Privacy Policy

1. Introduction

IFPI, International Federation of Phonographic Industry ("we", “us”, “our”) is the international agency in charge of managing and maintaining the international identification system for sound and music video recordings, known as the International Standard Recording Code (“ISRC”). As part of this role, it is necessary for us to process information about ISRC registrants (“you”, “your”). This, for instance, refers to your name or contact details. We refer to this information as “personal information”.

This privacy policy sets out the general principles governing how we handle your personal information in relation to the implementation of ISRC. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

By providing us with your personal information, you are accepting and consenting to the practices described in this policy.

2. What information do we collect about you?

We may collect and process various categories of personal information about you. This may include but is not limited to:

  • Contact details, such as your name, address, website; and contact details of the individual to contact;
  • Registrant details: the country/registrant code assigned and registrant name;
  • Registration details, such as the date of registration and any other information associated with the ISRC application process (e.g. email correspondence, notes made through the registration process, intended use of the code); and
  • Financial information such as your bank details.

We may collect this information from you directly or we may receive it from third parties, for instance from national ISRC agencies. Regardless of the information source, we will make sure to collect and use only the minimum amount of personal information that is necessary for the purposes set out in this privacy policy.

3. What will we do with your information?

We will collect, store and use your personal information solely for the following purposes:

  • To manage and maintain the ISRC system in line with the International Organisation for Standardisation requirements;
  • To handle queries relating to the implementation of the ISRC system and to resolve issues or errors, such as conflicts between assigned codes or misuse of a code;
  • To administer the ISRC system for territories where there is no national ISRC agency in place;
    · To enable the set up of new national ISRC agencies by providing them with information relevant to their activities;
  • To supervise activities of national ISRC agencies, for instance as part of their obligation of annual reporting;
  • To report to the International Organisation for Standardisation on our activities;
  • To assist with the prevention of sound or music video recordings infringement; and
  • To implement a global search facility allowing ISRC related information to be queried.

When processing your personal information for the above-mentioned purposes, we will ensure that it is handled at all times in compliance with applicable laws and regulations concerning privacy and data protection. We will also ensure we have a clear legal basis on which to process your personal information. Typically, it will be because the relevant processing is necessary to safeguard our interests and the interests of users of the ISRC system. However, there may be occasions where will process your personal information where we have a contractual obligation (to you) or a legal obligation to comply. In some cases, we may process your personal information on the basis of your consent.

4. Who is your information shared with?

Access to your personal information within our agency is restricted to designated individuals who have a clear “need to know” for business reasons.

We may share your personal information with the following third parties:

  • The International Organisation for Standardisation (ISO) in accordance with the requirements set out in international standards;
  • National ISRC agencies to the extent that the information is relevant to registrants in their country;
  • Third parties such as record companies and digital music service providers in order to reply to requests which appear to be reasonable (e.g. resolving conflict of codes); and
  • Third party service providers acting on our behalf.
  • Should IFPI cease to be the international agency in charge of managing and maintaining the international identification system for sound and music video recordings, we or ISO may provide your personal information to an organisation that succeeds IFPI in that role.

We may share your registrant details with users of any online ISRC service that we may offer publicly as part of the ISRC system.

5. Security

Your personal information is stored on our secure servers and computer systems and it is protected from unauthorised access by appropriate technical and organisational security measures implemented in accordance with applicable laws.

In the event that your personal information is to be shared with third party service providers which act on our behalf (such as providers of hosting services), we will take all steps to ensure that your personal information is afforded sufficient protection and is treated in accordance with this privacy policy. In particular, we contractually require third party service providers to handle your personal information only on our instructions and only for the purpose of the provision of their contracted services to us.

6. Data transfers

Your personal information is stored onto our securely protected servers located in the European Economic Area (“EEA”). In order to ensure the effective operation of the ISRC system at a global level, your personal information may be accessed from or transferred to countries outside of the EEA, including countries which may not offer an equivalent level of data protection to that of the EEA. We may be required by the International Organisation for Standardisation to transfer your personal information to a successor Registration Authority which may be outside the EEA. However, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable laws. If you are located in the EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

7. Data retention

Your personal information will be stored for no longer than necessary for us to carry out the purpose(s) in respect of which it was collected and in accordance with internal policies. Typically, we will keep your personal information for as long as we are the ISRC Registration Authority, and any further reasonable period required to hand over to a successor Registration Authority.

8. Your rights

You have the right to request access to, rectification or erasure of, the personal information we hold about you. You may also have the right to object to or restrict certain types of processing of your personal information and request to receive a machine-readable copy of the personal information you have provided to us. This may be done by contacting Any request to exercise one of these rights will be assessed by us on a case by case basis. There may be circumstances in which we are not legally required to comply with your request because of relevant legal exemptions provided for in applicable data protection legislation.

We will not process your personal information for marketing purposes.

9. Third party websites

Our website may, from time to time, contain links to and from the websites of third parties, such as national ISRC agencies. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these third parties.

10. Changes to this privacy policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you. Please check back frequently to see any updates or changes to this privacy policy.

11. Changes to this privacy policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you. Please check back frequently to see any updates or changes to this privacy policy.

12. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to If you have concerns about the way in which we have handled your personal information you should contact us in the first instance. If you are still dissatisfied, you have the right to complain to the Information Commissioner’s Office or other similar relevant Data Protection Authorities in other EEA jurisdictions.

EFFECTIVE DATE: 25th May 2018