Privacy Policy

Your data is yours. We are its temporary custodians, not its owners. We collect only what we need, we are transparent about how we use it, and we will never exploit your trust for profit."

1. Introduction and Our Ethical Commitment

UMD Group ("UMD", "we", "us", or "our") believes that privacy is a fundamental human right, not a commodity to be traded. This Privacy Policy explains how we collect, use, and protect your information — but more importantly, it reflects our commitment to treating you and your data with respect and dignity.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

However, legal compliance is our minimum standard, not our goal. We aspire to a higher ethical standard that prioritises your interests over our convenience.

This policy is written in plain language because we believe you have the right to actually understand what happens with your information. If anything is unclear, please ask us — we will explain it.

2. Our Ethical Principles

Before we explain what we do with your data, we want to be clear about the principles that guide every decision we make:

• Data Minimisation: We only collect information we genuinely need. If we do not need it, we do not ask for it.

• Purpose Limitation: We use your data only for the purposes we told you about. We will never surprise you with unexpected uses.

• Transparency: We tell you exactly what we do. No legal jargon designed to confuse. No hidden practices buried in fine print.

• User Control: Your data belongs to you. You can access it, correct it, delete it, or take itvwith you. We make this easy, not difficult.

• Security by Design: We build privacy protection into everything we do, not as an afterthought.• Accountability: We take responsibility for protecting your data. When we make mistakes, we own them and fix them.

• No Exploitation: We will never sell your data, manipulate you with it, or use it against your interests.

• Community First: As a not-for-profit in transition, our mission is to serve artists and music culture — not to extract value from our community.

3. What We Will Never Do

Some practices are common in the digital world but conflict with our values. We make these explicit commitments to you:

We will NEVER sell your personal information to anyone, for any reason, under any circumstances.

We will NEVER share your data with advertisers or data brokers.

We will NEVER use dark patterns to trick you into giving up more data than you intended.

We will NEVER make it difficult for you to delete your data or unsubscribe from communications.

We will NEVER use your data to discriminate against you or make decisions that harm you.

We will NEVER collect data about you secretly or without your knowledge.

We will NEVER retain your data longer than necessary just because it might be useful someday.

We will NEVER require you to provide unnecessary personal information to access basic services.

We will NEVER use manipulative algorithms designed to exploit your psychological vulnerabilities.

We will NEVER share artist contact information with third parties for their marketing purposes.

4. About Underground Music Directive

UMD Group is a platform dedicated to promoting underground music culture, supporting emerging and established artists, and creating authentic live music experiences. We operate as an event organiser, content platform, and artist development service based in Sydney, Australia.

We are currently transitioning to a registered not-for-profit organisation. Our mission is to support artists, promote music culture, educate humans on working alongside AI, and ultimately reinvest surplus into accessible healthcare for all. This mission shapes how we handle your data: we are building a community, not a customer database to monetise.

5. Information We Collect (And Why)

We are transparent about every type of information we collect. For each category, we explain exactly why we need it.

5.1 Information You Give Us Directly

Contact Information (name, email, phone): So we can respond to your enquiries and send you event updates you requested. We ask for the minimum needed, usually just an email address.

Artist Applications (name, bio, links, music samples): So we can evaluate artists for our events and contact them about opportunities. Artists control what they share.

Event Registration (name, email, accessibility needs): So we can manage attendance and

accommodate your needs. We ask about accessibility because we want our events to be inclusive.

Subscription/Payment Information (billing details): Processed securely through Stripe. We never see or store your full card numbers.

Feedback (your messages to us): So we can improve and respond to you. We value your input and treat it respectfully.

5.2 Information Collected Automatically

When you visit our website, some information is collected automatically. We are honest about this:

Basic Analytics (pages visited, time on site): Helps us understand what content is useful. We use privacy-respecting analytics and do not track you across other websites.

Device Information (browser type, screen size): Helps us ensure our website works properly on your device.

IP Address: Used for security (preventing attacks) and general location (country-level only).

We do not use this to identify you personally.

What we do NOT do: We do not use invasive tracking technologies. We do not build detailed profiles of your behaviour. We do not track you across the internet. We do not use your data for targeted advertising.

5.3 Information from Events

Photographs and Video: Our events are filmed for promotional and archival purposes. We clearly signpost this at events. If you prefer not to be filmed, inform our staff and we will accommodate you where possible.

Attendance Records: Basic records of who attended which events, used only for event management.

6. How We Use Your InformationWe use your information only for purposes that benefit you or our community. Here is a complete list:

6.1 To Serve You

• Processing event registrations and sending you event details;

• Responding to your questions and requests;

• Providing the services you signed up for;

• Sending you updates you asked to receive (and making it easy to unsubscribe).

6.2 To Support Our Community

• Promoting artists who perform at our events (with their consent);

• Documenting underground music culture for archival purposes;

• Improving our events and services based on feedback;

• Building a supportive community around music.

6.3 To Operate Responsibly

• Complying with legal obligations;

• Protecting against fraud and security threats;

• Maintaining and improving our website.7. Special Protections for Artists

Artists are the heart of UMD. We have additional commitments specifically for artists who perform

with us:

Your contact information will never be shared with third parties for their marketing purposes.

You control your public profile — tell us what you want visible and what you want private.

Performance recordings are governed by your artist agreement, and you can request removal.

We will always credit you properly for your work.

If you ask us to delete your information, we will do so promptly (except where legally required to retain it).

We will never use your likeness or recordings in ways you have not agreed to.

Your booking history and fee information is confidential.

We advocate for artist rights and will never undermine your interests.

8. Who We Share Information With

We are extremely selective about sharing your information. Here are the only circumstances in which we share data:

8.1 Service Providers (Necessary for Operations)

We work with a small number of trusted service providers who help us operate. We only share what they need to do their job, and we require them to protect your information:

Stripe (payment processing): Sees payment information only. We never see your full card number.

Email provider (sending newsletters): Sees email addresses of subscribers only.

Website hosting: Technical access to operate our site, bound by strict data protection agreements.

Analytics (if used): Anonymised, aggregated data only — not personal information.

8.2 Legal Requirements

We may disclose information if required by law (such as a court order). However, we will:

• Notify you if legally permitted before disclosing your information;

• Challenge requests we believe are overreaching or unjust;

• Disclose only the minimum information legally required;• Never voluntarily cooperate with mass surveillance.

8.3 With Your Explicit Consent

We may share information in other circumstances, but only with your clear, informed consent. We will never assume consent or bury it in fine print.

9. How We Protect Your Data

We take security seriously and implement multiple layers of protection:

• Encryption of all data in transit (HTTPS/TLS);

• Secure, access-controlled storage with reputable providers;

• Regular security reviews and updates;

• Limited access — only people who need information can access it;

• Prompt response to any security incidents, with transparent notification if your data is

affected. No system is 100% secure. If we ever experience a data breach that affects you, we commit to notifying you promptly and honestly, explaining what happened, what data was affected, and what we are doing about it.

10. Your Rights (We Make These Easy).

You have rights over your data. Unlike many organisations, we make exercising these rights simple and free:

10.1 Right to Access

You can request a copy of all personal information we hold about you. We will provide this within 14 days (faster than legally required) in a common, readable format.

10.2 Right to Correction

If any information we hold is wrong, tell us and we will fix it promptly.

10.3 Right to Deletion

You can ask us to delete your data. We will do so within 30 days, except where we are legally required to retain it (such as financial records for tax purposes). We will tell you if any exceptions apply.

10.4 Right to Data Portability

You can request your data in a portable format (such as CSV or JSON) so you can take it elsewhere.

10.5 Right to Withdraw Consent

If you consented to something (like marketing emails), you can withdraw that consent at any time.

We will honour this immediately.

10.6 Right to Complain

If you are unhappy with how we handle your data, tell us. We want to fix problems. If you remain unsatisfied, you can complain to the Office of the Australian Information Commissioner (OAIC).

10.7 Right to Be Heard

We will listen to your concerns about privacy without dismissing them. Your feedback shapes our practices.

11. Cookies and Tracking

We believe in honest disclosure about cookies:

11.1 What We UseEssential cookies: Necessary for the website to function (e.g., remembering if you are logged in). These cannot be disabled.

Analytics cookies (optional): Help us understand how people use our site. You can opt out of these.

11.2 What We Do NOT Use

• Third-party advertising cookies;

• Cross-site tracking pixels;

• Social media tracking widgets;

• Any cookies that follow you around the internet.

12. How Long We Keep Your Data

We follow a principle of minimal retention — we delete data when we no longer need it:

Contact enquiries: Deleted after 2 years of no contact, unless you become an ongoing member of our community.

Newsletter subscriptions: Until you unsubscribe, then deleted within 30 days.

Event registrations: 2 years after the event for operational purposes.

Financial records: 7 years (legal requirement for tax purposes).

Artist profiles: Until the artist requests removal or 5 years after last performance.

Event photos/videos: Retained as cultural archive unless removal is requested and granted.13. Third-Party Platforms

We use third-party platforms (YouTube, Instagram, etc.) to share content. Once content is on these platforms, it is subject to their privacy policies — which, unfortunately, we cannot control.

We choose platforms carefully, but we acknowledge that large tech platforms have privacy practices that may not align with our values. We encourage you to review their policies and adjust your privacy settings on those platforms. If you want content featuring you removed from our third-party accounts, contact us and we will remove it where we have the ability to do so.

14. Children's Privacy

Our services are designed for adults (18+). We do not knowingly collect information from children. If a child attends our events, a parent or guardian must provide consent for any photographs or recordings.

If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

15. Artificial Intelligence and Automated Decisions

As an organisation committed to educating humans on working alongside AI, we have specific commitments about AI and your data:

• We will not use your personal data to train AI models without your explicit consent.

• We will not make significant decisions affecting you using purely automated processes without human review.

• If we use AI to assist with any services, we will be transparent about it.

• We will not use AI to manipulate, deceive, or exploit you.

• Any AI tools we use will be subject to the same privacy protections as our other systems.

16. International Data Transfers

Some of our service providers are based overseas (primarily the United States). When your data is transferred internationally, we ensure it is protected by requiring our providers to maintain security standards equivalent to Australian law.

We are transparent that international transfers carry some additional risk. We minimise this by limiting what data is transferred and choosing reputable providers.

17. Changes to This PolicyIf we change this policy, we will:

• Clearly explain what changed and why;

• Give you reasonable notice before changes take effect;

• Never reduce your rights without your consent;

• Make previous versions of this policy available so you can see what changed.

18. Our Accountability Privacy policies are only meaningful if organisations are accountable. Here is how we hold ourselves accountable:

Regular review: We review our data practices annually to ensure they align with this policy.

Breach notification: If we fail to meet these commitments, we will notify affected individuals promptly and honestly.

Community feedback: We welcome feedback on our privacy practices and take it seriously.

Public commitment: This policy is a public commitment. We can be held to it.

Leadership responsibility: Our founder takes personal responsibility for ensuring we meet these standards.

19. Contact Us

We welcome questions about privacy. Reach out anytime:

Underground Music Directive

General Enquiries: info@umdgroup.com.au

Location: Sydney, New South Wales, Australia

We aim to respond to privacy enquiries within 5 business days. For formal requests (access, deletion, etc.), we will complete them within 14-30 days depending on complexity.

20. Office of the Australian Information Commissioner

If you are not satisfied with how we handle a privacy matter, you have the right to complain to the

OAIC:

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

"Privacy is not about having something to hide. It is about having the right to choose

what you share, with whom, and on what terms.

We respect that right."

21. Acknowledgment and Consent

We believe in informed consent, not buried checkboxes. Here is how consent works on our

Website:

21.1 Browsing Our Website

By accessing and browsing our Website (umdgroup.com.au), you acknowledge that you have read and understood this Privacy Policy. Continued use of the Website constitutes acceptance of these terms. If you do not agree, please discontinue use of the Website.

21.2 Submitting Information

When you voluntarily submit information through our Website (such as contact forms, newsletter signups, artist applications, or event registrations), you explicitly consent to the collection and use of that information as described in this Privacy Policy. We will always tell you what information we are collecting and why before you submit it.

21.3 Newsletter and Marketing

We will only send you marketing communications if you have explicitly opted in (for example, by checking a consent box or entering your email in a subscription form). You can withdraw this consent at any time by clicking 'unsubscribe' in any email or contacting us directly. We will never pre-tick consent boxes or use confusing language to trick you into subscribing.

21.4 Cookies

When you first visit our Website, you will be presented with a clear cookie notice explaining what cookies we use. Essential cookies required for the Website to function will be enabled by default. Analytics and any optional cookies will only be enabled if you actively consent. You can change your cookie preferences at any time through our Website settings.

21.5 Event Attendance

When registering for events through our Website, you will be informed that events may be photographed and recorded. By completing registration, you consent to the possibility of appearing in event content. If you prefer not to be photographed, you may indicate this during registration or inform staff upon arrival.

21.6 Your Right to Withdraw

Consent is not permanent. You may withdraw your consent at any time by contacting us at info@umdgroup.com.au . Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal. We will action your withdrawal request within 5 business days.