GT Music Licences Ltd is a joint venture between Gramex and Teosto and is responsible for the sales, marketing, invoicing and customer service associated with the background music licenses issued by these copyright organisations.
GT Music Licences Ltd is committed to protecting your privacy and processing your personal data in accordance with the applicable data protection legislation. In this privacy statement, we explain how we process our customers’ personal data in our operations.
This privacy statement informs you who you can contact in matters related to the processing of personal data, what personal data we process and for what purposes, how long we retain the data and how you can influence the processing of your personal data.
We only process personal data that is necessary for the purpose of our operations. In our operations, we mainly process personal data related to our customers who use music in their operations and we process this data to grant licences for the use of background music and to monitor the contractual and legal compliance of the use.
1. Name and contact information of the controller
Copyright Society of Finnish Performing Artists and Phonogram Producers Gramex (Business ID: 0201196-9)
Finnish Composers’ Copyright Society Teosto (Business ID: 0117040-7)
1.1 Name and contact information of the controller
GT Music Licences Ltd (Business ID: 2647504-7)
Contact information: Keilasatama 2 A, 02150 Espoo, Finland, tel. 030 6705 030
If you have any questions about the processing of your personal data or wish to exercise your rights as a data subject, please use the contact details above to contact us. Any requests for information should be sent by e-mail to the e-mail address above.
2. Purpose of the processing of personal data and grounds for the processing
We process the personal data of our music user customers (companies, communities, traders and private persons who use music in their operations) for the establishment and maintenance of the customer relationship, compliance with the requirements of the Copyright Act, conclusion of music licensing agreements and the invoicing and collection of copyright royalties in accordance with them, other management and administration of the customer relationship, such as communication, and for other purposes related to the execution of rights and obligations under the Music License Agreement, such as the establishment, exercising and defence of legal claims. In these cases, the processing of personal data is based on a contract.
For the purposes of our operations, we also process the personal data of potential music user customers (so-called lead customers) in order to determine the need for a licence to use music, to react to possible infringements of rights and to enable us to contact the associated parties on the basis of a legitimate interest. To the extent that a lead customer becomes a user customer of music through the acquisition of a licence, we process personal data for the purposes described above.
We process personal data of the representatives of stakeholders related to our operations, such as partners (organisations and individuals) and societal influencers, in order to carry out stakeholder activities (such as communication, organisation of events, etc.).
We also process information obtained through feedback and other contacts for the development and quality control of our operations and in order to be able to contact the associated parties. We record calls between the GT Music Licences customer service personnel and the person calling the customer service phone number. These records are used to improve the quality of our customer service. The recording is carried out in securely in compliance with personal data legislation and the recordings will not be used for other purposes or disclosed to third parties. In these cases, the processing of personal data is based on a legitimate interest.
We also process personal data on the basis of our legitimate interest in analysing and developing our activities and services.
3. The personal data processed
We only process personal data that is necessary for the purposes of the processing. When collecting data, we try to tell you which data is mandatory, for example, for the conclusion of a contract, and which data you can provide voluntarily.
We typically process the following information about our music user customers:
- name, position, telephone number, e-mail address of the contact person/person in charge of the customer community and the entity represented by him/her
- name, date of birth, address, telephone number and e-mail address of a private customer
- the name and contact details of the venue and of the contact person of the holder of the licence to perform or permission to reproduce music
- the customer’s payables and receivables
- other information related to the venue, the licence to perform music and invoicing of copyright royalties
We typically process the following data about potential music user customers (leads):
- name, position, area of responsibility, telephone number and e-mail address of the contact person/person in charge of the customer community and the entity they represent
We typically process the following information about stakeholder representatives:
- name, e-mail address and telephone number of the person and the entity they represent
We typically process the following information in connection with feedback and contacts:
- the name and email address of the person who gave the feedback
- the content of the feedback. Data is mainly collected from the data subjects themselves in connection with a licence application or other contact. In addition, we may collect data about our music user customers from publicly available sources as well as from databases of authorities and private operators, such as Statistics Finland’s register data, the register data of the Finnish Patent and Registration Office, the registers of authorities (Valvira alcohol trade register), third parties maintaining customer data (LeadCloud/Leadventure Oy’s target group service), company websites and the media (e.g. news about new companies).
Cookies help GT Music Licences to improve the usability of its website and provide targeted up-to-date information about GT Music Licences’ services.
When you use our services on our website, GT Music Licences collects the following information via cookies:
The IP address of the site/server and domain/address from which the user came to the site, the network address to which the user navigates on the site or from the site, the type of links used and the content viewed, the time of the visit and the time spent on the site, the type of browser and application and other such information.
In addition to the cookies used on GT Music Licences websites, cookies can also be used to target advertising on third party sites (Google, Facebook, LinkedIn). Based on the information collected through these cookies and other technologies, our advertisements can be targeted to online users who are likely to be most interested in our advertisements based on their previous online behaviour and other factors. The targeting can also use behavioural data collected from websites other than ours.
whether the advertisement has been clicked on, how many times each advertisement has been displayed in the web browser, whether the advertisement has led to a purchase decision.
We use both session cookies and persistent cookies. Session cookies are stored for the duration of the session and are automatically deleted when the browser is closed. Persistent cookies remain for a set period of time and are stored on the user’s terminal device after the end of the session, unless deleted by the user.
Cookies do not affect data security and cannot spread viruses or malware. If you do not want cookies to be stored on your computer, you can block them. You can block cookies from your web browser’s settings. The deletion of cookies does not prevent the use of the musiikkiluvat.fi site, but the functionality of the site cannot be guaranteed. In any case, cookies must be enabled when you log in to the musiikkiluvat.fi online customer service. You can re-enable cookies any time.
For detailed information on the cookies we use, see the cookies page.
5. Disclosures and transfers of information
As a rule, personal data is not disclosed or transferred outside the EU or the EEA. However, such a transfer may sometimes be necessary for the technical implementation of our services, in which case we will ensure that the transfer is carried out in compliance with the safeguards set out in personal data legislation.
We disclose some necessary data related to customer data to our owners (Gramex and Teosto) for the purpose of their operations (such as monitoring the use of works based on the legislation on copyright and joint administration).
We may also disclose information to third parties for the performance of a contract (such as for debt collection purposes), to investigate violations of rights, and to establish, exercise and defend any legal claims.
If necessary, we will also disclose information to the authorities at their request. We will always inform the customer of such requests for information if it is permitted by law.
If we carry out corporate restructuring (such as business transfers and mergers), we may disclose your personal data to the parties to the restructuring.
We use subcontractors in the production of our services that include the processing of personal data. Therefore, we may transfer your personal data for the subcontractors for processing on our behalf. We have made contractual arrangements to ensure that these subcontractors are committed to protecting your personal data in accordance with legal requirements.
6. Principles of the protection of the register
A. Manual data
Manual data is archived in a locked space that has electronic access control.
B. Data stored in information systems
Access to the data requires a username and password. The login credentials change from time to time. Access to the data in the register is restricted by personal access rights.
The data network and the hardware in which the customer and personal data are stored are protected by a firewall, passwords and other appropriate technical measures. The backups are located in locked premises with appropriate access control and restricted access.
7. Storage period of personal data
GT Music Licences retains personal data for as long as is necessary for the aforementioned processing purposes, after which we will delete the data.
For example, we store the personal data of music user customers associated with licence agreements on music usage for as long as necessary to fulfil the rights and obligations arising from the agreement. As a rule, we store these personal data for six years after the end of the contractual relationship. We generally store the personal data of our lead customers for three years from the establishment of the lead, and store data on any changes in the status of the lead customer for three years from the change. If a lead becomes a user customer during this period, we will comply with the retention periods for user customers.
When the applicable legislation (such as accounting legislation), directly requires us to retain certain data, we will comply with such statutory retention periods.
8. Rights of the data subject
Right of access, right to rectification and right to erasure: The data subject has the right to access the data concerning themselves that has been stored in the register and the right to have any inaccurate concerning him or her rectified. The access and rectification can be done either by logging in to the musiikkiluvat.fi site yourself with the online service ID that you received or by submitting a written request to the above address or in person at the processor. The response to the access request will only be sent to the contact details in the registry. The data subject also has the right to request the erasure of their data (“right to be forgotten”) on the grounds provided by law.
Right to withdraw consent: To the extent that the processing is based on consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the legality of measures taken before the withdrawal.
Transfer of data: A data subject has the right to have the personal data that they have provided transferred to the extent that we process the personal data automatically on the basis of consent or a contract. Upon receiving the request, we will provide the personal data concerning the data subject in a machine-readable format.
The right to object to direct marketing and related profiling: A data subject may, at any time, object to the processing of their data for direct marketing and related profiling by contacting our customer service or by using the links in the message.
Right to object and right to restrict: A data subject has the right to object, on grounds relating to his or her particular situation, to processing of their personal data based on a legitimate interest. In such a situation, the processing is restricted for the time necessary to assess the grounds for objecting to the processing. The processing may also be restricted, for example, when the accuracy of the personal data is contested by the data subject, in which case the processing will be restricted for a period enabling us to verify the accuracy of the personal data.
Right to lodge a complaint with a supervisory authority: The data subject has the right to lodge a complaint with the competent supervisory authority regarding the processing of his/her personal data if the data subject feels that GT Music Licences has not processed the personal data of the data subject in compliance with the applicable legislation or has not duly responded to the data subject’s requests based on his/her rights.