Privacy Policy

Finnish Composers' Copyright Society Teosto is a copyright society for composers, lyricists, arrangers and music publishers whose task is to manage musical works of domestic and foreign authors, grant licenses and distribute royalties to authors for the use of their works.

Teosto is committed to protecting the privacy of its current and future rights holders, music users and other related stakeholders, and processes their personal data in accordance with applicable data protection legislation. In this privacy policy we provide further information on:

1. CONTACT INFOR MATION

Teosto is the data controller for the processing of personal data in accordance with this privacy policy.

Data controller

Finnish Composers' Copyright Society Teosto (Business ID: 0117040-7) Urho Kekkosen katu 2 C, 00100 Helsinki

You can contact us by email at dataprivacy@teosto.fi for information about processing your personal data.

2. WHAT DATA WE PROCESS AND WHERE WE GATHER THE DATA

Along with the collective management of copyrights belonging to Teosto’s core business, Teosto is actively involved in influencing legislation and practices in the field, as well as in cultural activities focusing primarily in music. The extensive work of Teosto requires the processing of personal data of several groups of data subjects. Below we will describe what data we typically process of these data subjects and from which sources we will gather the data. When gathering data, we seek to inform what data is mandatory and what data you can give voluntarily.

Rightholders and beneficiaries of Teosto. The rightholders of Teosto are the persons who have concluded a membership agreement with Teosto for the management of their works. We typically process the following data of the rightholders:

  • Full name, address, phone number and email address;
  • Social security number for unambiguous identification, which is necessary for the correct allocation of distribution;
  • Bank details;
  • The role of the author  (composer, lyricist,  arranger);
  • An International Identification Number (IPI Number), what is automatically created when joining as a rightholder, pseudonym (aliases);
  • Work information, work performance and other usage information, and information on distributed royalties;
  • Network Service IDs (username and password);
  • Tax information, details of recovery proceedings details and any debts reported to Teosto (such as debts to publishers);
  • Information about the customer relationship (start and end dates), details of the events to which the person has participated;
  • Beneficiary information and information on wills as well as of deed of estate inventory and estates partition documents. 

The beneficiaries of our rightholders are persons to whom the copyrights of the copyright owner have been transferred as a result of inheritance or other equivalent right. We typically process the following data of the beneficiaries:

  • Full name, social security number and contact information;
  • Bank details. 
We will gather the data on the rightholders mainly:
  • from the person herself, example from the affiliation agreement; 
  • when the person provides information in order to maintain customer relationship with Teosto (for example notifications of works); 
  • registries of the authorities (example Tax Administration Registers);
  • Teosto’s domestic and foreign member and sister organisations;
  • from other cooperation organisations (especially IPI number as well as information about the use of works and distribution). 

The performance and usage information of the works is also gathered from the performance reports, program announcements, and other reports.

Data on beneficiaries of our rightholders is gathered either form the beneficiaries themselves, from the estate or from the authorities.

Rightholders not represented by Teosto. Due to the operation of Teosto, we may also process the information of rightholders (composer, lyricists, or arranger) not represented by Teosto if (i) the rightholder is a member of another copyright organisation and Teosto has a reciprocal agreement with the copyright organisation, and this organisation has authorized Teosto to process personal data (ii) the rightholder is not a member of any copyright organisation, but Teosto represents the rightholder under an extended collective license in accordance with the Copyright Act.

We typically process the same data of the rightholders not represented by Teosto than that of Teosto’s rightholders, to the extent necessary to fulfill the obligations under the reciprocal agreement or extended collective license. Unless otherwise stated, the data of these rightholders is processed for the same purpose as Teosto’s rightholders.  Music User Customers.

Music User Customers. Music user customers are companies, organisations or persons who have made an agreement with Teosto for the use of works represented by Teosto. The following data of the music user customers is typically processed:

  • The name of the company holding the license, Business ID, contact information, billing and payment information;
  • The first and last name, position/title, phone number and email address of the company’s contact persons; 
  • For private individuals: first and last name, phone number and email address;
  • The name and contact information for the venue and for the performance license holder;
  • Information on the requested licenses;
  • User ID and password;
  • Potential payment defaults and dunning information.

We will get data on music user customers primarily from the licensee herself or her representative via telephone, email or online service. In addition, we can gather data from databases maintained by public authorities and companies. We also gather data on mechanisation from Nordisk Copyright Bureau (NBC), which manages collectively the mechanisation rights for the Nordic copyright organisations. NBC operates in Copenhagen, Denmark. Information on our event customers can also be gathered from performance notifications made to Teosto, or organized events observed by Teosto, regarding which the organizer of the event has not notified Teosto. Music Performers.

Music Performers. Music performers are people who perform the works of an author represented by Teosto publicly and make aperformance notification to Teosto of the performance event. The following data is typically processed on the music performers: 

  • First and last name, address, phone number and email address;
  • Username and password;
  • Other data voluntarily provided by the data subject.

We will get this data from the data subject herself.

In addition, if the performers use our Keikkamobiili app, we may collect their mobile identifier, such as their Google Advertising ID. The Google Advertising ID is an anonymous identifier provided by Google Play services and we use it in the process of allocating and sending notifications to performers using the App (for example reminders that reports should be provided by a certain date) and for analytics purposes. We do not combine the identifier with any personal data. You can opt-out of receiving the communications at any time by changing the respective operating system settings of the Keikkamobiili app in your mobile phone or tablet.

Partners, other stakeholders and communication. These data subject groups include organisations and persons, policy decision-makers, and other persons in public or social sphere, who are Teosto’s partners, and who Teosto estimates having an interest in Teosto’s activities, persons who participate in events organized by Teosto, as well as other persons who have expressed their willingness be updated on Teosto’s operations and activities. Of these groups, we typically process the following data:

  • First and last name, organisation represented by the person, position in the organisation, email address, phone number, and other information that may be publicly disclosed by the person (such as her political party);
  • Information provided by the person on a case-by-case basis (for example in connection with registration to events or campaigns or, for example in connection with Teosto’s Cultural Ambassador activities.

Data on people who participate in events or subscribe to communications is gathered from the person herself or from a Teosto’s sister organisation. Data on our partners’ and stakeholders’ representatives is gathered from the data subjects themselves, or we gather it from the member organisations or from publicly available sources such as public administration and corporate websites.

Other information. The data of each person may also include a permission or refusal to direct marketing provided by the data subject herself.

In addition, data of Teosto’s website users will be gathered using cookies in a way described in more detail in Teosto’s cookie policy. However, data collected through cookies is not connected with personal data of an identified person. 

3. LEGAL GROUNDS AND PURPOSE OF THE PROCESSING

We process data for the following purposes:

  • We process the data of rightholders for the establishment and management of customer relationship, for customer relationship related communication, for the maintenance of domestic and international authors’ registers, for gathering and matching of usage data of works as well as for the distribution of royalties to the music authors (composers, lyricist and arrangers), authors’ estates and publishers. Due to the international nature of Teosto’s operations, processing is cross-border (see data disclosure and transfers). In this case, we process the data on the basis of membership agreement and the statutory obligation (Copyright Act and Act on Collective Management of Copyright)
  • Data of the music user customers is processed for establishing and maintaining a customer relationship, for billing and collection of the license fees according to the music license agreements, for customer communication, and for other purposes related to the fulfillment of rights and obligations under the music license agreement. In this case, we will process information based on the agreement and statutory obligation (especially Copyright Act and Act on Collective Management of Copyright).
  • Data on music performers is processed for the establishment and maintenance of customer relationship, for the processing of performance notifications and in customer communication. We can also process performance notifications made by performers for the purpose of monitoring and enforcement of the licenses.

In addition, we are processing data in general for the following purposes:

  • Events. We will process data for the purpose of organizing events, as well as for providing invitations and newsletters for these. In this occasion, we will process data to fulfill the agreement for the service the person has subscribed to, or for the purpose of Teosto’s legitimate interest.  
  • Communication. We will process data for communication (including emails), related to Teosto’s operations, services and events, to the extent that no such communication has been prohibited by the data subject. In this case, we process data in legitimate interest or with the consent of the data subject. Such communication does not apply to communication related to customer relationship or agreement matters, which we will carry out on grounds mentioned above. 
  • Research and development. We process data for the research and development of Teosto’s products and services on the basis of Teosto’s legitimate interest. 
  • Public affairs and Legal Claims. We process information for the fulfilment of tasks related to Teosto’s public affairs activities. We also process information to investigate and to prevent potential infringements of agreements and infringement of rights, and to resolve any potential irregularities related to the use of works, and for the enforcement of rights.  

4. DATA STORAGE TIME

We process data only for as long as it is necessary for the purposes defined above. We may also inform specific data storage times on case-by-case basis.

  • Data on the rightholders. We will store the data on the rightholder until the agreement between the rightholder and Teosto is in force and the copyrights of her works (including joint works) managed by Teosto are in force (lifetime and 70 years after the death of the author or the death of the last author of joint works). Despite the end of the customer relationship,Teosto may be required to store certain data necessary for the purpose of distributing royalties as long as the copyrights of the author are in force.  
  • Other data processed under the agreement. In other respects, we will store data regarding the agreements, such as music licenses, as long as it is necessary to fulfill the contractual rights and obligations, unless law provides for a longer storage time.  
  • Data used for communication. Personal data used for Teosto’s communication (including data subjects involved formerly in the activities of Teosto, as well as stakeholder data) will be stored as long as the data subject is in a position in which he or she is assumed to be interested in Teosto’s activities and the data subject has not requested the deletion of her data. 
  • Information on events. Data regarding participation in events organized by Teosto is stored for about 3-5 years. 
  • Information on prohibitions. If a data subject has refused to Teosto’s communications or surveys and there is no other ground for processing data, we will keep the data on the prohibition and contact information to ensure compliance. 

We try to keep the personal data we hold correct and up to date by deleting unnecessary data and updating outdated data. If you have created a username and password for Teosto’s online service, you can verify and update your data by signing in to the service. 

5. TRANFERS AND DISCLOSURES OF PERSONAL DATA

Teosto discloses and transfers your personal data mainly as described below:
  • Member and sister organisations, partner organisations: Rightholders basic information (name, address, phone numbers, IPI number) and work information may be transferred to Teosto’s domestic and international member and sister organisations and other partner organisations to ensure correct distribution of royalties as well as for other justified purposes related to the management of works in accordance with industry practice. 
  • Transfers and disclosures based on the Act on Collective Management of Copyright: We may be required to disclose certain personal data to the users of the works on the basis of the Act on Collective Management of Copyright, unless you have prohibited such disclosure. 
  • Authorities: We may disclose your personal data to the competent authorities (such as the Tax Administration) in the manner required by applicable law.  
  • Consent: We may, with your consent, disclose your information to third parties, for example, for the purpose of obtaining copyright licenses directly from the rightholder. We ask for such consent separately. 
  • Mergers and acquisitions: If we sell, merge or otherwise arrange our business, your personal data may be disclosed to the parties of the arrangement. 
  • Enforcement and legal claims: We may disclose your personal data to third parties if it is necessary for the enforcement of the agreement, collection of receivables investigation of possible infringement, or for the enforcement of rights. 
  • Subcontractors: We use subcontractors for the processing of personal data for and behalf of Teosto. We have ensured by contractual arrangements that the subcontractor/ will process personal data in accordance with the applicable law. 

Disclosures and transfers outside the EU and EEA. As a rule, we are not transferring personal data outside the EU or EEA. However, rightholders’ basic and work information may be disclosed and transferred to Teosto’s sister organisations and other partner organisations outside the EU and EEA, in order to ensure the right distribution of royalties, for obtaining and granting licenses, and for the purposes necessary for the management of the author’s works. In this case, we will comply with the safeguards and transfer criteria in accordance with the data protection legislation.

6. DATA SECURITY

Teosto processes your personal data in a secure manner and uses appropriate organisational and technical data security tools to protect your personal data. Databases 

used for personal data processing are protected by firewalls, passwords and other technical means. Databases and their backups are located in locked spaces. Manually processed documents containing personal data are stored in locked premises where access is monitored by access control. We ensure that only those workers and workers of those companies who work on behalf of Teosto, have access to such data that is necessary to carry out their duties. Teosto applies its own security policy in securing the data security, for more information (in Finnish): https://www.teosto.fi/teosto/artikkelit/tietoturvapolitiikka.

7. RIGHTS OF THE DATA SUBJECT

As a data subject, you have certain legal rights to influence the processing of your personal data. You can currently influence your data processing in ways listed below:

  • Checking, correcting and deleting data: You have the right to examine personal data stored on you. Upon request, for the purpose of processing, we correct, complete, or delete any faulty, incomplete or outdated personal data. If you have created online service IDs for Teosto’s online services, you can also update your data by signing in to the service. You have the right to request the removal of your personal data (“right to be forgotten”) on the basis of law. 
  • Withdrawal of consent: You can withdraw your consent at any time by contacting our customer service or other specially provided means such as clicking the link at the end of the message. Withdrawal of consent does not affect the legality of measures taken before the withdrawal. 
  • Transfer of data: By contacting our customer service you may have your personal data, which we automatically process on the basis of the consent or agreement, transferred. 
  • The right to object direct marketing and profiling: You can at any time prohibit the processing of your personal data for direct marketing and related profiling by clicking on the link at the end of the message or by contacting our customer service. Since Teosto does not actually engage in direct marketing, in the case of Teosto’s communications, the right of denial applies to Teosto’s communications that we carry out on a legitimate interest.
  • Objection and restriction right: Based on your personal situation, you may object processing that is based on a legitimate interest. For example, in such a situation, processing is limited for the duration of the evaluation of such grounds. The processing can also be limited when in example the data subject disputes the accuracy of the personal data, whereby the processing is limited to the period in which we can verify the accuracy of the data.   
  • Right to complaint: You can file a complaint at the authority if you consider that your data has been processed against this privacy policy and against any applicable law. The contact details of the supervisory authority can be found at www.tietosuoja.fi/en