IMRO PRIVACY STATEMENT
Your Personal Data is important to you and protecting it and your privacy is a priority for us.
This Privacy Statement explains how we use your personal data and your rights in relation to that data, such rights being set out in the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 (together referred to herein as the “DPA”).
We use the expression “Personal Data” throughout this document. This means any information relating to an identified or identifiable individual. It includes any information that can identify you e.g. your name, address, phone number, IMRO Account Number, IMRO Member Number. etc;
Our Data Protection Officer can be contacted at email@example.com
WHO WE ARE & WHO WE WORK WITH
We are the Irish Music Rights Organisation CLG (“IMRO”, “we” or “us”) with company number 13321 and a registered business address at Copyright House, Pembroke Row, Lower Baggot Street, Dublin 2 D02 HW59.
IMRO is committed to protecting and respecting your privacy. For this reason, we have set out in this document information on the data we collect and process.
IMRO’s role is to ensure that music creators get paid when their songs are performed in public, included in a broadcast or cable programme service, or made available online. We collect and distribute royalties on behalf of those who own the copyright in musical works and as such collect royalties within Ireland on behalf of our own songwriter, composer and music publisher members (“Members”) and on behalf of members of the international overseas societies with whom we are affiliated (“Affiliate Societies”). We are also actively involved in the sponsorship and promotion of music in Ireland. IMRO is a registered Licensing Body under the Copyright and Related Rights Act 2000 as amended by the Copyright and Related Rights (Amendment) Act, 2004 and the Copyright and Related Rights (Amendment) Act, 2007 (together, the “Copyright Acts”) and grants a licence to users of musical works on behalf of the composers, authors and publishers of those works. IMRO is the data controller of personal data that it collects for its own business purposes.
We also administer on an agency basis:
OUR ROLE AS A DATA CONTROLLER
A data controller is someone who alone or jointly with others, determines the purposes and means of the processing of personal data. Accordingly, IMRO may hold some of your personal data in a data controller capacity. The type of personal data for which IMRO is a data controller, in addition to how and why that personal data is used, is outlined below.
OUR ROLE AS A JOINT DATA CONTROLLER WITH AFFILIATE SOCIETIES, CISAC, PPI AND MCPS/MCPSI
In relation to any processing activity, it is possible for more than one entity to be the Data Controller (on the basis that more than one entity may make decisions about the purposes for which, and means by which, such personal data is processed). Where two or more controllers jointly determine the purposes and means of the processing of personal data, they are joint controllers. Joint controllers must apportion data protection compliance responsibilities between themselves. A summary of such arrangements regarding the apportioning of data must be made available to Data Subjects, and IMRO’s arrangements in that regard can be summarised as follows:
Affiliate Societies & CISAC
IMRO is a membership based Collective Management Organisation (CMO), made up of songwriters, composers and music publishers (“Members”). As a result of Reciprocal Agreements entered into with Affiliate Societies, IMRO is in a position to licence music users (“Licensees”) for the use of the worldwide repertoire in Ireland. Likewise, those Affiliate Societies licence the use of the repertoire of IMRO Members in their home territories.
IMRO and its Affiliate Societies are members of CISAC. CISAC (www.cisac.org) – the International Confederation of Societies of Authors and Composers – is the world’s leading network of authors societies. CISAC protects the rights and promotes the interests of creators worldwide. Through IMRO’s membership of CISAC and via Reciprocal Agreements with one another, IMRO and its Affiliate Societies around the world are in a position to seamlessly represent creators across the globe, thus ensuring that royalties flow to authors for the use of their works anywhere in the world.
To facilitate this worldwide licensing of our repertoire, IMRO shares its Members Personal and works information. Affiliate Societies share likewise with IMRO. This information is shared using central database tools that are operated by CISAC or Affiliate Societies on the instructions of CISAC or Affiliate Societies themselves
IMRO and PPI agree that in relation to Personal Data the processing of which is jointly determined by IMRO and PPI, they are joint data controllers and when IMRO is processing Personal Data on PPI’s behalf, PPI will be the data controller and IMRO will be the data processor.
IMRO and MCPS/MCPSI agree that in relation to Personal Data the processing of which is jointly determined by IMRO and MCPS/MCPSI, they are joint data controllers and when IMRO is processing Personal Data on MCPS/MCPSI’s behalf, MCPS/MCPSI will be the data controllers and IMRO will be the data processor.
OUR ROLE AS A DATA PROCESSOR
A data processor is someone who processes personal data on behalf of a Data Controller. Accordingly, IMRO is a data processor for PPI and MCPS/MCPSI in respect of the obligations it performs under the Agency Agreements with these organisations.
WHO PPI ARE & OUR ROLE AS REGARDS PPI
PPI licences and distributes royalties on behalf of those who own the copyright in the sound recording of musical works.
Since the 1st of January 2016, IMRO administers the licensing and collection of music royalties for PPI, as PPI’s agent. PPI and IMRO administer two different copyrights and accordingly, separate royalties must be paid in relation to both copyrights. PPI is the licensing body that grants permission to users of recorded musical works on behalf of record producers (being PPI’s members) and shares the royalties arising thereon with performers. PPI’s address is 63 Patrick Street, Dun Laoghaire, Co. Dublin.
As part of our appointment as agent for PPI and in order for us to perform those agency services, PPI and IMRO share information relating to their music users, including the Licensees name, postal address, e-mail address, phone number and details of music performance particulars. We continually update that information and collect further information relating to PPI Licensees as part of our services to PPI (together the “PPI Information”). To the extent that PPI Information contains any personal data, PPI is the data controller of such data for purposes of the DPA and we are the data processor.
We use PPI Information on behalf of PPI to:
WHO MCPS/MCPSI ARE & OUR ROLE AS REGARDS MCPS/MCPSI
MCPS is the licensing body that grants permission on behalf of composers, songwriters and music publishers, for the reproduction of their music. Its address is 2 Pancreas Square, London N1C 4AG, United Kingdom.
MCPS, in conjunction with MCPSI, appointed IMRO as its sub agent to perform specific services on its behalf, and as part of our appointment and in order for us to perform those services, MCPS provided us with information relating to its Licensees, including the Licensees name, postal address, e-mail address, phone number and details of performance particulars and we have since then updated that information and collected further information relating to MCPS Licensees as part of our services to MCPS (together the “MCPS Information”). To the extent that MCPS Information contains any personal data, MCPS is the data controller of such data for purposes of the DPA and we are the data processor.
We use MCPS Information on behalf of MCPS and MCPSI to:
Information we collect from you
The information we collect from you reflects the business and contractual relationship between you and us.
We gather personal data through:
We ask that:
As a Music User and Licensee
When you apply for and enter into a Music Licence Contract with IMRO, PPI, or MCPS/MCPSI:
As a Member or prospective Member of IMRO or MCPS
You will also provide us with the following details for each of your copyright works:
By applying to work with us
By replying to a request for the provision of goods or services or solicitation of same
By applying for a travel grant:
By applying for sponsorship:
By signing up to competition entry
By signing up to a mailing list
By Visiting www.imro.ie
By visiting our Website we may automatically collect the following personal information:
WHY WE COLLECT THIS INFORMATION
We collect this information in order:
HOW WE USE THIS INFORMATION
THE LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
The legal bases for the processing of personal data are:
YOUR INFORMATION ON OUR WEBSITE
If you provide us with any information or communication specifically for the purpose of being published on the Website, we may publish this information on the Website without further notice to you. We have no obligation to you to publish or maintain any such information or communication. Any such information or communication will be considered non-confidential and non-proprietary, and by providing us with such information or communication you grant us an irrevocable licence and right to use, copy, store, reproduce, disclose, transmit, publish and distribute to third parties any such material for any purpose (including the right to sub-licence those rights). We will not be responsible or liable for the content or accuracy of any such information or communication. The views expressed by others on or via our Website do not represent the views of IMRO, PPI or MCPS/MCPSI.
IMPLICATIONS OF NOT PROVIDING YOUR PERSONAL DATA
If you do not provide the personal data we need, or help us keep your data up to date, we may not be able to continue to fulfil our membership contract with you and in the case of a music user, we will not be able to grant you a licence to use our repertoire or that of PPI and MCPS.
WHO WE SHARE YOUR INFORMATION WITH
In order for us to fulfil our duties and out contract with you, we must share your information with selected third parties including:
WEBSITE ACCESS, PASSWORDS AND TRANSMISSION OF INFORMATION
Where you have chosen (or where we have given you) a password which enables you to access certain parts of our Website, you are responsible for keeping the password confidential. We ask you not to share your password with anyone.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your information transmitted to our Website and you transmit that information at your own risk. Once we have received your information, we will apply procedures and use security features to try to prevent unauthorised access.
HOW LONG WE KEEP YOUR INFORMATION
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted as per our data retention policy.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (“EEA”)
We do not transfer Licensee data outside the EEA. However, if you are a Member of IMRO we may transfer your data outside the EEA.
As a Member of IMRO in managing your copyrights on a worldwide basis it is necessary for us to share some of your Personal Data with our Affiliate Societies around the world. This sharing is done on the basis of signed Reciprocal Agreements between IMRO and each of our Affiliate Societies. These provisions to protect your personal data when it is transferred to such countries will include:
More details in relation to international data transfers and the safeguards which can be implemented can be obtained on the EU Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
KEEPING YOUR PERSONAL DATA SAFE AND SECURE
We have implemented technical and organizational security measures to protect your personal data when it is being processed and stored by us.
WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR INFORMATION
You have the following rights:
Where our processing of your information is based on your consent to such processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by writing to IMRO, Copyright House, Pembroke Row, Lower Baggot Street, Dublin 2, D02 HW59 or by email to firstname.lastname@example.org and in each case marked for the attention of Data Protection Officer, IMRO.
You may lodge a complaint with Data Protection Commission by post to Data Protection Commission, Canal House, Station Road, Portarlington, Co Laois. R32 AP23 or by emailing email@example.com
You have the same rights in relation to your personal data for which any one of PPI or MCPS are the data controller, subject to the same conditions as set out above. If you wish to request a copy of your personal data for which any one of PPI or MCPS are the data controller, please submit that request directly to:
Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for those websites or policies. Please check the applicable policies before you submit any personal data to those websites.
CHANGES TO THIS PRIVACY STATEMENT
We may from time to time revise this Privacy Statement by amending this page. You will be bound by such revised terms current when you use the Website and you should therefore periodically check this page for any amendments we make. This version of the Privacy Statement is effective from 25 May 2018.
HOW CAN YOU CONTACT US
Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to IMRO, Copyright House, Pembroke Row, Lower Baggot Street, Dublin 2 , D02 HW59 or by email to firstname.lastname@example.org and in each case marked for the attention of Data Protection Officer, IMRO.