Summary
We use personal data that we are legally liable to manage, and only in the ways the regulations allow us to.
We offer all interested parties to subscribe to our newsletter, we use HTTP cookies and statistical tools to enhance the content of our web sites.
What is personal data?
With personal data we mean all information that could be traced back to you as an individual. This could be several things. Such as:
Name
Address
Telephone number
E-mail address
Birth number
Bank account number
Which regulations for privacy protection are followed by Gramo?
In addition to regulations for membership in Gramo or the agreement you have with us to use recorded music, we abide by the following rules and regulations:
Privacy protection:
The personal data act
EU's General Data Protection Regulation (GDPR 2016/679) – as long as it is part of Norwegian law
We refer to this as the personal privacy regulations.
Administering rights:
Copyright Act § 21
Use of cookies:
The act on electronic communication (ekomloven)
Why do we use your personal data?
We collect renumeration from those using recorded music in Norway, and pay them to the rights holders, according to the Copyright Act § 21. This gives us a legal liability to collect and treat your personal data, see personvernforordningen artikkel 6 nr. 1 bokstav c.
We do not use more personal data than necessary in order to manage your rights.
We use your personal data to:
Collect renumeration on your behalf for recordings you participate on or own.
Pay out remuneration and rapport it to the tax authorities, either previous or coming payments.
Control and document treating rights and remuneration in a correct way
Prevent and uncover possible fraud attempts and other criminal acts
Manage general services for members and customers
What personal data does Gramo use
We register several types of information depending on our relation to you:
Information on members of Gramo
Information on businesses using recorded music
Information on newsletter recipients
Information on visitors to our web pages
Information on Gramo's members
In order to protect your interests as a member, and to pay you remuneration, we need the following personal information:
Name and any artist name/previous name
Gender
Birth date and personal number
Address
Bank account number
Email address
Telephone number
Citizenship, country of birth and country of residence
Musical instrument and relation to band/orchestra/choir
Membership in Norwegian rights holders' organisations
Membership in foreign rights holder's organisations
Recordings you have rights for
The information in the list above must be submitted to us. Either in a membership application or in a following dialogue whit us.
In order to receive correct remuneration, it is important to keep the information updated.
If rights are inherited, we will register year of death for the one you inherit from.
Access and changes
The regulations on privacy protection gives you the right to access and to be able to change our information on you.
Do you need access or to change information?
Log in to Min Side or send us an e-mail to medlem@gramo.no
Resignation and deletion
You have the right to resign and ask for your information to be deleted.
Do you wish to resign or delete information? – Contact us on 22 00 77 80 or medlem@gramo.no.
We need to keep certain information
The law requires us to keep certain information. If you ask us to delete information in you, we need to keep the following:
Name and any artist name
Birth date
Country (citizenship, country of residence, country of birth)
Relation to band/orchestra/choir
Recordings
In addition, we need to keep information on all payments for ten years, in order to meet and assist your interests in any demands on information from the tax authorities.
Exchange of information on rights holders with other partners
Your name and birth number/company register number will be shared with rights holder's organisations you are registered member of. This is done in order to quality-assure the correct information, with the intent to decide members with voting rights and power of attorney for the general assembly in Gramo, se our statutes.
We also collect information on enterprises and businesses from Brønnøysundregistrene.
Information on businesses using music
We store the following information on businesses using recorded music:
Company register number
The name of the enterprise
Postal address and office address
Trade
The enterprises contact(s) - name, email address and telephone number
Information on customer premises – size, opening hours and other parameters, see remuneration tariffs
Information on play (background and non-background music)
This is information we use in order to decide the invoices, and to collect remuneration
We collect information on enterprises and companies from Brønnøysundregistrene and commercial reference books. For example, accounting and information on start-ups.
Information on newsletter recipients
From time to time we send newsletters and information to our members, rights holders and anyone with an interest in Gramo's activities.
We use Mailchimp to reach several email recipients at once.
If you sign up for our newsletter, we only store your email address and what kind of newsletter you would like to receive.
As a member we store name and information on your membership type.
We do not exchange the mailing list with anyone.
Unsubscribe from newsletter
You may at any time unsubscribe from our newsletter. You will be deleted from
the mailing list.
A link for unsubscribing is at the bottom of the newsletter.
You may at any time resubscribe to our newsletter.
NB! Even if you unsubscribe from the main newsletter, Gramo will still send out information as a rights holder and Gramo member, and if necessary, information regarding you and your membership, such as rights, payments, use of Min Side, and the general assembly, via email.
Information about visitors to our website
Cookies
When you visit our website, your browser may store small data files called cookies. These help us improve the site and make it easier to use.
Essential and optional cookies
We use the following types of cookies:
Essential:
Intercom: Used to provide information while you browse, respond to messages you send us, and collect statistics. For example, how many pages are visited in our help center.
Skyra: Used to show surveys. No data is stored unless you choose to respond.
Optional (used only with your consent):
Google Analytics: Used to analyse website traffic and visitor patterns.
Hotjar: Used to understand how users navigate the website.
We do not use cookies for advertising or marketing, and we do not share information with others without your consent.
Statistics and usage data
We analyse how the website is used to improve it. This helps us:
understand how the content performs
make it easier to navigate
remember your chosen settings
Examples of the data we look at:
Which browsers and devices are being using
Which languages browsers are set to
Which countries people are visiting from
Which pages and links are being clicked
How our site is found. For example, via a search engine, social media, or newsletter
Some URLs may contain your email address if you’re logged in. This is only used to show you your own information and is only visible to you and Gramo.
Storage and privacy
All data is processed in accordance with the General Data Protection Regulation (GDPR) and stored within the EU/EEA. We do not share your data without your consent, unless required by law — for example, by the police or a court.
For how long will my personal data be stored?
The basic principle in the regulations regarding privacy protection is to delete personal data when the reason for processing it is done.
The period of protection for recordings is 70 years. Because of this we need to store data on rights holders for at least that amount of time. We will only store the data needed to administer the rights according to the Copyright Act § 21. We will delete or anonymise data when the reason for managing it is done, and we do not have any cause for keeping it.
Personal data on recipients of newsletter, will be deleted when you unsubscribe.
Contact information on music users are deleted when we receive notice that music is no longer used, or if the business has been dissolved.
Information on invoices is stored for ten years, in order to meet any demands of documentation from the tax authorities.
How does Gramo secure my personal data?
We secure your data by protecting the infrastructure and offices. We also demand protection of your personal data with all people in Gramo and sub vendors.
Our main technical safety arrangements are:
Encryption of personal data sent over the Internet – When logging on to Min Side (for members/music users) with username and password all your data will be encrypted with cryptographic protocol, such as "Transport Layer Security" (TLS) and "Secure Socket Layer" (SSL). We use these protocols in all web pages where your data is treated. This secures that your data are confidential and protected when transferred on the Internet.
Two-factor authentication– We also use two-factor authentication with an SMS-code in addition to username and password. This secures that only you and authorized personnel in Gramo have access to your data.
A secure kernel system– Our specially developed member and job accounting system Echo, our master database, has access control, structuring and quality assurance of data, logging and backup. This secures our data being protected and available. Echo is the basis for the information you see on Min Side, giving you access and the option of assure the quality of the data we have on you.
Agreements on data treatment and confidentiality declaration – Our platform is structured by solutions in our data centre, and via services at Amazon Web Services (AWS) and Heroku. All data on you is stied within the EU/EØS and necessary Agreements on data treatment and confidentiality declarations are implemented with our suppliers and partners.
Is there a possibility to submit a complaint about Gramo's privacy protection?
If you feel Gramo is not treating personal data according to the regulations on privacy protection, you may submit a complaint to Datatilsynet.
How to contact Gramo regarding privacy protection?
If you have any questions regarding privacy your protection in Gramo, please contact our data protection officer: Abdul Khaliq, abdul.khaliq@gramo.no or 22 00 77 86