PRIVACY Policy of the recordJet Group

1. Overview and scope

This Privacy Policy provides information on how and for what purposes companies belonging to the recordJet Group (hereinafter “we”) process your personal data (hereinafter “you”) that you provide to us or that we collect about you in the course of our business activities.

This Privacy Policy is not exhaustive. In particular, our contractual terms (e.g. our General Terms and Conditions) may contain additional information regarding the processing of your personal data.

The following companies form part of the recordJet Group in particular:

• recordjet AG, Museggstrasse 37, 6004 Lucerne, Switzerland;
• recordjet GmbH, Torstrasse 60, 10199 Berlin, Germany.

“Personal Data” means any information relating to an identified or identifiable natural person.

2. Controller and Contact Details for Data Protection Matters

As the recordJet Group consists of several companies, the entity responsible for processing your personal data may vary. As a rule, the company of the recordJet Group with which you correspond, conduct business, or which refers you to this Privacy Policy in connection with an inquiry, contract or other correspondence is responsible for processing your personal data under this Privacy Policy.

Depending on the type of processing, the companies of the recordJet Group may act individually or jointly as controller or processor.

The names and contact details of the controller responsible for the processing are as follows:

If you have any questions regarding data protection, please contact us using the contact details above.

We have appointed the following data protection representative for the European Union (EU) and the European Economic Area (EEA):

3. Source and Categories of Personal Data

As a rule, we only process personal data that we receive from or collect about our users (e.g. artists, bands, labels), prospective customers, contractual partners (e.g. Spotify, Apple Music, Amazon Music, etc.) and visitors to our website in the course of our business activities.

To the extent permitted by law, we may also obtain certain data from publicly available sources (e.g. debt enforcement registers, commercial registers, the press, the internet) or receive such data from other companies of the recordJet Group, public authorities or other third parties.

If you provide us with personal data relating to other persons, please ensure that these persons are aware of this Privacy Policy. Please only provide us with such personal data if you are authorised to do so and if the personal data concerned is accurate.

Depending on the case, the personal data or categories of personal data we process include in particular:

• Personal and contact data (e.g. name, address, gender, date of birth, telephone number and e-mail address);
• Identification and background information (e.g. Swiss social security number, specimen signatures, language);
• Contract data that we receive or collect in connection with the initiation, conclusion and performance of contracts with you or third parties (e.g. services requested or used by you, as well as related behavioural and transaction data, financial data for payment purposes such as bank account details);
• Image and sound recordings (e.g. photos and videos; sound or voice recordings as part of the music of our users; recordings from video surveillance systems and recordings of telephone calls or video conferences);
• Transaction data (e.g., payment transaction data, details of your payment order and details of the payee or beneficiary and the purpose of payment);
• Information relating to employment (e.g. job title, employer);
• Communication data (e.g. content of e-mails, written correspondence, chat messages, social media posts, comments on websites, telephone calls, video conferences, identity verification data, metadata);
• Documentation data or data from your contacts with third parties (e.g. meeting minutes, file notes, references);
• Preference and marketing data (e.g. data relating to the use of our website or other digital services, data in connection with the marketing of services such as newsletter subscriptions and unsubscriptions, documents received and specific activities, personal preferences and interests);
• Public data that may be obtained about you (e.g. from registers, media or press sources);
• Data in connection with proceedings or investigations conducted by public authorities, administrative offices, courts, organisations or other entities;
• Data required for compliance with legal obligations; and
• technical data (e.g. IP address and other device identifiers, identifiers assigned to your device by cookies and similar technologies).

4. Purposes of Processing and Legal Bases

4.1 General Processing in the Context of our Business Activities

We process your personal data primarily for the purposes necessary in connection with our business activities and the provision of our services.

In particular, we process your personal data for the following purposes:

• to communicate with you, particularly in order to respond to your enquiries, to authenticate and identify you, for customer service and customer relationship management;
• for the performance of contracts, particularly in connection with the initiation, conclusion and performance of contractual relationships. This includes all data processing necessary or appropriate to enter into, perform and enforce a contract, such as processing required to decide whether and how we enter into a contract with you (including possible credit checks), to provide contractually agreed services, to invoice our services and for general accounting purposes, to process job applications (e.g. managing and evaluating applications, conducting interviews including the creation of personality profiles, obtaining references), to enforce contractual claims (debt collection, court proceedings, etc.);
• to provide our products and services, including our digital services (e.g. our website), and to evaluate and improve them;
• to invite you to events or to organise events to which we invite you;
• to inform you about new developments or to provide you with other information about our services;
• for customer relationship management and marketing purposes, e.g. to send you written and electronic communications and offers and to conduct marketing campaigns. These may concern our own offers or those of our advertising partners. In some cases, we may also process your personal data automatically in order to assess certain personal aspects (profiling) or to carry out a preliminary assessment of your request for a product or service. Profiling may particularly be used to provide you with targeted information about services;
• in connection with accounting, the archiving of data and the management of our archives;
• for statistical purposes;
• for training and professional development purposes: We may process your personal data in order to conduct internal trainings for our employees;
• in connection with the sale or assignment of claims, e.g. when we provide the acquirer with information regarding the reason for and amount of the claim and, where applicable, the debtor’s creditworthiness and conduct;
• for security purposes, in particular IT security and security of premises (e.g. video surveillance, access control systems, visitor lists, prevention and investigation of cyberattacks and malware, network and e-mail scanners, telephone recordings), as well as to prevent and investigate criminal offences (particularly property damage, vandalism and personal injury) and other misconduct, to conduct internal investigations, to prevent misuse, for evidentiary purposes, for fraud prevention analyses, for analysing log data relating to the use of our systems;
• in connection with restructuring or other corporate actions (e.g. due diligence, sale of a company, maintenance of share registers);
• to assert legal claims and to defend ourselves in legal disputes as well as in administrative or regulatory proceedings in Switzerland and abroad, including the assessment of litigation prospects and other legal, economic and related matters;
• to comply with our legal, regulatory (including self-regulatory) and internal requirements and rules in Switzerland and abroad, including compliance with orders issued by courts or public authorities;
• other purposes: we may process your personal data for other purposes necessary to safeguard our legitimate interests.

We process your personal data for the aforementioned purposes, depending on the circumstances, in particular on the basis of the following legal grounds:

• the processing of personal data is necessary for the performance of a contract with you or pre-contractual measures;
• you have given your consent to the processing of your personal data;
• the processing of personal data is necessary for compliance with a legal obligation;
• the processing is necessary to protect the vital interests of the data subject or another natural person; or
• we have legitimate interests in processing personal data. Our legitimate interests may include in particular:
• Interest in: maintaining good customer service, staying in contact and communicating with users even outside of contractual relationships; advertising and marketing activities; improving existing services and developing new services; fraud prevention; protecting users, employees and other persons as well as our data, trade secrets and assets; ensuring appropriate security (both physical and digital); ensuring and organising business operations, including the operation and further development of websites and other systems; business management and development; the sale or acquisition of companies, parts of companies or other assets; the enforcement of or defence against legal claims; compliance with German, Swiss and/or foreign law and other rules applicable to us.

4.2 When Visiting our Website

Each time you visit our website, a range of user information is collected and stored in the server log files. The information collected includes in particular the IP address, date and time of access, the time zone difference to GMT, the name and URL of the requested file, the website from which the access originates, the browser and the operating system used.

The collection of this data is technically necessary in order to display our website to you and to ensure its stability and security. This information is also collected in order to improve our websites and analyse its use.

4.3 E-mail, Telephone Calls and Video Conferencing

You may contact us using the e-mail addresses and telephone numbers provided by us. The personal data you transmit to us will be stored and processed in order to respond to your request.

If you contact us by e-mail, you authorise us to reply via the same channel. Please note that unencrypted e-mails are transmitted over the open internet. It therefore cannot be excluded that they may be viewed, accessed or manipulated by third parties. To the extent permitted by law, we shall not be liable for any damages that may arise in particular as a result of incorrect transmission, falsification of content or disruption of the network (interruptions, overload, unlawful interference, blocking).

Telephone calls and video conferences with us may be recorded. We will inform you of this at the beginning of the conversation. If you do not wish such conversations to be recorded, you may terminate the conversation at any time and contact us by other means (e.g. by e-mail or post).

4.4 Newsletter

If you subscribe to our newsletter, we may use your e-mail address and other contact details to send you the newsletter. The newsletter is sent via the e-mail marketing service provider MailChimp, a newsletter distribution platform operated by The Rocket Science Group LLC d/b/a MailChimp, Atlanta, USA. MailChimp’s Privacy Policy and other information can be found here: https://mailchimp.com/de/gdpr/ and https://www.intuit.com/privacy/statement/.

In connection with the distribution of our newsletter, we may also use open and click tracking. This allows us to determine whether and when a newsletter was opened and which links in the e-mail were clicked. This information is assigned to your newsletter recipient profile and is used in particular for statistical analysis and for optimising our newsletter content and our services.

In addition, we may use further tracking options. For example, specific identifiers (so-called campaign parameters) may be added to the links contained in the newsletter or linked to analytics tools in order to understand how users interact with our website after clicking on a newsletter link. These analyses particularly serve statistical purposes and the optimisation of our newsletter content and our services.

You may subscribe to our newsletter by giving your consent. The required information for transmission of the newsletter is your full name and your e-mail address, which we store after you subscribe. You may withdraw your consent and unsubscribe from the newsletter at any time. You may do so by clicking the link provided in each newsletter e-mail, by sending an e-mail to the e-mail addresses listed above, or by sending a letter to the postal addresses listed above.

4.5 Cookies and Other Third-Party Services

Our website may use cookies and other third-party services. Cookies are text files that are stored in the internet browser on the user's computer system or the user’s mobile device. A cookie contains a characteristic sequence of characters that allows for unique identification of the browser or mobile device when the website is accessed again. Cookies are used in particular to enable and simplify the use of our websites. Some features on our websites cannot be provided without the use of cookies (so-called technically necessary cookies). In addition, we use cookies/tools to analyse user behaviour on our websites, in particular for traffic analysis, and also for marketing purposes.

Other third-party services are services integrated into our websites, which may result in data relating to your use of our website and/or the third-party services being transmitted to the third-party provider (e.g. social media plug-ins, YouTube, etc.).

4.5.1 Technically Necessary Cookies

Technically necessary cookies are required for our website to function. Therefore, these cookies cannot be disabled in our systems. They usually record important actions such as the number of requests made, changes to your privacy settings or the completion of forms. You may disable these cookies in your browser; however, in this case some parts of our website may no longer function.

The legal basis for the processing of data through technically necessary cookies is our legitimate interest, particularly the interest in ensuring the functionality and improvement of our website.

4.5.2 Analytical and Marketing Cookies and Third-Party Services

Analytical cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our websites and improve the user experience. They help us understand which pages are most popular and how visitors move around our websites. Marketing cookies enable us to display advertising that is relevant to you. These cookies may remember that you have visited our website and share this information with other companies, including advertisers.

In our cookie settings (https://recordjet.com/de/cookies), you can see which specific analytical and marketing cookies and third-party services we use.

We have no influence over the data collection and processing by cookie providers and third-party service providers, as they are subject to said providers’ respective privacy policies. Further information on the purpose and scope of the data collection and processing by cookie providers or third-party service providers can be found in their respective privacy policies.

To the extent that we use analytical and marketing cookies or third-party services, we obtain your consent. The legal basis for such data processing is your consent as well as our legitimate interest, particularly our interest in ensuring the functionality and improvement of our website.

You may object to the use of cookies or third-party services (i) by selecting the corresponding settings in your browser, (ii) by using browser add-ons (e.g. “NoScript" http://noscript.net/) or (iii) by using cookie-blocking software (e.g. Ghostery).

4.6 Applications

You may submit your application for a position with us by post or e-mail. The application documents and all personal data provided to us in this context will be treated confidentially and will be processed for the purpose of handling your application. Unless you consent otherwise, your application documents will either be returned to you or deleted/destroyed upon completion of the application process, unless they are subject to a statutory retention obligation. The legal basis for processing your data is your consent, the performance of the contract with you and our legitimate interests.

5. Disclosure of Personal Data to Recipients and Transfers Abroad

5.1 Disclosure of Personal Data to Recipients

In addition to the data transfers to recipients expressly mentioned in this Privacy Policy, we may, where permitted, disclose personal data to the following categories of recipients:

• Service providers to whom we have outsourced certain services (e.g. providers of cloud-based services and applications that we use to provide our services, as well as other IT and hosting providers; external accounting services; debt collection services; photographers; banks, etc.) as well as other suppliers and subcontractors;
• other companies of the recordJet Group;
• our contractual partners;
• third parties that collect data about you via our websites;
• providers of software applications used by users and contractual partners in connection with our services;
• authorised representatives;
• credit reference agencies that store this data for the purpose of providing credit information;
• potential buyers or investors in the event of restructurings or other corporate transactions;
• insurance companies, auditors and advisors (e.g. attorneys);
• parties or counterparties in potential or actual legal proceedings;
• Swiss and foreign public authorities, regulatory authorities, police departments, public prosecutors, administrative offices or courts.

5.2 Transfers of personal data abroad

As a rule, we process your personal data in Switzerland and/or Germany.

However, in certain cases (e.g. when involving specific service providers or using certain software applications), your personal data may be transferred abroad, primarily to EU and EEA Member States, but in some cases also to other countries worldwide, in particular to the USA (mainly in connection with cookies, social media plug-ins and other third-party software applications).

If we transfer data to a country without adequate statutory data protection, we ensure an appropriate level of protection as required by law, by using appropriate contractual safeguards (particularly the so-called Standard Contractual Clauses of the European Commission), or we rely on statutory exceptions such as consent, the performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interest, personal data that has been made publicly available, or the necessity to protect the integrity of the data subjects. However, please note that data transferred abroad may no longer be protected by Swiss or German law, and that foreign laws and official orders may require the disclosure of such data to authorities or other third parties.

6. Data Retention

We process and store your personal data as long as necessary to fulfil our contractual and legal obligations, or for the purposes of for which the data was collected, or as long as there is another legal basis (e.g. statutory retention periods) for doing so.

Personal data that we hold in connection with a contractual relationship with you will be retained at least for the duration of the contractual relationship and for as long as applicable limitation periods for potential claims remain in force or contractual retention obligations apply.

As soon as your personal data is no longer required for the aforementioned purposes, it will generally be restricted, deleted or anonymised to the extent possible.

7. Your Rights

Within the scope of the data protection law applicable to you, and to the extent provided for therein, you have the right of information, rectification and deletion, the right to restrict or object to our processing of your personal data, as well as the right to request the release of certain personal data for the purpose of transferring it to another entity (so-called data portability).

Please note that we reserve the right to invoke the limitations provided for by law, for example where we are required to retain or process certain data, where we have an overriding interest in doing so (to the extent permitted by law), or where we require such data for the establishment and exercise of or the defence against legal claims.

If any costs are incurred on your part, we will inform you in advance.

If the processing of data is based on your consent, you may withdraw it at any time with effect for the future. However, the lawfulness of the processing conducted on the basis of your consent prior to its withdrawal remains unaffected.

The exercise of such rights generally requires that you provide proof of your identity (e.g. by providing a copy of an identification document if your identity is otherwise unclear or cannot be verified).

To exercise your rights, you may contact us at the addresses indicated in section 2 of this Privacy Policy (by post or e-mail).

In addition, every data subject has the right to seek judicial remedies or to lodge a complaint with the competent data protection authority.

• The competent data protection authority in Switzerland is the Federal Data Protection and information Commissioner (http://www.edoeb.admin.ch).
• Data protection authorities in the EEA can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, in particular to protect it against unauthorised or unlawful processing and to prevent the risk of loss, accidental alteration, unintended disclosure or unauthorised access.

However, like all companies, we cannot completely rule out data breaches, as certain residual risks are unavoidable.

As part of our security measures, we use firewalls, logging and encryption, maintain access control systems and have implemented further safeguards to ensure an adequate level of protection for personal data.

9. Changes to this Privacy Policy

We expressly reserve the right to amend this Privacy Policy at any time. If such changes are made, we will promptly publish the updated Privacy Policy on our website. The version published on our website shall be the applicable version at any given time.

1 April 2026