Privacy Policy

01 // Controller Information

Dexotec Music Group SE

Neubrückstraße 1, 40213 Düsseldorf, Germany
Board of Directors: Nika Smirnow, Finn Wiesmann
Email: legal@dexotecmusicgroup.com

02 // Data Categories

We process the following data categories during the Artist and Label Submission process:

/ Master Data: Names, artist aliases, email addresses.
/ Content Data: Audio files, cover art, lyrics, metadata (ISRC, UPC/EAN), project version, AI track flags, Territory / Availability, pre-save links.
/ Technical Data: IP addresses, submission timestamp, device identifiers, browser info, Cloudflare Access tokens.
/ Platform & Social Data: Spotify/Apple Music URLs, social media links, label information.
/ Submission Notes: Marketing strategy notes, general messages, optional additional content.

03 // Legal Basis (GDPR)

Processing is conducted under the following legal foundations:

Art. 6 (1) (b) GDPR: For the fulfillment of distribution agreements and handling of submissions.
Art. 6 (1) (c) GDPR: To comply with legal, tax, and accounting requirements (e.g., royalty reporting).
Art. 6 (1) (f) GDPR: Legitimate interest in maintaining the security and integrity of the portal via Cloudflare and related tools.

04 // Automated Data Collection

During submission via the Artist or Label Portal, the following data is automatically recorded: IP address, submission timestamp, device type, and browser information. These are used for contract verification, auditing, fraud prevention, and ensuring the integrity of the distribution process.

05 // Processors & Data Transfer

Your data is transferred to the following processors for operational reasons:

Cloudflare, Inc. (USA)

Provides security (Zero Trust) and content delivery. Data transfer to the USA is secured by EU Standard Contractual Clauses (SCC).

Formspree, Inc. (USA)

Facilitates the technical transmission of form data. Secured by DPA and SCC.

Distribution Partners / DSPs

Submitted content, metadata, and rights information are shared with DSPs (Spotify, Apple Music, YouTube, TikTok, etc.) solely for distribution, royalty reporting, and content delivery.

06 // Rights of the Data Subject

As a data subject, you have the following rights under the GDPR:

Right of Access (Art. 15)

Right to Rectification (Art. 16)

Right to Erasure (Art. 17)

Right to Restriction (Art. 18)

Right to Data Portability (Art. 20)

Right to Object (Art. 21)

07 // Data Retention

Personal data is retained as long as necessary for the purposes described above. Statutory retention periods (e.g., German Commercial Code/HGB) of up to 10 years apply to commercial records, contracts, and royalty reporting.

08 // Security Measures

We implement technical and organizational measures to protect data against unauthorized access, alteration, or deletion. All form submissions are protected by Cloudflare Zero Trust and secure transport (HTTPS).

09 // Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence (e.g., LDI NRW in Germany).

10 // Notes & Portal Usage

When submitting content, ensure that your cloud storage links (Google Drive, Dropbox, WeTransfer) are publicly accessible or shared with appropriate permissions. Incomplete or private links may prevent processing of your submission.