Privacy policy

Drop, whose registered company name is Drop Digital Music Ltd (“Drop”, “we” or “us”) (data controller), registered address is Cambridge Road, Birmingham, England, B13 9UD and registered company number is 0848034, understands that its use of your information requires your trust. Drop is committed to the highest standards of data privacy and we want to help you understand how we collect and utilise your personal data for relevant purposes and inform you of your data protection rights. Our core values and business principles align with the GDPR and Data Protection Act 2018.

1. What information do we collect and how:

1.1 Through the methods of contacts you choose to use when when engaging with us, we may collect the following information through an array of sources:

a) – Information you provide through our processes including our business funding form and sources including websites;

b) – Information you provide through communicating with us. This includes formats such as writing (including by letter or email) or on the telephone;

c) – Information we obtain through your social media engagement on social media, including platforms such as Twitter, Instagram and Facebook; and

d) – Information provided by those who have engaged with us on your behalf in the ways that are highlighted above.

1.2 – There are cases where we obtain information from sources outside our organisation in order to help us conduct necessary business purposes. This information includes:

a) – Information and reports from databases such as marketing; and

b) – Information sources which are publicly available.

c) – Information and reports from credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers and other credit and insurance corporations;

1.3 – If you wish to use our services and platform, it is required you provide us with the following information, which we sometimes also collect from third parties:

a) Your personal details comprising of you name, date of birth, current and previous postal addresses;

b) Information that is used to contact you. This includes your phone and e-mail data;

c) Information of those who are acting on your behalf. This consists of certain personal data including identity verification, contact details and financial information about directors, shareholders, members, beneficial owners, partners and guarantors (other than yourself);

d) Information you provide through your interaction and engagement with our services and platform;

1.4 – Information about your business, including company name, names of all company directors, registered address, business type, annual turnover, years in operation, bank account details, any other personal information regarding your business you may choose to provide to support your application as well as personal credit information which takes into consideration;

a) Credit reference checks;

b) Electoral register information;

c) Fraud prevention information;

1.5 – If you provide information about other individuals that are involved in your business such as directors, shareholders, members, beneficial owners, partners and guarantors (other than yourself) then you must:

a) Confirm that they are aware of this privacy policy by providing a copy of it to them and certify that they understand the terms that are included; and

b) Confirm that you have all relevant consent and authority: (i) to make all those declarations; (ii) to act on their behalf; and (iii) to authorise credit checks to be performed.

1.6 – Using your information:

1.6.1 – We collect, manage, store and use your personal data:

a) To develop and improve our services and business, including analysing and our customer service offering;

b) To inform you of developments and/or changes to our products and services;

c) To enable us to process and submit the business funding form you have completed to our partners:

d) To help us find you the most appropriate product(s);

e) To enable us to contact you regarding your application or any inquiries;

f) To conform with our legal and regulatory obligations;

g) To conduct mandatory or other regulatory checks;

h) To carry out statistical analysis and market research to deliver timely market insights and specialist expertise;

i) To contact you with products as well as services which Drop think may interest you (at all times being mindful of your rights including your right to opt-out from receiving marketing from us);

j) To amend the records we hold about you from time to time;

k) For targeted and directed advertising through digital platforms and social media;

l) To verify your identity and the other details you have supplied to us, along with your bank account details and (if relevant) the identity of the associates under your business;

m) To implement and deliver our services and products; and

n) Comply with legal and regulatory obligations regarding the prevention and detection of fraud, money laundering, or other illegal or criminal activity.

1.6.2 – All information you provide to us is, as far as reasonably practicable, stored on our secure servers. We only allow access to colleagues and trusted partners.

1.7 – We will preserve and use your sensitive personal information when required to make decisions concerning you, your accounts with us, or any entities to which you are associated. Only in accordance with our legal obligations and rights will we process highly sensitive personal information. You will be notified of your right to withdraw your permission at any time, as well as the procedure for doing so, if this processing is done with your consent, at the time of data collection.

1.8 – As a result, we believe that the processing of your information as described above is in our legitimate interests to provide you with the services we deliver through our platform. We consider it to be proportionate and not detrimental to you in any way. It may be necessary for us to process your data to perform our contract with you, to comply with the legal obligations which we are bound by or to protect your vital interests. To use your personal data for agreed-upon, specified purposes, we sometimes rely on consent and in those circumstances we have processes in place to guarantee that we attain your informed consent.

1.9 – Disclosing and sharing your information:

1.9.1 – Personal information may be disclosed to:

a) With your prior consent, to any other individual;

b) To third parties including our partners, who may be in a position to assist arranging business funding for you;

c) With any third party you have asked us to share and dispense your personal data with, including social media platforms if you have informed us to connect with your social media account;

d) If we are mandated to by any governmental, tax, regulatory, or law enforcement body, applicable law and regulation;

e) To third parties if they acquire our business or assets as part of an acquisition or a successor in interest in the rare event of our insolvency, winding up, or liquidation.

1.9.2 – Your personal data is only processed on our behalf by third parties who are authorised to do so and we take steps to ensure that the transfer and any ongoing processing are conducted securely and in compliance with the applicable privacy laws.

2 –  Partnerships

a) If you meet the eligibility criteria set by our partners, you might be entitled to benefit from their finance options. Although we act independently, we have a partnership agreement with our partners. They will perform credit checks on you and necessary individuals that are involved in regards to your business in order to assess your eligibility for its products.

b) Your personal data will be shared with our partners for the purpose of determining your eligibility for finance which may include credit checks on your business as well as relevant shareholders and/or directors. We will request your consent before disclosing your personal information to our partners.

c) Before we make an application for finance on your behalf, you should read its privacy policy which sets out, amongst other things, how your data will be processed, managed and used as well as the credit searches that will be conducted.

2.1 – Fraud Prevention:

a) If you are offered funding from our partners, they will undertake identity checks and check your risk profile. Moreover, they will distribute your personal information with fraud prevention agencies. Please take note that, if we or our partners identify fraud, services and finance to you may be declined.

b) With regards to the processing of your data by our partners for the purpose of fraud prevention and detection, it is important to recognise that:

The personal information that will be collected from you (concerning all directors, beneficial owners, persons providing a personal guarantee) will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services and finance.

c) Further details of how your information will be used by our partners and these fraud prevention agencies, and your data protection rights, can be found by obtaining the full Cifas Fair Processing Notices for the Purpose of Fraud Prevention and Detection on their website. This will provide you with more information with how your personal information will be used.

2.2 – Commission:

a) We routinely work with partners and so we are entitled to receive a referral commission fee after referring businesses who want business funding to them.

2.3 – Principles of Data Protection – GDPR and Data Protection Act 2018:

2.3.1 – We will act in accordance with Data Protection Act  2018 (DTA) and General Data Protection Regulation (GDPR), which says that personal data must be:

a) Used lawfully, fairly and in a transparent way as stated in Article 5(1) of the GDPR and s.35(1) Data Protection Act 2018.

b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes as stated in Article 5(1)(b) GDPR and s.36(a) and (b) DTA 2018.

c) Relevant to the purposes we have informed you about and is necessary only to those purposes as stated in Article 5(1)(c) GDPR and s.37 DTA 2018

d) Kept up to date and accurate as stated in Article 5(1)(d) GDPR and s.38 DPA 2018.

e) Kept only as long as necessary for the purposes we have informed you about as stated in Article 5(1)(e) GDPR and 39(1) and (2) DPA 2018.

f) Kept and processed in a secure manner, ensuring appropriate security as stated in Article 5(1)(f) GDPR and s.40 DPA 2018.

g) A further principle – accountability – is added onto the Principles. We aim to guarantee compliance with the GDPR and DTA 2018. We have technical and organisational measures in place to demonstrate our compliance.

h) You also have the right to complain to the UK data protection regulator – the ‘ICO’ about how your personal data has been utilised.

2.4 – What we need from you:

a) You are responsible for ensuring the information you provide us, information that is provided by individuals that are part of your business, or information which is provided on your behalf is valid, accurate and not misleading. When updating your records, you are responsible to inform us of such changes to your details.

2.5 – Data Retention:

a) We will not keep your personal data for longer than is required for the purposes for which it was collected as well as for the purposes of satisfying our legal or regulatory requirements. We may retain data for longer in particular instances, such as on the occasion where a dispute has arisen. We’ll only use your personal information where we have a lawful reason to do so.

2.6 – The rights you are entitled to:

2.6.1 – The GDPR provides you with rights related to your personal information. These include:

a) The right to be informed – https://ico.org.uk/your-data-matters/your-right-to-be-informed-if-your-personal-data-is-being-used/

b) The right of access – https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/

c) The right to get your data corrected – https://ico.org.uk/your-data-matters/your-right-to-get-your-data-corrected/

d) The right to get your data deleted – https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/

e) The right to object to the use of your data – https://ico.org.uk/your-data-matters/the-right-to-object-to-the-use-of-your-data/

f) The right to limit how organisations use your data – https://ico.org.uk/your-data-matters/your-right-to-limit-how-organisations-use-your-data/

g) The right to data portability – https://ico.org.uk/your-data-matters/your-right-to-data-portability/

2.6.2 – If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: hello@drop.studio

2.7 – Cookies and links on our website:

2.7.1 – Cookies may be used on our websites. When cookies are used, a notification will be sent to your browser explaining their use.

a) Our websites may include links to other websites. Please read the privacy notices on those websites before issuing your personal details, since we are not liable and responsible for the content, security, or privacy policies imposed on those sites.

2.8 – Contact for further information:

a) Should you have questions or comments in relation to this privacy policy or the way your personal information is processed, please direct your correspondence to: hello@drop.studio

2.7 – Updates to this policy:

a) Changes we make to our privacy policy may be amended to reflect changes to our services, practices, regulatory requirements or applicable laws. Please refer to it regularly and inform yourself of any changes in this privacy policy to keep up to date.