IFPI, International Federation of Phonographic Industry ("we", “us”, “our”) is the international agency in charge of managing and maintaining the international identification system for sound and music video recordings, known as the International Standard Recording Code (“ISRC”). As part of this role, it is necessary for us to process information about ISRC registrants (“you”, “your”). This, for instance, refers to your name or contact details. We refer to this information as “personal information”.
By providing us with your personal information, you are accepting and consenting to the practices described in this policy.
2. What information do we collect about you?
We may collect and process various categories of personal information about you. This may include but is not limited to:
- Contact details, such as your name, address, website; and contact details of the individual to contact;
- Registrant details: the country/registrant code assigned and registrant name;
- Registration details, such as the date of registration and any other information associated with the ISRC application process (e.g. email correspondence, notes made through the registration process, intended use of the code); and
- Financial information such as your bank details.
3. What will we do with your information?
We will collect, store and use your personal information solely for the following purposes:
- To manage and maintain the ISRC system in line with the International Organisation for Standardisation requirements;
- To handle queries relating to the implementation of the ISRC system and to resolve issues or errors, such as conflicts between assigned codes or misuse of a code;
- To administer the ISRC system for territories where there is no national ISRC agency
· To enable the set up of new national ISRC agencies by providing them with information relevant to their activities;
- To supervise activities of national ISRC agencies, for instance as part of their obligation of annual reporting;
- To report to the International Organisation for Standardisation on our activities;
- To assist with the prevention of sound or music video recordings infringement; and
- To implement a global search facility allowing ISRC related information to be queried.
When processing your personal information for the above-mentioned purposes, we will ensure that it is handled at all times in compliance with applicable laws and regulations concerning privacy and data protection. We will also ensure we have a clear legal basis on which to process your personal information. Typically, it will be because the relevant processing is necessary to safeguard our interests and the interests of users of the ISRC system. However, there may be occasions where will process your personal information where we have a contractual obligation (to you) or a legal obligation to comply. In some cases, we may process your personal information on the basis of your consent.
4. Who is your information shared with?
Access to your personal information within our agency is restricted to designated individuals who have a clear “need to know” for business reasons.
We may share your personal information with the following third parties:
- The International Organisation for Standardisation (ISO) in accordance with the requirements set out in international standards;
- National ISRC agencies to the extent that the information is relevant to registrants in their country;
- Third parties such as record companies and digital music service providers in order to reply to requests which appear to be reasonable (e.g. resolving conflict of codes); and
- Third party service providers acting on our behalf.
- Should IFPI cease to be the international agency in charge of managing and maintaining the international identification system for sound and music video recordings, we or ISO may provide your personal information to an organisation that succeeds IFPI in that role.
We may share your registrant details with users of any online ISRC service that we may offer publicly as part of the ISRC system.
Your personal information is stored on our secure servers and computer systems and it is protected from unauthorised access by appropriate technical and organisational security measures implemented in accordance with applicable laws.
6. Data transfers
Your personal information is stored onto our securely protected servers located in the European Economic Area (“EEA”). In order to ensure the effective operation of the ISRC system at a global level, your personal information may be accessed from or transferred to countries outside of the EEA, including countries which may not offer an equivalent level of data protection to that of the EEA. We may be required by the International Organisation for Standardisation to transfer your personal information to a successor Registration Authority which may be outside the EEA. However, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable laws. If you are located in the EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.
7. Data retention
Your personal information will be stored for no longer than necessary for us to carry out the purpose(s) in respect of which it was collected and in accordance with internal policies. Typically, we will keep your personal information for as long as we are the ISRC Registration Authority, and any further reasonable period required to hand over to a successor Registration Authority.
8. Your rights
You have the right to request access to, rectification or erasure of, the personal information we hold about you. You may also have the right to object to or restrict certain types of processing of your personal information and request to receive a machine-readable copy of the personal information you have provided to us. This may be done by contacting firstname.lastname@example.org. Any request to exercise one of these rights will be assessed by us on a case by case basis. There may be circumstances in which we are not legally required to comply with your request because of relevant legal exemptions provided for in applicable data protection legislation.
We will not process your personal information for marketing purposes.
9. Third party websites
Our website may, from time to time, contain links to and from the websites of third parties, such as national ISRC agencies. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these third parties.
EFFECTIVE DATE: 25th May 2018