Personal Data Protection Policy
(LOPDP)

‍UMW RECORDINGS, INC. S.A.S. — RUC: 0993391921001
Legal Address: Av. Francisco de Orellana, Guayaquil 090512, Ecuador

‍
Version: 5.1  

Contact channels (Privacy): privacy@umwrecordingsinc.com

If you use other official emails, replace them with your own.

‍

1) Data Controller

UMW RECORDINGS, INC. S.A.S. (“ UMW ”, “ we ”) is the Data Controller of the personal data that is collected and processed through its websites, panel/platform, forms, APIs, integrations and customer service channels.

‍

2) Reach

This Policy applies to the personal data of:

• Artists, labels, managers, representatives, collaborators and payment recipients
• Panel/platform users (administrators and members)
• Website Visitors
• Business contacts (leads), partners and suppliers
• People who communicate with support, compliance, legal, or anti-fraud departments

UMW operates globally , so it can process data of holders located inside and outside of Ecuador, including scenarios with international transfers.

‍

3) Definitions (summary)

• Personal data: information that identifies or makes identifiable a person.
• Owner: person to whom the data belongs.
• Processing: any operation on data (collection, use, storage, transfer, deletion, etc.).
• Processor: third party that processes data on behalf of UMW (e.g., hosting, verification, support, etc.).

‍

4) Principles and demonstrated responsibility

UMW applies data protection principles (minimization, proportionality, purpose, security, confidentiality, among others) and maintains measures to demonstrate compliance (“accountability”), adjusted to the context, nature of the data and risks.

‍

5) Personal data that we process

Depending on the use of the service, UMW may try to:

5.1 Identification and contact

Names and surnames, stage name, email, telephone, country/city, address (if applicable), legal representative/company details (if applicable)

5.2 Account and authentication

User, credentials (encrypted/hashed passwords), security settings, access history, and relevant actions in the panel.

5.3 KYC / Identity Verification and Anti-Fraud (includes selfie)

‍

To prevent fraud, impersonation, abuse, and to protect payments/catalogs, UMW may request:

• Identity document (ID card/passport) and/or RUC (if applicable)
• Selfie and/or proof of life ( liveness )
• Supporting evidence (authorizations, declarations, forms, contracts, receipts)
• Technical risk indicators (e.g., IP address, approximate location, access patterns)

KYC Providers: UMW uses specialized providers such as Stripe Identity and Veriff for verification. These services may process data to validate identity and authenticity, under agreements and security measures.

Important: Selfies/liveness videos may involve biometric data , which may be considered sensitive data . Where applicable, UMW will request explicit consent and implement enhanced controls.

5.4 Payments, invoicing and settlements

Information required for payments/settlements: beneficiary, financial institution, type and number of account (if applicable), tax identifications, settlement/payment history, invoices/receipts.

5.5 Operational data for music distribution (catalog)

Metadata and release management: artists/collaborators, label, territories, dates, cover art, audio, splits/participations, performance reports (streams/sales), delivery history, takedowns, claims and associated evidence.

5.6 Technical data, cookies and security

IP, session identifiers, device/browser, logs, audit, performance metrics, essential cookies and (if applicable) analytical and/or marketing cookies.

5.7 Communications and support

Tickets, emails, chats, calls (if any), attachments and evidence provided to resolve incidents.

‍

6) Purposes of the processing

UMW processes personal data for:

1. Create and manage accounts and allow the use of the panel/platform.
2. Provide digital distribution services , including delivery to DSPs, quality control, updates, takedowns, and catalog operation.
3. Contract and administrative management , operational communications, support and dispute resolution.
4. KYC and fraud/abuse prevention , identity verification, security and protection of payments/accounts/catalogs.
5. Settlements, invoicing and payments , reconciliation, reporting and accounting/tax compliance (where applicable).
6. Legal compliance and attention to valid requirements of competent authority.
7. Marketing and commercial communications (newsletters, promotions, content), with an unsubscribe option.
8. Service improvement , analytics, stability, testing and development (with data minimization).

‍

7) Bases of legitimacy

Depending on the case, UMW processes data based on:

• Contract execution and pre-contractual measures
• Legal obligation
• Consent (e.g., marketing, non-essential cookies and, where applicable, biometrics)
• Legitimate interest (security, anti-fraud and operational continuity), with proportionality measures

‍

8) Data recipients and communications

UMW may disclose personal data, under necessity and contractual measures, to:

8.1 DSPs and Platforms

To execute the distribution, UMW shares the necessary information with DSPs/platforms (streaming services, stores and platforms that receive catalog and metadata).

8.2 Suppliers (in charge)

• KYC/anti-fraud verification: Stripe Identity, Veriff
• Payments: Stripe, PayPal and/or bank transfers (depending on the enabled method)
• Infrastructure/hosting/CDN/storage, email, monitoring, analytics and support: technology providers used by UMW (according to current configuration)

Suppliers act as data processors when they process data on behalf of UMW and are subject to confidentiality and security obligations.
In certain cases, some suppliers may act as independent controllers (for example, when managing their own regulatory obligations); in those cases, their policies will also apply.

‍

8.3 Authorities

UMW may disclose information as required by law or a valid request.

‍

9) International transfers

Due to the global nature of the service, data may be transferred or accessed from other countries , especially by DSPs and technology providers.

UMW applies reasonable measures to ensure an adequate level of protection, such as:

• contractual agreements with suppliers
• access control, encryption and security
• minimization of transferred data
• risk assessment of transfers where applicable

‍

10) Conservation (retention)

UMW retains data only for as long as necessary for the purposes described and applicable obligations. Operational references:

• Account and service: while an active relationship exists and a reasonable subsequent period for support, audit and disputes.
• KYC/anti-fraud: as long as necessary for verification and fraud prevention and for a reasonable subsequent period in the event of claims/incidents.
• Payments/accounting/billing: for the deadlines required by applicable regulations and defense against contingencies.
• Security logs: typically between 6 and 24 months , depending on criticality.
• Marketing: until you withdraw your consent or request to unsubscribe.

At the end of the allotted time, UMW deletes, anonymizes, or blocks data as appropriate.

‍

11) Security

UMW applies technical and organizational measures proportionate to the risk, including:

• access control by roles and least privileges
• encryption in transit (HTTPS/TLS) and, where applicable, at rest
• audit of access and relevant actions
• backups, continuity and incident recovery
• vulnerability and patch management
• staff training and confidentiality

‍

12) Rights of the data subject and how to exercise them

The data subject may exercise their rights (as applicable), including access, rectification/updating, deletion, objection, portability, limitation/suspension and revocation of consent .

How to request it from UMW:
Write to privacy@umwrecordingsinc.com with the subject line “Request for personal data”, indicating:

• full name, ID, email address associated with the account
• requested right and details
• supporting documents (if applicable)

UMW may request additional information to verify identity and protect the account.

Control Authority (Ecuador): If you wish to submit an application directly to the SPDP, there is a channel enabled by mail.

‍

13) Marketing: consent and opt-out

UMW may send marketing communications when there is an applicable legal basis (e.g., consent).
You can unsubscribe at any time by:

• "unsubscribe" link (if the email includes one), or
• Request to privacy@umwrecordingsinc.com

‍

14) Cookies and similar technologies

UMW uses cookies:

• Essentials: functionality and safety.
• Non-essential (analytics/marketing): activated according to configuration/consent where applicable.

You can manage them from the browser and/or from the preference center (if available).

‍

15) Automated decisions (anti-fraud)

UMW may use automated signals to detect fraud/abuse (e.g., unusual access, risk patterns) in order to protect accounts, catalog, and payments.

‍

16) Minors

The service is intended for adults. If the information concerns minors (for example, a minor artist being represented), UMW may require documentation of representation/consent.

‍

17) Changes to this Policy

UMW may update this Policy due to legal, technical, or operational changes. The current version will be available on UMW's official channels, indicating the date of the update.

‍