Privacy Policy

Effective date: ____________________

1) Who we are (Data Controller)

This Privacy Policy explains how Waves GMT (“we”, “us”, “our”) processes personal data in connection with international music management services and related operations.

Registered address: 30 N Gould St Ste R
Sheridan, WY 82801
Info email: info@waves-gmt.com
Phone number: +39 351 1419860

2) Scope

This policy applies to personal data we process when you:

• visit our website or interact with our online services;
• contact us (email, phone, forms) or communicate with our team;
• work with us as an artist/talent, representative, business partner, supplier, or client;
• participate in events, tours, or business activities we coordinate.

If you enter into a contract with us, additional privacy terms may apply depending on the specific services and territories.

3) Personal data we collect

We may collect the following categories of personal data, depending on your interaction with us:

3.1 Contact and identity data

• Name, professional title/role, company/organization.
• Email address, phone number, and other business contact details.
• For artists/talent: stage name and professional identifiers used for operations.

3.2 Communications and inquiry data

• Messages you send to us, meeting notes, call summaries, and any attachments.
• Preferences and context you share (e.g., scheduling availability, project requirements).

3.3 Business relationship and contract administration data

• Contract references, deliverables, approvals, and operational checklists.
• Invoices, payment references, and accounting information (as applicable).
• Partner coordination data (venue contacts, promoter references, production details).

3.4 Technical and usage data (website)

• IP address, device and browser type, approximate location (derived from IP), and access timestamps.
• Cookie preferences and basic site performance data.

3.5 Special category (sensitive) data

We do not intentionally collect special category data (e.g., health, religion, political opinions). If you voluntarily provide such data and it is necessary for a specific purpose (for example, accessibility needs when arranging travel), we will process it with appropriate safeguards and only as permitted by law.

4) Where data comes from

• Directly from you (emails, calls, contracts, meetings, web interactions).
• From your representatives (e.g., managers, agents, lawyers) when relevant.
• From partners (labels, venues, promoters, distributors) as needed for a project.
• Public sources (e.g., official social channels) where appropriate for professional context.

5) Purposes of processing

We process personal data for the following purposes:

• Service delivery: to provide international management, coordination, and operational support.
• Communication: to respond to inquiries, schedule meetings, and manage relationships.
• Contract administration: to prepare, execute, and manage agreements and deliverables.
• Payments and compliance: to manage invoicing, accounting, and legal obligations.
• Security and integrity: to protect our systems, prevent fraud, and maintain auditability.
• Business improvement: to improve processes, quality, and website performance (where applicable).

6) Legal bases (GDPR/UK GDPR)

Where the EU/UK GDPR applies, we rely on one or more of the following legal bases:

• Contract — processing necessary to perform a contract or take steps at your request.
• Legitimate interests — operating our business, coordinating services, securing systems, and responding to requests.
• Legal obligation — compliance with recordkeeping, tax/accounting, and regulatory duties.
• Consent — where required (e.g., certain cookies, optional analytics, specific marketing).

When we rely on legitimate interests, we consider and balance the impact on your rights and freedoms.

7) Cookies & similar technologies

Cookies are small files stored on your device. Our website may use:

• Essential cookies — required for basic site functionality (e.g., remembering your cookie choice).
• Optional analytics cookies — used only if enabled, to understand usage and improve content.

You can manage cookies via your browser settings. If you block cookies, parts of the site may not work as intended.

8) Sharing & disclosure

We may share personal data with:

• Service providers acting on our instructions (e.g., hosting, email, document management, accounting).
• Professional advisors (e.g., legal, tax, auditors) where necessary.
• Business partners relevant to your project (e.g., venues, promoters, labels, distributors) where needed to deliver services.
• Authorities if required by law, court order, or to protect rights and safety.

We do not sell your personal data. We share only what is reasonably necessary for the purpose.

9) International transfers

Because we operate internationally, personal data may be processed in countries outside your country of residence. Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), or rely on an adequacy decision.

10) Retention

We keep personal data only as long as necessary for the purposes described in this policy, including legal, accounting, or reporting requirements. Typical retention logic is summarized below (actual periods may vary by contract and jurisdiction):

Category	Typical retention	Why
General inquiries	Up to 24 months	To respond, follow up, and maintain a record of communications
Client/partner relationship records	Duration of relationship + reasonable period	Contract administration, dispute handling, continuity
Accounting and invoicing records	As required by law	Tax/accounting compliance
Security logs	Short period unless needed	Security monitoring and incident investigation

11) Security

We implement reasonable technical and organizational measures designed to protect personal data. No method of transmission or storage is fully secure, but we work to reduce risk and maintain safeguards appropriate to the sensitivity of the data.

12) Your rights

Depending on your location, you may have rights such as access, correction, deletion, restriction, objection, and data portability. You may also have the right to withdraw consent (where we rely on consent) and to lodge a complaint with a supervisory authority.

• Access: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion where applicable.
• Restriction: request limitation of processing in certain cases.
• Objection: object to processing based on legitimate interests (subject to legal exceptions).
• Portability: receive data in a structured, machine-readable format where applicable.

To exercise rights, contact us (see Contact). We may need to verify your identity.

13) Marketing communications

If we send marketing communications, we will do so only where permitted by law. You can opt out at any time by following unsubscribe instructions in the message or by contacting us.

14) Children

Our services and website are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can take appropriate steps.

15) Additional information (California)

If you are a California resident, you may have additional rights under applicable state privacy laws. We do not sell personal information, and we do not share it for cross-context behavioral advertising as defined by some laws.

16) Changes to this policy

We may update this policy from time to time. We will revise the “Effective date” when changes are posted. Material changes may be communicated through the website or via direct notice where appropriate.

17) Contact

Waves GMT
Address: 30 N Gould St Ste R
Sheridan, WY 82801
Info email: info@waves-gmt.com
Phone number: +39 351 1419860

If you prefer, you may also provide a dedicated privacy contact (e.g., privacy@waves-gmt.com).