting with your personal data and that you trust our organisation with your personal data. The security of your personal data is of fundamental importance to us.

OUR SERVICES


ODXC is a media platform and music studio involved in the promotion, advertising and marketing of musicians.

ODXC will initially process your personal data to ascertain whether they can provide you with any of their services.

It is only once your video has been successfully reviewed by ODXC that you will be invited to sign a service agreement with ODXC.

PURPOSE OF THIS PRIVACY NOTICE


This is Privacy Notice is aimed at ensuring that you are aware of the categories of personal data we intend to process on your behalf; the reasons why we intend to process your personal (including sensitive data) and that we are in compliance with the General Data Protection Regulations (GDPR) as implemented in the UK as the Data Protection Act 2018.

Please read and acknowledge the following Privacy Notice relating to your personal data and your sensitive data. We want to bring this Privacy Notice to your attention at the time we are collecting your personal data from you.

CONTROLLER


For the purpose of the General Data Protection Regulations (the “Regulations”), the data controller (‘Controller’) is ODXC Ltd, a company registered in England and Wales under company number TBC, whose registered office is, TBC.

Contact details for the ‘Controller’: Michael@odxc.co.uk
Name: Michael

YOUR PERSONAL DATA THAT WE PROCESS


We process the following personal data. This list is not exhaustive.

Personal Data    
Full name    
Short names (nicknames)    
Emails    
Email information    
Home/Mobile Number    
Address    
Director details (if applicable)    
Bank Details    
Invoices    
Financial information  

 

Special Categories of Personal Data

Signatures

Video (moving images)

Photographs

 
LAWFUL REASONS FOR PROCESSING YOUR PERSONAL DATA


We will be processing your personal data (including sensitive data) for legitimate purposes. In order to ensure that you can:

fulfil your contractual obligations with us;
for legal obligation reasons;
for reasons of vital interests;
for legitimate interest reasons provided that this can be justified;
you have provided us with your explicit consent.
Lawful Reasons for Processing Special Categories of Personal Data

SENSITIVE DATA – PURPOSE FOR PROCESSING


We will be processing your personal data (including sensitive data):

in order that we can meet our obligations in the field of social security protection law;
the processing is necessary for legitimate activities with appropriate safeguards in place;
it is necessary due to substantial public interest reasons;
processing is for archiving purposes;
we have obtained your explicit consent.
This list is not exhaustive.

In the event that you do provide your name, your video and email in the ‘Submit a Video’ link to the website you will be required to provide express consent to ODXC processing your video which will include special categories of personal data. It is only once ODXC have reviewed your video and have agreed to provide you with their respective services further that you will enter into a contract with ODXC.

You have the right to withdraw consent at any time by contacting the Controller.

UNABLE TO PROCESS PERSONAL DATA


In certain circumstances if we do not have your personal or sensitive data we will not be able to fulfil our obligations with you under your contract. Therefore if you decide not to part with your personal data this may lead to the termination of your contract with our organisation.

DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES

 

  1. In order for us to carry out our services on your behalf we may need to disclose your personal data and sensitive data to third parties.

  2. The reasons are would be:

    1. in order that we can fulfill our obligations towards you under our contract of services; and /or

    2. for legal or tax compliance reasons;

    3. for any other legal obligation purpose; or

    4. there is a legitimate interest present which can be justified.

  3. The third parties are to be:

  • Google Drive

  • HMRC

  • Companies House (if applicable)

  • WIX

  • MAILCHIMP

This list is not exhaustive

ASSURANCES UNDER THE GDPR


ODXC is committed to getting assurances from each third party processor that they are GDPR compliant.

NON-LIABILITY YOUR DISCLOSURE TO THIRD PARTIES


If you have provided your personal data voluntarily to the third party processors then the Controller accepts no responsibility regarding how this personal data will be processed by that third party processor.

OUR COMMITMENT TO PROCESSING YOUR PERSONAL DATA IN COMPLIANCE WITH THE GDPR


12.1 PRINCIPLE 1 - LAWFUL PURPOSE (ARTICLE 5 OF THE GDPR)
We will be processing your personal data for lawful reasons as outlined in clauses 6 and 7 of this Privacy Notice.

12.2 PRINCIPLE 2 - SPECIFIC PURPOSE & LIMITED (ARTICLES 5 & 6 OF THE GDPR)
We will ensure that any personal data (including sensitive data) that we process will be specific, legitimate and limited.

12.3 PRINCIPLE 3 - ADEQUATE, RELEVANT & LIMITED
We only want to process your personal data and sensitive data which is adequate, relevant & limited.

RETENTION
Any personal data we retain from you in the course of carrying out our contractual services with you will be retained by us for a period of time which ensures that we are in compliance with our legal obligations. For further information please contact the Controller and request our Retention Policy.

12.5 DURATION – RETENTION OF YOUR PERSONAL DATA
We will keep your personal data as follows:

for the duration of our business relationship with you; and
after any termination of any agreement for a period that does not exceed 6 years. The retention is required for tax and legal compliance reasons; or
in certain circumstances where further retention is required to comply with a legal obligation.
We will delete your personal data after the legal and tax requirement period has been fulfilled.

Please contact the Controllers for a copy of the ‘Retention Policy’.

12.6. PRINCIPLE 4 & 5 - ACCURACY OF YOUR PERSONAL DATA - PRINCIPLE 4 & 5 (ARTICLE 5 OF THE GDPR)
We want to ensure that your personal data is kept up to date.

If any of your personal data changes during the life-time of our business relationship with you, please kindly contact the Controller in order that your personal data can be amended.

We will not be responsible in any way for your failure to notify of us of any changes
to your personal data.

PRINCIPLE 6 - ENSURING SECURITY
We are committed to:

protecting the confidentiality, integrity and availability of the information we collect, stores, transfers and processes on your behalf in order that they meet the legal requirements.
For more information please refer to our Security Policy.
ensuring that actual or suspected breaches of information security are reported and investigated in accordance with our Breach Policy.


CONSENT


One of the lawful reasons for processing your personal data, is if you provide us with consent. If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data.

Please also note the following:

we want you to provide your consent explicitly and freely; and
in the event that you do provide consent, you have the right to withdraw your consent at any time.
For further information please contact any of our Appointed Person(s) for the ‘Consent Policy’.

YOUR RIGHTS


While we keep your personal data you have the following rights:

  • Right to request access to your personal data, know as a ‘Subject Access Request’ (SAR)

  • Right to rectification of your personal data

  • Right to request your personal data to be transferred to another organisation (right to data portability). However, we do not have this facility

  • Right to object to the processing of your personal data (see right to object notice)

  • Right to erasure of your personal data

  • Right to restrict the processing of your of personal data

  • Right not to be a subject to the automated decision-making process (including profiling). However, we do not have this facility

  • Right to be informed

  • Right to make a complaint to the ICO in the event you feel your complaint has not be handled by ODXC correctly


SUBJECT ACCESS REQUEST REQUIREMENTS


A SAR can be requested verbally by you, however in order for us to ensure that we can verify your ID we will require you to:

complete a SAR Form. This form can be requested from any of the Appointed Person(s);
return the SAR Form with a certified copy of your ID and also your 2 month’s utility bills. You can also attend the offices in order to verify your ID;
We will not be under any obligation to provide you with any personal data unless your ID is verified.


SUBJECT ACCESS REQUESTS – TIME-SCALE


We aim to process the SAR within 1 month, however it may take a further 2 months. In which case if there is a delay, we will notify you of such delay in writing.

SUBJECT ACCESS REQUEST DETAILS


You can at any time request the following information from our organisation:

The full name(s) and contact details of who has been processing your personal data including name of the controller and any
Appointed Persons(s) responsible for processing the personal data;
A list of personal data & sensitive data which has been processed by the controller
If the personal data was obtained by a third party; details of such third party
Details of any recipients including third country details
The reasons why these forms of personal data have been processed (lawful reasons etc & compliance with key principles)
Sensitive data – consent – if not legitimate reasons for processing
Where the personal data has been located (third party/controller’s platform/computer system) including security
Retention Periods – the length of time your personal data will be processed
Compliance with the key principles which are disclosed in this privacy document
If your personal data has been processed outside the EU, details of any representative(s)
Your rights (object, restrict, erasure etc) which are listed in this privacy document
Your right to make a complaint to the Information Commissioner’s Office


RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA


You have the right to object to certain types of processing of your personal data such as:

for marketing purposes
for automated processing purposes
for profiling purposes
In the above cases, your explicit consent would be required by our organisation before we can actually process your personal data.

THIS RIGHT TO OBJECT DOES NOT APPLY IF:


Our organisation needs to enter into a contract with you
It is sanctioned by law (tax evasion or fraud)
The agreement does not have a legal or equally important impact
It is based around explicit consent and you have provided us with explicit consent
Please contact the Controller.

COMPLAINTS

In the event that you wish to make a complaint about how your personal data is processed by our organisation (or any third party listed in the privacy notice) then please make your complaint to the following:

Contact details for the ‘Controller’: Michael@odxc.co.uk

You also have the right to make a complaint to the Information Commissioner’s Office (ICO).

The contact details of the ICO are as follows

Tel: 0303 123 1113

Please also request the organisation’s ‘Complaint’s Policy’ from any member of the organisation.

YOUTUBE TERMS OF SERVICE

This website embeds videos from YouTube.

Please see YouTube Terms of Service: https://www.youtube.com/t/terms

This website also uses YouTube API services to update YouTube video view counts. Please see YouTube API Terms of Service: https://developers.google.com/youtube/terms/api-services-terms-of-service

Please see Google privacy policy here: https://policies.google.com/privacy

ODXC. All rights reserved

Copyrights