Privacy Policy

1. Data Controller & Processor Roles

The Services are operated by:

For customer account, billing and marketing data, AWC Music Services BV acts as the Data Controller.

For all workspace and Organization data (uploads, tracks, artist information, contracts, reviews, etc.), AWC Music Services BV acts as the Data Processor on behalf of the Organization (Label) using the platform.

2. Data We Collect

• • Signup Information: Name, Email address, Label/Organization name.
• • Account Information: Subscription plan, workspace settings, user roles.
• • Usage Data: Actions performed within the platform (e.g., uploads, reviews, signings) for analytics and reporting.
• • Payment Information: Handled securely by Stripe; MyLabelDesk does not store card data.
• • Communication Data: Emails or messages you send to us or receive from us (transactional and, if opted in, marketing).

3. How We Use Your Data

• • To provide and maintain the Services.
• • To create and manage your account and Organization workspace.
• • To process payments and invoices via Stripe.
• • To send service-related notifications and updates.
• • To improve security, prevent fraud, and comply with legal requirements.
• • If opted in: to send marketing or product updates.
• • To provide analytics and collaborative functionality to your Organization.

4. Legal Bases for Processing

• • Contract: to deliver the Services you signed up for.
• • Legitimate Interest: to maintain security and improve user experience.
• • Consent: for optional marketing communications.
• • Legal Obligation: for accounting or regulatory compliance.

5. Data Storage and Hosting

Data is hosted with trusted GDPR-compliant providers:

• • Supabase (EU/Global) – databases and authentication
• • Cloudflare R2 (EU/US) – storage of uploaded files
• • Netlify (Global) – frontend hosting
• • Stripe (Global) – payment processing
• • Google Workspace (EU/US) – email and communication

All subprocessors provide appropriate safeguards under the GDPR, including Standard Contractual Clauses for any transfers outside the EEA.

Customers will be notified in advance of any material changes to this subprocessor list.

6. Retention and Backups

• • Active account data is retained while the subscription is active.
• • After termination, data is retained for 30 days to allow restoration upon request.
• • Backups are encrypted and stored separately for up to 30 days before automatic deletion.
• • Payment and invoicing records may be retained longer for tax purposes.

7. Sharing of Data

MyLabelDesk does not sell or rent personal data.

Data may be shared only with:

• • Authorized subprocessors (see Section 5).
• • Legal authorities if required by law or court order.

8. Data Breach Notification

In the event of a personal data breach likely to result in risk to individuals, MyLabelDesk will notify the affected Organization and the competent supervisory authority within 72 hours and take all reasonable steps to mitigate impact.

9. User Rights (GDPR)

You have the right to: access, rectify, erase, restrict, or port your data, and to object to certain processing (including marketing).

You may also withdraw consent at any time for processing based on consent.

Requests can be sent to 📧 privacy@mylabeldesk.com.

We will respond within 30 days.

If you believe your rights have been violated, you can contact the Belgian Data Protection Authority (GBA):

Drukpersstraat 35, 1000 Brussels – https://www.gegevensbeschermingsautoriteit.be

10. Cookies & Tracking

MyLabelDesk uses only essential cookies required for authentication and core operation.

If analytics or marketing cookies are introduced in the future, explicit user consent will be requested.

11. Security Measures

• • Encryption in transit (TLS/SSL) and at rest.
• • Role-based access control (RLS).
• • Signed URLs for file access.
• • Regular monitoring and vulnerability management.

12. Automated Processing & AI Features

Certain features of MyLabelDesk may use automated or AI-assisted processing (e.g., metadata extraction, workflow automation, analytics).

No fully automated decisions with legal or significant effect on individuals are made.

13. International Transfers

Where data is transferred outside the EEA, MyLabelDesk relies on EU Standard Contractual Clauses and other approved mechanisms to ensure an adequate level of protection.

14. White-Label and Enterprise Processing

When MyLabelDesk operates under a white-label environment (e.g. customer's domain), all data within that environment is processed strictly on behalf of the Organization under the standard Data Processing Agreement (DPA) available on our website.

15. Changes to this Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or in-app notification before taking effect.

16. Contact

For privacy-related questions or to exercise your rights: