Bandcamp – Privacy Shield Privacy Policy

Bandcamp, Inc. (“Bandcamp”) has subscribed to and will comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Information (as defined below) that is transferred from the European Economic Area (“EEA”) and Switzerland to the United States, respectively. Bandcamp has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between this Policy and the Principles, the Principles will govern. To learn more about the Frameworks, please visit www.privacyshield.gov.

This Privacy Shield Policy supplements our Privacy Policy. Capitalized terms used in this Privacy Shield Policy have the meaning given to them by our Privacy Policy, unless specifically defined in this Policy. This Privacy Shield Policy applies to Bandcamp, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Personal Data Received from the European Economic Area and Switzerland

Bandcamp may receive from the EEA and Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Principles. To the extent that Bandcamp receives Personal Information from the EEA and Switzerland in reliance on the Frameworks, Bandcamp will handle such Personal Information in accordance with the Principles.

Data Integrity and Purpose Limitation

Bandcamp may use the Personal Information it receives from the EEA and Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Information we process is relevant and reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks.

Onward Transfers

Our Privacy Policy describes the types of third parties that we may disclose your Personal information to, and the purposes of such disclosures. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Data Security

We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Choice

We will give you an opportunity to choose whether your Personal Information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where non-sensitive Personal Information is involved, and to opt in where sensitive Personal Information is involved.

Access to Personal Information

Our Privacy Policy sets forth methods by which you may access and/or submit requests to review, correct, update, suppress, or delete information from or about you. Bandcamp will comply with the Principles in its handling of such requests with respect to Personal Information.

Recourse and Enforcement

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of Personal Information in accordance with the Principles.

If an issue cannot be resolved through Bandcamp’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to the Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. ("JAMS"), which serves as Bandcamp’s third-party alternative dispute resolution provider located in the United States. For claimed violations of the Principles not resolved by these mechanisms, you may be able to invoke binding arbitration as detailed in the Principles.

Contact Information

If you have questions, concerns, or complaints about this Privacy Shield Policy or Bandcamp’s privacy practices, please contact us by email at support@bandcamp.com.

Privacy Shield Policy Changes

This Policy may be changed from time to time, consistent with the requirements of the Frameworks. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the bottom of this Policy. Any changes to this Policy will become effective when posted to our website.