Our Privacy Policy

INTRODUCTION

We appreciate the fact that you are parting with your personal data and that you trust our organisation with your personal data. The security of your personal data is of fundamental importance to us.

OUR SERVICES

Sudo Hits Ltd is a label services company that provides services such as Music Digital Distribution, Artist consultation, Content management, PR, Playlist Pitching and many more.

Sudo Hits Ltd will initially process your personal data to ascertain whether they can provide you with any of their services.

It is only once your video has been successfully reviewed by Sudo Hits Ltd that you will be invited to sign a service agreement with Sudo Hits Ltd.

PURPOSE OF THIS PRIVACY NOTICE

This is Privacy Notice is aimed at ensuring that you are aware of the categories of personal data we intend to process on your behalf; the reasons why we intend to process your personal (including sensitive data) and that we are in compliance with the General Data Protection Regulations (GDPR) as implemented in the UK as the Data Protection Act 2018.

Please read and acknowledge the following Privacy Notice relating to your personal data and your sensitive data. We want to bring this Privacy Notice to your attention at the time we are collecting your personal data from you.

CONTROLLER

For the purpose of the General Data Protection Regulations (the “Regulations”), the data controller (‘Controller’) is Sudo Hits Ltd, a company registered in England and Wales under company number 13266697 whose registered office is, Kemp House, 152-160 City Road, London EC1V 2NX.

Contact details for the ‘Controller’: datacontroller@sudohits.com

Name: Macram Ramba

YOUR PERSONAL DATA THAT WE PROCESS

We process the following personal data. This list is not exhaustive.

Personal Data

Special Categories of Personal Data

Full name

Signatures

Short names (nicknames)

Video (moving images)

Emails

Photographs

Email information

 

Home/Mobile Number

 

Address

 

Director details (if applicable)

 

Bank Details

 

Invoices

 

Financial information

 

LAWFUL REASONS FOR PROCESSING YOUR PERSONAL DATA

We will be processing your personal data (including sensitive data) for legitimate purposes. In order to ensure that you can:

  1. fulfil your contractual obligations with us;
  2. for legal obligation reasons;
  3. for reasons of vital interests;
  4. for legitimate interest reasons provided that this can be justified;
  5. you have provided us with your explicit consent.

Lawful Reasons for Processing Special Categories of Personal Data

SENSITIVE DATA – PURPOSE FOR PROCESSING

We will be processing your personal data (including sensitive data):

  1. in order that we can meet our obligations in the field of social security protection law;
  2. the processing is necessary for legitimate activities with appropriate safeguards in place;
  3. it is necessary due to substantial public interest reasons;
  4. processing is for archiving purposes;
  5. we have obtained your explicit consent.

This list is not exhaustive.

In the event that you do provide your name, your video and email in the ‘Submit a Video’ link to the website you will be required to provide express consent to Sudo Hits Ltd processing your video which will include special categories of personal data. It is only once Sudo Hits Ltd have reviewed your video and have agreed to provide you with their respective services further that you will enter into a contract with Sudo Hits Ltd.

You have the right to withdraw consent at any time by contacting the Controller.

UNABLE TO PROCESS PERSONAL DATA

In certain circumstances if we do not have your personal or sensitive data we will not be able to fulfil our obligations with you under your contract. Therefore if you decide not to part with your personal data this may lead to the termination of your contract with our organisation.

DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES

  1. In order for us to carry out our services on your behalf we may need to disclose your personal data and sensitive data to third parties.
  2. The reasons are would be:
    1. in order that we can fulfill our obligations towards you under our contract of services; and /or
    2. for legal or tax compliance reasons;
    3. for any other legal obligation purpose; or
    4. there is a legitimate interest present which can be justified.

The third parties are to be:

  • Tosedu Ltd
  • Batsford & Co
  • Dropbox
  • Xero Software
  • HMRC
  • Companies House (if applicable)
  • GoDaddy Outlook

This list is not exhaustive

ASSURANCES UNDER THE GDPR

Sudo Hits Ltd is committed to getting assurances from each third party processor that they are GDPR compliant.

NON-LIABILITY YOUR DISCLOSURE TO THIRD PARTIES

If you have provided your personal data voluntarily to the third party processors then the Controller accepts no responsibility regarding how this personal data will be processed by that third party processor.

OUR COMMITMENT TO PROCESSING YOUR PERSONAL DATA IN COMPLIANCE WITH THE GDPR

12.1 PRINCIPLE 1 – LAWFUL PURPOSE (ARTICLE 5 OF THE GDPR)

We will be processing your personal data for lawful reasons as outlined in clauses 6 and 7 of this Privacy Notice.

12.2 PRINCIPLE 2 – SPECIFIC PURPOSE & LIMITED (ARTICLES 5 & 6 OF THE GDPR)

We will ensure that any personal data (including sensitive data) that we process will be specific, legitimate and limited.

12.3 PRINCIPLE 3 – ADEQUATE, RELEVANT & LIMITED

We only want to process your personal data and sensitive data which is adequate, relevant & limited.

RETENTION

Any personal data we retain from you in the course of carrying out our contractual services with you will be retained by us for a period of time which ensures that we are in compliance with our legal obligations. For further information please contact the Controller and request our Retention Policy.

12.5 DURATION – RETENTION OF YOUR PERSONAL DATA

We will keep your personal data as follows:

  • for the duration of our business relationship with you; and
  • after any termination of any agreement for a period that does not exceed 6 years. The retention is required for tax and legal compliance reasons; or
  • in certain circumstances where further retention is required to comply with a legal obligation.

We will delete your personal data after the legal and tax requirement period has been fulfilled.

Please contact the Controllers for a copy of the ‘Retention Policy’.

12.6. PRINCIPLE 4 & 5 – ACCURACY OF YOUR PERSONAL DATA – PRINCIPLE 4 & 5 (ARTICLE 5 OF THE GDPR)

We want to ensure that your personal data is kept up to date.

If any of your personal data changes during the life-time of our business relationship with you, please kindly contact the Controller in order that your personal data can be amended.

We will not be responsible in any way for your failure to notify of us of any changes

to your personal data.

PRINCIPLE 6 – ENSURING SECURITY

We are committed to:

  • protecting the confidentiality, integrity and availability of the information we collect, stores, transfers and processes on your behalf in order that they meet the legal requirements.
  • For more information please refer to our Security Policy.
  • ensuring that actual or suspected breaches of information security are reported and investigated in accordance with our Breach Policy.

CONSENT

One of the lawful reasons for processing your personal data, is if you provide us with consent. If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data.

Please also note the following:

  • we want you to provide your consent explicitly and freely; and
  • in the event that you do provide consent you have the right to withdraw your consent at any time.

For further information please contact any of our Appointed Person(s) for the ‘Consent Policy’.

YOUR RIGHTS

While we keep your personal data you have the following rights:

  • Right to request access to your personal data, know as a ‘Subject Access Request’ (SAR)
  • Right to rectification of your personal data
  • Right to request your personal data to be transferred to another organisation (right to data portability). However, we do not have this facility
  • Right to object to the processing of your personal data (see right to object notice)
  • Right to erasure of your personal data
  • Right to restrict the processing of your of personal data
  • Right not to be a subject to automated decision-making process (including profiling). However, we do not have this facility
  • Right to be informed
  • Right to make a complaint to the ICO in the event you feel your complaint has not be handled by Grime Daily Ltd correctly

SUBJECT ACCESS REQUEST REQUIREMENTS

A SAR can be requested verbally by you, however in order for us to ensure that we can verify your ID we will require you to:

  1. complete a SAR Form. This form can be requested from any of the Appointed Person(s);
  2. return the SAR Form with a certified copy of your ID and also your 2 month’s utility bills. You can also attend the offices in order to verify your ID;
  3. We will not be under any obligation to provide you with any personal data unless your ID is verified.

SUBJECT ACCESS REQUESTS – TIME-SCALE

We aim to process the SAR within 1 month, however it may take a further 2 months. In which case if there is a delay, we will notify you of such delay in writing.

SUBJECT ACCESS REQUEST DETAILS

You can at any time request the following information from our organisation:

  • The full name(s) and contact details of who has been processing your personal data including name of the controller and any
  • Appointed Persons(s) responsible for processing the personal data;
  • A list of personal data & sensitive data which has been processed by the controller
  • If the personal data was obtained by a third party; details of such third party
  • Details of any recipients including third country details
  • The reasons why these forms of personal data have been processed (lawful reasons etc & compliance with key principles)
  • Sensitive data – consent – if not legitimate reasons for processing
  • Where the personal data has been located (third party/controller’s platform/computer system) including security
  • Retention Periods – the length of time your personal data will be processed
  • Compliance with the key principles which are disclosed in this privacy document
  • If your personal data has been processed outside the EU, details of any representative(s)
  • Your rights (object, restrict, erasure etc) which are listed in this privacy document
  • Your right to make a complaint to the Information Commissioner’s Office

RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA

You have the right to object to certain types of processing of your personal data such as:

  • for marketing purposes
  • for automated processing purposes
  • for profiling purposes

In the above cases, your explicit consent would be required by our organisation before we can actually process your personal data.

THIS RIGHT TO OBJECT DOES NOT APPLY IF:
  1. Our organisation needs to enter into a contract with you
  2. It is sanctioned by law (tax evasion or fraud)
  3. The agreement does not have a legal or equally important impact
  4. It is based around explicit consent and you have provided us with explicit consent

Please contact the Controller.

Complaints

In the event that you wish to make a complaint about how your personal data is processed by our organisation (or any third party listed in the privacy notice) then please make your complaint to the following:

Contact details for the ‘Controller’: datacontroller@sudohits.com

Subscribe now to the official Sudo Hits newsletter for exclusive news and content!

Note: Emails will be sent by or on behalf of Sudo Hits. You may withdraw your consent at any time.