Privacy protection

In addition to regulations for membership in Gramo or the agreement you have with us to use recorded music, we abide by the following rules and regulations:

Privacy protection:

The personal data act
EU's General Data Protection Regulation (GDPR 2016/679) – as long as it is part of Norwegian law

We refer to this as the personal privacy regulations.

Administering rights:

Use of cookies:

The act on electronic communication (ekomloven)

Why do we use your personal data?

We collect renumeration from those using recorded music in Norway, and pay them to the rights holders, according to the Copyright Act § 21. This gives us a legal liability to collect and treat your personal data, see personvernforordningen artikkel 6 nr. 1 bokstav c.

We do not use more personal data than necessary in order to manage your rights.

We use your personal data to:

Collect renumeration on your behalf for recordings you participate on or own.
Pay out remuneration and rapport it to the tax authorities, either previous or coming payments.
Control and document treating rights and remuneration in a correct way
Prevent and uncover possible fraud attempts and other criminal acts
Manage general services for members and customers

What personal data does Gramo use

We register several types of information depending on our relation to you:

Information on members of Gramo
Information on businesses using recorded music
Information on newsletter recipients
Information on visitors to our web pages

Information on Gramo's members

In order to protect your interests as a member, and to pay you remuneration, we need the following personal information:

Name and any artist name/previous name
Gender
Birth date and personal number
Address
Bank account number
Email address
Telephone number
Citizenship, country of birth and country of residence
Musical instrument and relation to band/orchestra/choir
Membership in Norwegian rights holders' organisations
Membership in foreign rights holder's organisations
Recordings you have rights for

The information in the list above must be submitted to us. Either in a membership application or in a following dialogue whit us.

In order to receive correct remuneration, it is important to keep the information updated.

If rights are inherited, we will register year of death for the one you inherit from.

Access and changes

The regulations on privacy protection gives you the right to access and to be able to change our information on you.

Do you need access or to change information?

Resignation and deletion

You have the right to resign and ask for your information to be deleted.

Do you wish to resign or delete information? – Contact us on 22 00 77 80 or medlem@gramo.no.

We need to keep certain information

The law requires us to keep certain information. If you ask us to delete information in you, we need to keep the following:

Name and any artist name
Birth date
Country (citizenship, country of residence, country of birth)
Relation to band/orchestra/choir
Recordings

In addition, we need to keep information on all payments for ten years, in order to meet and assist your interests in any demands on information from the tax authorities.

Exchange of information on rights holders with other partners

Your name and birth number/company register number will be shared with rights holder's organisations you are registered member of. This is done in order to quality-assure the correct information, with the intent to decide members with voting rights and power of attorney for the general assembly in Gramo, se our statutes.

We also collect information on enterprises and businesses from Brønnøysundregistrene.

Information on businesses using music

We store the following information on businesses using recorded music:

Company register number
The name of the enterprise
Postal address and office address
Trade
The enterprises contact(s) - name, email address and telephone number
Information on customer premises – size, opening hours and other parameters, see remuneration tariffs
Information on play (background and non-background music)
This is information we use in order to decide the invoices, and to collect remuneration

We collect information on enterprises and companies from Brønnøysundregistrene and commercial reference books. For example, accounting and information on start-ups.

Information on newsletter recipients

From time to time we send newsletters and information to our members, rights holders and anyone with an interest in Gramo's activities.

We use Mailchimp to reach several email recipients at once.

If you sign up for our newsletter, we only store your email address and what kind of newsletter you would like to receive.
As a member we store name and information on your membership type.

We do not exchange the mailing list with anyone.

Unsubscribe from newsletter

You may at any time unsubscribe from our newsletter. You will be deleted from

the mailing list.

A link for unsubscribing is at the bottom of the newsletter.

You may at any time resubscribe to our newsletter.

NB! Even if you unsubscribe from the main newsletter, Gramo will still send out information as a rights holder and Gramo member, and if necessary, information regarding you and your membership, such as rights, payments, use of Min Side, and the general assembly, via email.

Information on visitors to our web pages

HTTP cookies

A cookie is a small block of data everyone surfing the Internet might receive from the visited web pages. They are stored in the browser of the unit you use when visiting our web pages.

We utilise some necessary HTTP cookies the web pages need in order to function.
We also utilise some optional HTTP cookies used to gather information on how the web pages are used. This in order to build better web pages based on the use.
We do not utilise cookies gathering information for use in advertising or marketing.
We do not share the information with others.

Web statistics and use case

The cookies give us the opportunity to store statistics and map use cases in order to customize the use of the web pages for you. Partly by changing the content and making the navigation easier, as well as storing specific settings and preferences to adjust it for your next visit.

Information we use for statistics and mapping of use could be:

Which operating system and browser is used
What languages are the browsers set to
Which countries are the web pages visited from
Which web pages are being visited
Which links are being clicked
Where the traffic comes from. If it is through links from search engines, social media, newsletters or other websites.

We do not share data with other actors or people.

We do not use cookies from third parties for marketing and ads, such as Facebook Pixel.

Some web addresses in our web-based services might contain your email address. We do not use it for anything other than giving you access to your own information – and it is only visible for you and for Gramo.

Tools used by us

In order to gather and analyse information on how the web pages use, we utilize the tools Google Analytics and Hotjar. HTTP cookies from Google Analytics and Hotjar are optional. We use them only when you give us permission to share information on how the web pages are used.

To manage written inquiries and offer information through our web pages we use Intercom. The HTTP cookies from Intercom we regard as necessary for the functionality of our web pages. These are installed in your we browser when visiting our web site.

Data from these tools are stored on their servers.

Information is not shared without your and Gramo's consent, with the exception of certain limited situations, such as requirements by law from police or a court of justice.

Block or allow cookies in your web browser

You can administer how your browser will handle HTTP cookies. Administrere informasjonskapsler i din nettleser - Nettvett.no viser deg hvordan

❗️If you do not accept HTTP cookies, our web pages might not function at it's best.

For how long will my personal data be stored?

The basic principle in the regulations regarding privacy protection is to delete personal data when the reason for processing it is done.

The period of protection for recordings is 70 years. Because of this we need to store data on rights holders for at least that amount of time. We will only store the data needed to administer the rights according to the Copyright Act § 21. We will delete or anonymise data when the reason for managing it is done, and we do not have any cause for keeping it.

Personal data on recipients of newsletter, will be deleted when you unsubscribe.

Contact information on music users are deleted when we receive notice that music is no longer used, or if the business has been dissolved.

Information on invoices is stored for ten years, in order to meet any demands of documentation from the tax authorities.

How does Gramo secure my personal data?

We secure your data by protecting the infrastructure and offices. We also demand protection of your personal data with all people in Gramo and sub vendors.

Our main technical safety arrangements are:

Encryption of personal data sent over the Internet – When logging on to Min Side (for members/music users) with username and password all your data will be encrypted with cryptographic protocol, such as "Transport Layer Security" (TLS) and "Secure Socket Layer" (SSL). We use these protocols in all web pages where your data is treated. This secures that your data are confidential and protected when transferred on the Internet.
Two-factor authentication– We also use two-factor authentication with an SMS-code in addition to username and password. This secures that only you and authorized personnel in Gramo have access to your data.
A secure kernel system– Our specially developed member and job accounting system Echo, our master database, has access control, structuring and quality assurance of data, logging and backup. This secures our data being protected and available. Echo is the basis for the information you see on Min Side, giving you access and the option of assure the quality of the data we have on you.
Agreements on data treatment and confidentiality declaration – Our platform is structured by solutions in our data centre, and via services at Amazon Web Services (AWS) and Heroku. All data on you is stied within the EU/EØS and necessary Agreements on data treatment and confidentiality declarations are implemented with our suppliers and partners.

Is there a possibility to submit a complaint about Gramo's privacy protection?

If you feel Gramo is not treating personal data according to the regulations on privacy protection, you may submit a complaint to Datatilsynet.

How to contact Gramo regarding privacy protection?

If you have any questions regarding privacy your protection in Gramo, please contact our data protection officer: Abdul Khaliq, abdul.khaliq@gramo.no or 22 00 77 86