The EU has introduced the General Data Protection Regulation (“GDPR”) on personal data and privacy. This regulation is being incorporated into UK law in a new Data Protection Act. Below we summarise the contents of the new regulations and your and our rights in this respect.
In order for MIPR to fulfil its function as a NR agent in the administration, management and collection of NR Income, we process personal data which relates to our clients and maintain information which may contain personal data such as:
Personal/contact information: names (including pseudonyms, trading names), gender, contact and address details, dates of birth and death. MIPR Database will include personal data of clients who are beneficiaries of or representing beneficiaries of performers and/or copyright holders.
Tax and Payment information: information relating to Tax domicile, relevant tax ID numbers, VAT numbers, details of MIPR client’s income, bank details.
Repertoire/Catalogue information: details of discographies, filmographies and other performing related activities.
Correspondence: information relevant to your specific enquiries.
Other: any other information you choose to provide to us or we obtain from various Copyright Management Organisation (CMOs) we work with on our clients’ behalf.
Typically the information described above is provided to MIPR by individuals when they appoint MIPR as the agent to collect the NR Income. However, in some cases, the above mentioned information are obtained indirectly by MIPR from clients professional advisors, received from individual CMOs or based on MIPR’s own research from widely available industry directories and websites.
MIPR is committed to fair and transparent processing and any individual requiring information as to where MIPR originated his/her personal data (including any public sources) may contact MIPR at any time.
MIPR will use the personal data as listed above to provide to CMOs in the UK and overseas to fulfil requirements for memberships with these CMOs and enable the CMOs to calculate royalties payable to our clients. Typically, this involves the exchange of data in the form of electronic files confirming personal information, tax residency status and other required information to enable the clients to become members of individual CMOs, submission of repertoire/catalogue information and required evidence.
MIPR will also use the contact details to provide clients with information on distributions received from CMOs. Clients’ banking details are used to make distribution payments.
We use the contact details of individuals from related organisations, industry stakeholders and other contacts in the ordinary course of conducting our function as an agent to collect from CMOs around the world in accordance with applicable law and regulations.
By law, MIPR may only process personal data where it has a legal justification, contractual obligation or requirement to do so.
In accordance with that law, MIPR processes personal data as described above because it is necessary for the purposes of MIPR legitimate interests and interest of its clients, namely to fulfil its function as an agent in accordance with applicable law and regulations and to conduct and manage our relationship with specific individuals and CMOs around the world. Where we use your personal data for MIPR legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests then we won’t use your personal data on this basis and may seek your specific consent.
If you have any concerns about our processing please do not hesitate to contact us.
Individuals whose personal data we process have certain rights in respect of that data, including:
(1) RIGHT TO INFORMATION AND ACCESS
You have the right to request access to the information that we hold about you.
In accordance with data protection laws, clients also have the right to receive a copy of any information we hold about them in connection with the performance of our contract with them. Upon request, MIPR will provide clients with copies of their personal data in a convenient format (via electronic means or otherwise).
(2) RECTIFICATION, ERASURE, AND RESTRICTION
You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. In responding to such requests, MIPR will communicate to the individual concerned the impact of such restrictions or deletions, for example, on MIPR ability to carry its work as the agent in respect of management, collection and distributions of the clients’ NR Income.
MIPR takes reasonable steps to ensure that the personal data it holds about you is accurate and up-to-date and we will comply with any requests to rectify any inaccurate data we may hold about you.
MIPR relies on the accuracy of information provided by its clients and will rectify any notified inaccuracies following a request by the individual concerned or its appointed representative. MIPR clients can access certain data we hold in respect of their personal, financial and royalty information via our client portal.
For clients who choose not to view their information in our portal can request information regarding personal, financial and royalty information in writing.
(3) RIGHT TO OBJECT
You have the right to object to MIPR using your information on the basis of its legitimate interests and the right to ask us not to process your personal data for marketing purposes, where relevant, no such activity has ever taken place. MIPR is committed to respecting individuals’ rights.
Requests by clients to make changes to their personal, financial, repertoire information and other should be made by post or email to the Media IP Rights Ltd, 60 High Street, Wimbledon Village, London SW19 5EE or by email email@example.com. We will comply with your requests unless we have a lawful reason not to do so. MIPR will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.
MIPR employs external IT consultants to provide support and development services in relation to MIPR’s systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
MIPR also uses third party providers. All such third parties are vetted by MIPR to ensure they provide adequate levels of security when processing data.
At the end of the distribution process, MIPR submits various payment instructions to its bank detailing the relevant member’s bank account details and the amounts to be credited. This is done in line with financial reporting regulations.
MIPR auditors are also given access to MIPR systems for the purpose of the audit only.
In some circumstance, MIPR may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce your and our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect information from unauthorised access or processing.
MIPR will take appropriate technical and organisational measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.
All documentation is stored in electronic format and stored on a database which is password and firewall protected and secured against attacks according to industry best practices.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, although MIPR strives to protect your personal data online, including through various measures, we cannot guarantee the security of any Internet communication or transmission. If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately.
Prior to introducing new systems or technologies relevant to the processing of personal data, MIPR will undertake the necessary impact assessments with a particular focus on any associated risks.
MIPR will only retain personal data for as long as is necessary to provide our services or for as long as we reasonably require retaining the information for our lawful business purposes or comply with a statutory or other legal requirement.
In the event of any breach of MIPR systems impacting on the security of a clients or any other individual’s personal data, MIPR will inform the affected client(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law.
If you are unhappy with the way in which MIPR processes your personal data, please contact us using the information provided below.
Please direct any comments or enquires relating to this policy to Media IP Rights Limited, 60 High Street, Wimbledon Village, London SW19 5EE UK or via email firstname.lastname@example.org.
From time to time we may change our data processing activities. We will notify you of any changes to this policy as required by law. We will also post an updated version on our website.