Green Records Technology Privacy Policy

Effective on May 1st, 2024


Introduction


Green Records Technology (“GRT”), dba “Good Neighbor” is a sustainable record supply company that is committed to helping individual artists and labels improve their supply chains and reduce their carbon footprint. Collecting and processing personal data is core to our service so that we can manufacture and deliver custom products. GRT is committed to protecting your privacy and the privacy of children online.
This Privacy Policy explains how GRT collects, stores and processes your personal information when you interact with any of our services. This Privacy Policy, including our Cookie Policy, applies to the use our websites (“Sites”), buying records, packaging or other goods from us, or taking part in live, in-person testing events (“Events”), communications and services (collectively, the “Services”). We also explain how you can exercise your rights relating to your personal information, including the right to object to certain types of processing we carry out. This Privacy Policy covers our use of any information that can or could be used to identify you (‘Personal Information’). It does not cover information which cannot be used to identify you (“Anonymous Data”).


Data Controller and Contracting Parties


The legal entity responsible for the information that is collected through our Sites is Green Records Technology Inc. If you have any questions about this Privacy Policy, please email us at privacy@goodneighbormusic.com. You should also read our Terms of Service which sets out the standard terms of agreement between you and GRT when you use our Services.


Changes to this Privacy Policy


GRT (“we”, “our" or “us”) may modify this Privacy Policy at any time. When we do, we will update the ‘Last updated’ data on this Privacy Policy or, if the change is material, we will place a notice on our Appsand Sites by revising the link to read as ‘Updated Privacy Policy’ or similar terms for a reasonable period of time.If you object to any changes, you may delete your account or your personal information as described in How to Exercise Your Rights section below.You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your Personal Information is subject to the updated Privacy Policy, as of its effective date.


Children


Unless stated otherwise for a particular Service, children are not allowed to use the Services, and we do not knowingly collect Personal Information from them. We define “children” as follows:

  • Residents of the UK: anyone under 13 years old.
  • Residents of the EEA: anyone under 16 years old, or the age needed to consent to the processing of personal data in your country of residence.
  • Residents of the Republic of Korea, anyone under 14 years old.
  • Residents of other regions: anyone under 13 years old or the age needed to consent to the processing of personal data in that region.


If GRT discovers that a person younger than 18 has provided the Services with personally identifiable information, GRT will delete that person's personally identifiable information.


What is GRT?


GRT is a sustainable record supplier that provides finished goods for the music industry. Our Privacy Policy applies to any Customer, Vendor or Visitor of our Services, who may use our Services in the following ways:

  • Music Labels or Independent Artists (over 18 years old) to review our products, receive estimates/quotes for production runs, to receive test pressings, to receive production orders, to participate in listening events or marketing events.
  • Manufacturing Vendors to assess potential business opportunities and to provide GRT with goods and services.
  • Visitors to learn more about our company and offerings, to participate in in-person or digital record listening events and/or marketing events.
  • Partners to connect with values aligned community that shares our initiative to reduce the negative environmental impact of record production and reduce the industry’s carbon footprint.


1 The Personal Information We Collect & Why We Collect It


We need to collect and use certain Personal Information to provide the Services to you and fulfill the promises we make to you in the Terms of Service. The Personal Information we collect depend on how you interact with the GRT Services. You may interact with the GRT Services in any of the following ways: sending a request to our team through our online form, requesting quotes via email, placing orders for a production run, or, if you are a vendor, getting your vendor account set up with our account management team.


Why we collect your personal information and our legal basis for processing


We use the Personal Information we collect only when we have a valid reason and legal basis to do so.
We determine the legal bases based on the purposes for which we collect your information
The legal bases we rely on may include:


To provide a service you’ve asked for under a contract we have entered into, or which we are about to enter, or to provide a quote;

  • Where it is necessary for our legitimate interest provided that your interest and fundamental rights of freedoms do not override those interests;
  • Where we need to comply with a legal or regulatory obligation or to protect your vital interests
  • Where we ask for your consent to process your information for specific purposes and you have the right to withdraw your consent at any time.


1.1 The Data You Provide to Us


Most commonly, we use your personal information for the following purposes:


Creating a Customer Account, or Vendor Account

To create a customer account, you need to provide data including your name, email address and/or mobilenumber, your business address. If you decide to purchase products from us you will need to provide payment (e.g., credit card) and billing information. Select customers may be eligible for account facilities at the discretion of GRT management. These customers would need to provide credit information and federal tax identification number information.To create a vendor account, you will need to provide data including your name, email address, phone number, business address, federal tax identification number, banking information, and the contact information for your account manager.


Service Use


We log usage data when you visit or otherwise use our Services, including our Sites, such as when you view or click on content or perform a search. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.


Cookie Policy


We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:


Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.


Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. To delete existing flash cookies, click the tab on the right side labeled "Website Storage Settings". You'll see a list of websites. Click Delete Website or Delete All Sites to clear flash cookies.


Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).


Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies
    Type: Session Cookies
    Administered by: Us
    Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
  • Tracking and Performance Cookies
    Type: Persistent Cookies
    Administered by: Third-Parties
    Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or
    indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.


Messages  We collect information about you when you send, receive, or engage with messages in connection with our Services.


1.2 How We Use Your Data


Customer Services
We use your Personal Information, and the data we have about you to manufacture your custom order and personalize our Services. In order to manufacture and deliver products to you, we may share your Personal Information with our manufacturing Vendor partners. We do not provide your Personal Information to other Customers without your consent.


Communications
We will contact you through email, mobile phone, notices posted on our website or apps, and other ways through our Services, including text messages. We will send you messages about the availability of our Services, new product releases, reminders, and promotional messages from us and our Partners. You can opt out of receiving messages from us, except service messages including security and legal notices.


Advertising
We target (and measure the performance of) ads to Visitors and others both on and off our Services directly or through a variety of partners, using the following data, whether separately or combined: data from advertising technologies on and off our Services (e.g., pixels, ad tags, cookies, and device
identifiers; Customer-provided information (e.g., provide, contact information); data from your use of our Services (e.g., search history, click on an ad, etc.), information from advertisement partners, vendors and publishers;

Opt Out of Targeted Advertising and “Sales or Sharing” of Personal Information


Residents of certain jurisdictions, including Colorado, Connecticut, Virginia and Utah, have the right to opt out of targeted advertising and "sales or sharing" (as defined under applicable law) of their personal information. If you are in one of those jurisdictions, in order to exercise your right to opt out of targeted advertising or "sales" of your personal information, please email privacy@goodneighbormusic.com. California residents can review relevant information relating to California privacy laws below.


Corporate change:
GRT reserves the right to disclose and transfer user information, including personally identifiable information, in connection with a corporate merger, consolidation, restructuring, a sale of assets, or other fundamental corporate change.


1.3 Developing Services and Research


Service Development
We use data, including public feedback, to conduct research and development for our Services in order to provide you and others with a better more intuitive and personalized experience, improve our products, drive community growth and engagement on our Services.


Customer Support
We use data (which can include your communications) to investigate, respond and to resolve complaints and for Service issues.


2 Reasons we share your personal information
GRT does not share your personal information with others except as described in this Privacy Policy. We share your information as follows:

  • Service Providers: As with most companies, we use third-parties to help us provide GRT Services, such as IT and hosting providers or payment card processors. Some of these providers may process personal information on our behalf, for the purposes set out in this Privacy Policy.
    These providers are subject to contractual obligations governing privacy, data security and confidentiality. We also share personal information in some cases with our professional advisors and other service providers who are sometimes independent ‘data controllers’, such as lawyers,
    accountants and insurers, e.g. when enforcing our contract with you or in the event of claims against us.
  • Manufacturing Vendors: Some production runs require multiple components to be produced by a variety of manufacturers to produce a completed finished product. For these production runs, we may share your personal information to ensure that the product is made as per your order and that it is shipped to the accurate address.
  • Information Shared with Partners: We may share Anonymous Data with our Partners and third parties for industry and market analysis. We may share Personal Data with our Partners for data analysis and additional services, only if we have your express permission to do so. We may share Personal Data with our third-party publishing partners for their direct marketing purposes only if we have your express permission to do so.
  • Other companies within the GRT group. We may share your information with our group companies, including companies that we may acquire in the future, but only to the extent necessary to fulfil purposes set out in the Privacy Policy, or otherwise authorized by you. For
    example, our group companies assist GRT in the provision of customer support to our Partners.
  • Other legal or regulatory process. We may share your personal information if we believe it is
    reasonably necessary:
    • Where required by law;
    • To comply with legal process;
    • To permit us to pursue available remedies, including commencing or responding to any claims;
    • To enforce or apply the GRT terms;
    • To protect the rights, property, interests or safety of GRT, or employees, customers or users; or
    • For risk management purposes.

The categories of information we disclose and our legal basis for doing so depends on the circumstances, but generally it is to comply with legal obligations, to protect vital interest or act in our legitimate interest to provide a secure and safe service preventing fraud and unauthorized use of our products and services, violations of our terms and policies or other harmful or illegal activity and in protecting our and others’ rights, property and interests, and responding to legal requests from governmental and law enforcement agencies.

  • Information Disclosed in Connection with Business Transaction: Information that we collect from our users, including Personal Information, is a business asset. If we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Information, will be disclosed or transferred to a third party acquirer in connection with the transaction.
  • A note about aggregated data. We may derive aggregate data from your personal information and we may share this information in aggregated form with our Partners as part of our services. However, because this data has been through a process to de-identify personal information so that it can no longer be associated in the Partner’s hands with a person, the aggregated data cannot directly or indirectly reveal your identity to the Partner.
  • Limitation of Liability. GRT shall take commercially reasonable steps to prevent unauthorized access to data, however GRT shall not be responsible for the unauthorized access to or use of data by those parties we share your information with.


3 Keeping your information secure


GRT values your trust and maintains a comprehensive information security program designed to protect personal information using administrative, physical and technical safeguards.

The specific security measures used are based on the sensitivity of the personal information collected.
While we cannot guarantee that loss, misuse, or alteration of data will not occur, we have measure in place designed to protect against inappropriate access, loss, misuse, or alteration of personal information
under our control. For example:

  • The GRT security team periodically reviews our security and privacy practices and may enhance them as necessary to help protect the integrity of our system and your personal information
  • We use secure server software to encrypt personal information and we only partner with security companies that meet and commit to our security standards.

Some of the correspondence you receive from us may contain links to third-party website, online services or mobile applications that are not affiliated to or operated by us, including those of our Partners. We are not responsible and accept no liability for the content, security or privacy practices of those other operators. If you "click" on the link to a third party, the "click" takes you to a third party's web site or online content. These other web sites may set their own cookies, collect data, solicit personally identifiable information and/or have their own privacy policies.‍

GRT is HTTPS certified and uses Amazon Web Services security; however, no data transmission over the internet or electronic storage of information can be guaranteed to be 100% secure. Please note that GRT cannot ensure or warrant the security of any information you transmit to GRT, and you do so at your own risk.


4 Your rights to access your personal information


While some of these rights apply generally, certain rights apply only in limited cases based on your location (e.g. if you are based in the UK or EEA).

  • Right of access: You have a right to request access to your personal information and to be provided with a copy of your personal information, including the categories of personal information we collect and disclose.
  • Right of deletion: You have the right, in certain cases, to request that we delete your information, provided there are valid grounds for doing so and subject to applicable law. Please send an email to privacy@goodneigbormusic.com for information on how to delete your personal information.
  • Right of correction: You have the right to request that we correct inaccurate information about you, though we may need to verify the accuracy of the new data, including but not limited to, setting up a new in-person testing event that will need to be paid for by you or your coach or sports organization.
  • Right to object (legitimate interest): Where we process your personal information based on legitimate interest, you can object to this processing where you feel it impacts your fundamental rights and freedoms. Unless we have compelling legitimate grounds or where it us needed for
    legal reasons, we will cease processing your information when you object.
  • Right to object (marketing): You have the right to object to processing for direct marketing purposes at any time.
  • Right to transfer: You have the right to receive certain of your information in a structured, commonly used and machine-readable format to transmit such information to a third party.
  • Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your information by us, provided there are valid grounds for doing so.
  • Right to withdraw content: Where you have previously provided your consent, you have the right to withdraw consent at any time where we are relying on consent as the legal basis upon which to process your personal information. However this will not affect the lawfulness of the processing based on consent before its withdrawal.
  • Right to complain: If you are concerned that we have not complied with your legal rights or applicable privacy laws you have the right to lodge a complaint with your supervisory authority for data protection.
  • Rights relating to your child’s personal information. If you are a parent/guardian, under the Children’s Online Privacy Protection Act in the US (known as COPPA), you have certain rights over how we handle the personal data of your child. This includes a right to review, access or delete the personal information that has been collected by us (in our capacity as a controller) from that child, and to refuse at any time to permit the collection from that child of such personal data. If you withdraw your consent, your child may lose access to certain apps, and other digital services. We will advise you if this is the case at the time you withdraw your consent.
  • Notice to California Residents: California law grants you certain rights to receive information about the third parties, if any, with whom the Sites share personally identifiable information for those third parties' direct marketing purposes. As set forth below in this Privacy Policy, we comply with this law by not sharing your personally identifiable information with third parties for their direct marketing purposes unless you first affirmatively agree to the disclosure. For those California residents who want more information regarding our compliance with this law or your choices, please contact us at privacy@goodneighbormusic.com. You must include this Site as the subject line, and your full name, e-mail address, and postal address in your message. We will only respond to messages specifically requesting information regarding our compliance with this law or your choices, and those that include the above information. We will also only respond to a request from you one time per calendar year.


5 How to exercise your rights


If you want to exercise any of your rights you can email us at privacy@goodneighbormusic.com at any time. Before we process such requests, we may ask you to verify your identity (like by logging-in to your account or providing us with certain information). This is a security measure to ensure that personal information is not disclosed to any person who has not right to receive it. No payment is usually required to exercise your rights. However, we may request payment where allowed by law (for example, if your request is manifestly unfounded or excessive).


If you are a California resident, refer to the California resident section above for more information on your legal rights.


6 Our retention of personal information


You can delete some personal information whenever you like. GRT retains personal information for as long as necessary to fulfill the purposes we collected if for, or for other legitimate purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements or protecting our rights. Retention periods vary significantly depending on the different data types, the purposes for which they were collected and the context of our interactions with you. To determine the appropriate retention period we consider:

  • the amount, nature and sensitivity of the data;
  • the potential risk of harm from unauthorized use or disclosure of the data;
  • the purposes for which we process the data and whether we can achieve those purposes through
    other means;
  • applicable legal, regulatory, tax or accounting requirements

For example:


TYPE OF DATA: Customer Account Information

RETENTION PERIOD: Lifetime of the account. Certain account information is retained for accounting purposes for 6 years thereafter


TYPE OF DATA: Vendor Account Information

RETENTION PERIOD: Lifetime of the account. Certain account information is retained for accounting purposes for 6 years thereafter

7 International transfer of personal information


We transfer your personal information to in the following ways:

  • As we explain above, we share your personal information within the GRT group of companies, located in the US and in the Netherlands.
  • As we explained above, we use third-party service providers to help us provide GRT Services, such as hosting providers or payment card processors. Some of these providers, including their servers, are based outside the UK, Switzerland and EEA.
  • As we explained above, we also provide your information to Partners. Some of these Partners are based outside the UK, Switzerland and EEA.

Countries which are outside the UK, Switzerland and EEA may not offer the same level of data protectionas your home country. For example, there is currently no adequacy decision in respect of the United States. We use specific contracting frameworks approved by the European Commission which as designed to give personal protection essentially equivalent to that in the UK and EEA. We may also need to transfer your information to provide GRT Services to you in accordance with our existing agreements with you, such as our Terms of Service.


8 CCPA and GDPR PRIVACY

This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California. The General Data Protection Regulation (GDPR) is a European privacy law that became enforceable on May 25 and intended to harmonize data protection laws throughout the European Union (EU) by applyinga single data protection law that is binding throughout each member state.

CATEGORIES OF PERSONAL INFORMATION COLLECTED

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA or GDPR. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.

  • Category A: Identifiers.
    Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
    Collected: Yes.
  • Category B: Personal information categories listed in the California Customer Records
    statute (Cal. Civ. Code § 1798.80(e)).

    Examples: A name, signature, physical characteristics or description, postal address, email address, telephone number, driver’s license or state identification card number, credit card number, debit card number, or any other financial information, medical information. Some personal information included in this category may overlap with other categories.
    Collected: Yes.
  • Category C: Protected classification characteristics under California or federal law.
    Examples: Age (40 years or older), national origin, citizenship, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions),
    Collected: Yes.
  • Category D: Commercial information.
    Examples: Records and history of products or services purchased or considered.
    Collected: Yes.
  • Category E: Biometric information.
    Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, health, or exercise data.
    Collected: Yes.
  • Category F: Internet or other similar network activity.
    Examples: Interaction with our Service or advertisement.
    Collected: Yes.
  • Category G: Geolocation data.
    Examples: Approximate physical location.
    Collected: Yes.
  • Category H: Sensory data.
    Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
    Collected: Yes.
  • Category I: Professional or employment-related information.
    Examples: Current or past job history or performance evaluations.
    Collected: No.
  • Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
    Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
    Collected: No.
  • Category K: Inferences drawn from other personal information.
    Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    Collected: Yes.


9. CALIFORNIA RESIDENT RIGHTS and NOTICES (California Residents Only)


Notice at Collection and Notice of Financial Incentives You have the right to receive notice of the collection and categories of personal information and sensitive personal information collected, how its used, and whether its sold or shared under California law, and how long we retain your data.


Rights to Know, Correction and Deletion You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided
much of this information in this Privacy Policy. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. Under the CCPA, these rights are subject to certain exceptions: for example, we may need to retain your personal information to provide you with Times Services or to complete a transaction or other action you have requested. If your request is subject to one of these exceptions, we may deny your request.


Opt Out - “Do Not Sell or Share My Personal Information” To the extent we “sell” your personal information (as the term “sell” is defined under the CCPA), you have the right to opt-out of that “sale” on you have a right to opt-out from the “sale” or “sharing” of your personal information with third parties
who are not our service providers (as defined in the CCPA) by emailing privacy@goodneighbormusic.com with the subject line “California Resident - Do Not Sell or Share.”
Third party internet browsers may offer additional functionality in this regard.


We do not knowingly “sell” or “share” (as those terms are defined by the CCPA) the personal information of minors under 16 years old.


Limiting the Use and Disclosure of Sensitive Personal Information You have a right to limit GRT’s use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law by emailing privacy@goodneighbormusic.com with the subject line “California Resident - Do Not Share Sensitive Info”

Authorized Agents You can designate an authorized agent to make a request to exercise your rights under the CCPA on your behalf by providing the agent with written permission, signed by you and the agent, authorizing the agent to submit requests on your behalf. The signed written permission must be sent along with the request. GRT may contact you directly to verify your identity and agent’s permission  before we respond to the request.


Non-Discrimination You may exercise any of your rights listed in this section without fear of unlawful discrimination.

Record of Requests We keep a record of requests that we received from California residents.

California “Shine the Light” Privacy Rights You have the right to request certain information regarding disclosure of your Information to third parties for direct marketing purposes pursuant to Section 1798.83 of California Civil Code. You may request such by emailing privacy@goodneighbormusic.com with the subject line “California Resident – Shine the Light”


California Minors If you’re a California resident under 18 years old you can ask us to remove content or information you’ve posted to our Site or Service by emailing us at privacy@goodneighbor.com with “California Under 18 Content Removal Request” in the subject line and tell us what you want removed. GRT will make commercially reasonable efforts to remove such information from public view, although we cannot ensure the complete removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.


10. CONTACT US


If you have general questions or concerns about the GRT Services (such as trouble access your GRT App Account, bugs or other technical problems, please contact: privacy@goodneighbormusic.com.


GRT works hard to ensure that the processing of your personal information is carried out fairly and lawfully. If you have any questions regarding GRT privacy practices, need information or require assistance, please contact us at:


Attn: Chief Privacy Officer
Green Records Technology
4620 Magnolia Blvd #3
Burbank, CA 91505


Email: privacy@goodneighbormusic.com