Personal Data Protection Policy (LOPDP)

Last Updated: January 05, 2026

UMW RECORDINGS, INC. S.A.S.RUC: 0993391921001
Legal Address: Av. Francisco de Orellana, Guayaquil 090512, Ecuador

1) Data Controller

UMW RECORDINGS, INC. S.A.S. (“ UMW ”, “ we ”) is the Data Controller of the personal data that is collected and processed through its websites, panel/platform, forms, APIs, integrations and customer service channels.

1.1 Privacy Officer / Data Protection Contact

UMW maintains an internal privacy contact responsible for receiving, coordinating, and escalating personal data requests, privacy incidents, supplier reviews, data access matters, and security-related concerns involving personal data.

Privacy contact: privacy@umwrecordingsinc.com

This contact channel may be used for data subject requests, privacy questions, correction or deletion requests, security concerns, and matters related to the processing of personal data by UMW.

2) Reach

This Policy applies to the personal data of:

  • Artists, labels, managers, representatives, collaborators and payment recipients
  • Panel/platform users (administrators and members)
  • Website Visitors
  • Business contacts (leads), partners and suppliers
  • People who communicate with support, compliance, legal, or anti-fraud departments

UMW operates globally , so it can process data of holders located inside and outside of Ecuador, including scenarios with international transfers.

3) Definitions (summary)

  • Personal data: information that identifies or makes identifiable a person.
  • Owner: person to whom the data belongs.
  • Processing: any operation on data (collection, use, storage, transfer, deletion, etc.).
  • Processor: third party that processes data on behalf of UMW (e.g., hosting, verification, support, etc.).

4) Principles and demonstrated responsibility

UMW applies data protection principles (minimization, proportionality, purpose, security, confidentiality, among others) and maintains measures to demonstrate compliance (“accountability”), adjusted to the context, nature of the data and risks.

4.1 Internal Record of Processing Activities

UMW may maintain internal records of personal data processing activities in order to demonstrate compliance, accountability, operational control, and legal traceability.

These internal records may include, where applicable:

  • categories of personal data processed;
  • purpose of processing;
  • legal basis or authorization relied upon;
  • categories of data subjects;
  • internal systems or departments with access;
  • third-party processors or recipients;
  • international transfers or external access;
  • applicable retention period;
  • security controls applied;
  • deletion, blocking, anonymization, or preservation criteria;
  • incident, audit, or compliance notes.

These records are maintained for internal compliance and legal protection purposes and may be updated as UMW’s services, systems, suppliers, legal requirements, or operational practices evolve.

5) Personal data that we process

Depending on the use of the service, UMW may process the following categories of personal data:

5.1 Identification and contact

Names and surnames, stage name, email, telephone, country/city, address (if applicable), legal representative/company details (if applicable)

5.2 Account and authentication

User, credentials (encrypted/hashed passwords), security settings, access history, and relevant actions in the panel.

5.3 KYC / Identity Verification and Anti-Fraud

UMW may require users, artists, labels, companies, payees, partners, or account administrators to complete identity verification through UMW Identity, UMW’s secure identity, business, payment, rights, and fraud protection layer integrated with UMW Core.

To prevent fraud, impersonation, payout abuse, money laundering risks, rights abuse, unauthorized catalog activity, and other misuse of the platform, UMW may request:

  • Official identity document, such as ID card, passport, driver’s license, residence permit, or equivalent government-issued document.
  • Selfie, facial match, and/or proof of life / liveness verification.
  • Company, tax, RUC, or business documentation where applicable.
  • Supporting evidence, including contracts, licenses, authorizations, declarations, rights ownership documents, invoices, receipts, catalog ownership evidence, or other materials required to confirm control of submitted music.
  • Technical risk indicators, such as IP address, approximate location, device data, access patterns, session activity, fraud-risk signals, and verification status.

UMW Identity may operate with secure third-party identity verification, fraud prevention, infrastructure, compliance, and data processing providers, where enabled, acting under contractual, confidentiality, security, and data protection obligations.

Important: Selfies, facial verification, and liveness checks may involve biometric data, which may be considered sensitive personal data under applicable law. Where required, UMW will request appropriate consent and apply enhanced safeguards.

5.4 Payments, invoicing and settlements

Information required for payments/settlements: beneficiary, financial institution, type and number of account (if applicable), tax identifications, settlement/payment history, invoices/receipts.

5.5 Operational data for music distribution (catalog)

Metadata and release management: artists/collaborators, label, territories, dates, cover art, audio, splits/participations, performance reports (streams/sales), delivery history, takedowns, claims and associated evidence.

5.6 Technical data, cookies and security

IP, session identifiers, device/browser, logs, audit, performance metrics, essential cookies and (if applicable) analytical and/or marketing cookies.

5.7 Communications and support

Tickets, emails, chats, calls (if any), attachments and evidence provided to resolve incidents.

6) Purposes of the processing

UMW processes personal data for:

  1. Create and manage accounts and allow the use of the panel/platform.
  2. Provide digital distribution services , including delivery to DSPs, quality control, updates, takedowns, and catalog operation.
  3. Contract and administrative management , operational communications, support and dispute resolution.
  4. KYC and fraud/abuse prevention , identity verification, security and protection of payments/accounts/catalogs.
  5. Settlements, invoicing and payments , reconciliation, reporting and accounting/tax compliance (where applicable).
  6. Legal compliance and attention to valid requirements of competent authority.
  7. Marketing and commercial communications (newsletters, promotions, content), with an unsubscribe option.
  8. Service improvement , analytics, stability, testing and development (with data minimization).

7) Bases of legitimacy

Depending on the case, UMW processes data based on:

  • Contract execution and pre-contractual measures
  • Legal obligation
  • Consent (e.g., marketing, non-essential cookies and, where applicable, biometrics)
  • Legitimate interest (security, anti-fraud and operational continuity), with proportionality measures

8) Data recipients and communications

UMW may disclose personal data, under necessity and contractual measures, to:

8.1 DSPs and Platforms

To execute the distribution, UMW shares the necessary information with DSPs/platforms (streaming services, stores and platforms that receive catalog and metadata).

8.2 Suppliers / Processors

UMW may disclose personal data, under necessity, security controls, and contractual safeguards, to service providers that support the operation of its services, including:

  • Identity verification, KYC, KYB, liveness, anti-fraud, risk review, account integrity, and compliance infrastructure used as part of UMW Identity.
  • Payment processing, billing, invoicing, refunds, disputes, reconciliation, chargeback review, account activation, and service payment infrastructure used for customer billing and paid UMW services.
  • Royalty payout support, payout verification, payee administration, payout reconciliation, tax documentation support, wallet verification where applicable, and payment execution through UMW’s approved payout infrastructure, including Airwallex where available, using supported payout methods such as PayPal, Payoneer, bank transfer, Mobile Wallets, or other payout methods approved by UMW in writing or made available through the dashboard.
  • Infrastructure, hosting, CDN, storage, email, monitoring, analytics, support, security, fraud prevention, compliance, and operational tools used by UMW according to the current configuration.

UMW may rely on contracts, data processing agreements, confidentiality obligations, supplier terms, security addenda, platform terms, compliance terms, or equivalent legal arrangements with processors and service providers that process personal data on behalf of UMW. UMW may update, replace, or add service providers when necessary for security, compliance, operational continuity, platform improvement, payment availability, payout availability, fraud prevention, legal requirements, or service delivery.

Important: The payment methods used by customers to purchase UMW services are separate from royalty payout methods used by UMW to pay eligible artists, labels, clients, or payees.

8.3 Authorities

UMW may disclose information as required by law or a valid request.

9) International transfers

Due to the global nature of the service, data may be transferred or accessed from other countries , especially by DSPs and technology providers.

UMW applies reasonable measures to ensure an adequate level of protection, such as:

  • contractual agreements with suppliers
  • access control, encryption and security
  • minimization of transferred data
  • risk assessment of transfers where applicable

10) Conservation (retention)

UMW retains data only for as long as necessary for the purposes described and applicable obligations. Operational references:

  • Account and service: while an active relationship exists and a reasonable subsequent period for support, audit and disputes.
  • KYC/anti-fraud: as long as necessary for verification and fraud prevention and for a reasonable subsequent period in the event of claims/incidents.
  • Payments/accounting/billing: for the deadlines required by applicable regulations and defense against contingencies.
  • Security logs: typically between 6 and 24 months , depending on criticality.
  • Marketing: until you withdraw your consent or request to unsubscribe.

At the end of the allotted time, UMW deletes, anonymizes, or blocks data as appropriate.

11) Security

UMW applies technical and organizational measures proportionate to the risk, including:

  • access control by roles and least privileges
  • encryption in transit (HTTPS/TLS) and, where applicable, at rest
  • audit of access and relevant actions
  • backups, continuity and incident recovery
  • vulnerability and patch management
  • staff training and confidentiality
  • MFA required for internal accounts with administrative access.
  • Periodic access reviews.
  • Separated access for support, finance, legal, distribution, and anti-fraud.
  • Encrypted backups.
  • Access logs for sensitive information.
  • Security Incident and Data Breach Response

12) Security Incident and Data Breach Response

UMW maintains an internal procedure to identify, assess, document, contain, escalate, and respond to security incidents involving personal data.

In the event of a suspected or confirmed personal data breach, UMW may take measures such as access restriction, credential reset, log review, affected system isolation, supplier escalation, evidence preservation, forensic review, legal/compliance review, user notification, and notification to the competent authority where required by applicable law. UMW may maintain an internal breach record including the date of detection, affected systems, categories of data involved, number or type of affected data subjects where known, likely consequences, containment actions, corrective measures, supplier communications, legal review, and final resolution.

Where applicable law requires notification to the competent authority or affected data subjects, UMW will evaluate the incident and proceed according to the applicable legal requirements, risk level, available facts, and official notification channels.

13) Data Subject Rights

The data subject may exercise their rights, as applicable, including access, rectification/updating, deletion, objection, portability, limitation/suspension, and revocation of consent.

How to request it from UMW:

Write to privacy@umwrecordingsinc.com with the subject line “Request for personal data”, indicating:

  • full name, ID, and email address associated with the account;
  • requested right and details;
  • supporting documents, if applicable.

UMW may request additional information to verify identity, protect the account, prevent unauthorized access, and confirm whether the request is valid under applicable law.

Control Authority in Ecuador: where applicable, data subjects may also contact the competent personal data protection authority through the official channels enabled by the authority.

14) Marketing: consent and opt-out

UMW may send marketing communications when there is an applicable legal basis (e.g., consent).
You can unsubscribe at any time by:

15) Cookies and similar technologies

UMW uses cookies:

  • Essentials: functionality and safety.
  • Non-essential (analytics/marketing): activated according to configuration/consent where applicable.

You can manage them from the browser and/or from the preference center (if available).

16) Automated decisions (anti-fraud)

UMW may use automated signals to detect fraud/abuse (e.g., unusual access, risk patterns) in order to protect accounts, catalog, and payments.

17) Minors

The service is intended for adults. If the information concerns minors (for example, a minor artist being represented), UMW may require documentation of representation/consent.

18) Changes to this Policy

UMW may update this Policy due to legal, technical, or operational changes. The current version will be available on UMW's official channels, indicating the date of the update.

Copyright © 2026 -2027 UMWRecordings, Inc. | All rights reserved.