Skip to main content

Privacy protection

The following is an outline of why and how we use personal data, and also what kind of personal data we manage.

Updated this week

Summary

We use personal data that we are legally liable to manage, and only in the ways the regulations allow us to.

We offer all interested parties to subscribe to our newsletter, we use HTTP cookies and statistical tools to enhance the content of our web sites.


What is personal data?

With personal data we mean all information that could be traced back to you as an individual. This could be several things. Such as:

  • Name

  • Address

  • Telephone number

  • E-mail address

  • Birth number

  • Bank account number


Which regulations for privacy protection are followed by Gramo?

In addition to regulations for membership in Gramo or the agreement you have with us to use recorded music, we abide by the following rules and regulations:

Privacy protection:

  • The personal data act

  • EU's General Data Protection Regulation (GDPR 2016/679) – as long as it is part of Norwegian law

We refer to this as the personal privacy regulations.

Administering rights:

  • Copyright Act § 21

Use of cookies:

  • The act on electronic communication (ekomloven)


Why do we use your personal data?

We collect renumeration from those using recorded music in Norway, and pay them to the rights holders, according to the Copyright Act § 21. This gives us a legal liability to collect and treat your personal data, see personvernforordningen artikkel 6 nr. 1 bokstav c.

We do not use more personal data than necessary in order to manage your rights.

We use your personal data to:

  • Collect renumeration on your behalf for recordings you participate on or own.

  • Pay out remuneration and rapport it to the tax authorities, either previous or coming payments.

  • Control and document treating rights and remuneration in a correct way

  • Prevent and uncover possible fraud attempts and other criminal acts

  • Manage general services for members and customers


What personal data does Gramo use

We register several types of information depending on our relation to you:

  • Information on members of Gramo

  • Information on businesses using recorded music

  • Information on newsletter recipients

  • Information on visitors to our web pages


Information on Gramo's members

In order to protect your interests as a member, and to pay you remuneration, we need the following personal information:

  • Name and any artist name/previous name

  • Gender

  • Birth date and personal number

  • Address

  • Bank account number

  • Email address

  • Telephone number

  • Citizenship, country of birth and country of residence

  • Musical instrument and relation to band/orchestra/choir

  • Membership in Norwegian rights holders' organisations

  • Membership in foreign rights holder's organisations

  • Recordings you have rights for

The information in the list above must be submitted to us. Either in a membership application or in a following dialogue whit us.

In order to receive correct remuneration, it is important to keep the information updated.

If rights are inherited, we will register year of death for the one you inherit from.

Access and changes

The regulations on privacy protection gives you the right to access and to be able to change our information on you.

Do you need access or to change information?

Resignation and deletion

You have the right to resign and ask for your information to be deleted.

Do you wish to resign or delete information? – Contact us on 22 00 77 80 or medlem@gramo.no.

We need to keep certain information

The law requires us to keep certain information. If you ask us to delete information in you, we need to keep the following:

  • Name and any artist name

  • Birth date

  • Country (citizenship, country of residence, country of birth)

  • Relation to band/orchestra/choir

  • Recordings

In addition, we need to keep information on all payments for ten years, in order to meet and assist your interests in any demands on information from the tax authorities.

Exchange of information on rights holders with other partners

Your name and birth number/company register number will be shared with rights holder's organisations you are registered member of. This is done in order to quality-assure the correct information, with the intent to decide members with voting rights and power of attorney for the general assembly in Gramo, se our statutes.

We also collect information on enterprises and businesses from Brønnøysundregistrene.


Information on businesses using music

We store the following information on businesses using recorded music:

  • Company register number

  • The name of the enterprise

  • Postal address and office address

  • Trade

  • The enterprises contact(s) - name, email address and telephone number

  • Information on customer premises – size, opening hours and other parameters, see remuneration tariffs

  • Information on play (background and non-background music)

  • This is information we use in order to decide the invoices, and to collect remuneration

We collect information on enterprises and companies from Brønnøysundregistrene and commercial reference books. For example, accounting and information on start-ups.


Information on newsletter recipients

From time to time we send newsletters and information to our members, rights holders and anyone with an interest in Gramo's activities.

We use Mailchimp to reach several email recipients at once.

  • If you sign up for our newsletter, we only store your email address and what kind of newsletter you would like to receive.

  • As a member we store name and information on your membership type.

We do not exchange the mailing list with anyone.

Unsubscribe from newsletter

You may at any time unsubscribe from our newsletter. You will be deleted from

the mailing list.

A link for unsubscribing is at the bottom of the newsletter.

You may at any time resubscribe to our newsletter.

NB! Even if you unsubscribe from the main newsletter, Gramo will still send out information as a rights holder and Gramo member, and if necessary, information regarding you and your membership, such as rights, payments, use of Min Side, and the general assembly, via email.


Information about visitors to our website

Cookies

When you visit our website, your browser may store small data files called cookies. These help us improve the site and make it easier to use.

Essential and optional cookies

We use the following types of cookies:

Essential:

  • Intercom: Used to provide information while you browse, respond to messages you send us, and collect statistics. For example, how many pages are visited in our help center.

  • Skyra: Used to show surveys. No data is stored unless you choose to respond.

Optional (used only with your consent):

  • Google Analytics: Used to analyse website traffic and visitor patterns.

  • Hotjar: Used to understand how users navigate the website.

We do not use cookies for advertising or marketing, and we do not share information with others without your consent.

Statistics and usage data

We analyse how the website is used to improve it. This helps us:

  • understand how the content performs

  • make it easier to navigate

  • remember your chosen settings

Examples of the data we look at:

  • Which browsers and devices are being using

  • Which languages browsers are set to

  • Which countries people are visiting from

  • Which pages and links are being clicked

  • How our site is found. For example, via a search engine, social media, or newsletter

Some URLs may contain your email address if you’re logged in. This is only used to show you your own information and is only visible to you and Gramo.

Storage and privacy

All data is processed in accordance with the General Data Protection Regulation (GDPR) and stored within the EU/EEA. We do not share your data without your consent, unless required by law — for example, by the police or a court.


For how long will my personal data be stored?

The basic principle in the regulations regarding privacy protection is to delete personal data when the reason for processing it is done.

The period of protection for recordings is 70 years. Because of this we need to store data on rights holders for at least that amount of time. We will only store the data needed to administer the rights according to the Copyright Act § 21. We will delete or anonymise data when the reason for managing it is done, and we do not have any cause for keeping it.

Personal data on recipients of newsletter, will be deleted when you unsubscribe.

Contact information on music users are deleted when we receive notice that music is no longer used, or if the business has been dissolved.

Information on invoices is stored for ten years, in order to meet any demands of documentation from the tax authorities.


How does Gramo secure my personal data?

We secure your data by protecting the infrastructure and offices. We also demand protection of your personal data with all people in Gramo and sub vendors.

Our main technical safety arrangements are:

  • Encryption of personal data sent over the Internet – When logging on to Min Side (for members/music users) with username and password all your data will be encrypted with cryptographic protocol, such as "Transport Layer Security" (TLS) and "Secure Socket Layer" (SSL). We use these protocols in all web pages where your data is treated. This secures that your data are confidential and protected when transferred on the Internet.

  • Two-factor authentication– We also use two-factor authentication with an SMS-code in addition to username and password. This secures that only you and authorized personnel in Gramo have access to your data.

  • A secure kernel system– Our specially developed member and job accounting system Echo, our master database, has access control, structuring and quality assurance of data, logging and backup. This secures our data being protected and available. Echo is the basis for the information you see on Min Side, giving you access and the option of assure the quality of the data we have on you.

  • Agreements on data treatment and confidentiality declaration – Our platform is structured by solutions in our data centre, and via services at Amazon Web Services (AWS) and Heroku. All data on you is stied within the EU/EØS and necessary Agreements on data treatment and confidentiality declarations are implemented with our suppliers and partners.


Is there a possibility to submit a complaint about Gramo's privacy protection?

If you feel Gramo is not treating personal data according to the regulations on privacy protection, you may submit a complaint to Datatilsynet.


How to contact Gramo regarding privacy protection?

If you have any questions regarding privacy your protection in Gramo, please contact our data protection officer: Abdul Khaliq, abdul.khaliq@gramo.no or 22 00 77 86

Did this answer your question?