NLA Media Access Privacy Policy
NLA Media Access Limited (“we” ”us” ”our” “NLA”) are committed to protecting and respecting your privacy.
This Privacy Policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which we collect, use and share information relating to identifiable individuals (“Personal Data”) in the course of our business activities.
Use the links below to find out more about the following topics:
- Personal data we collect about you and the purposes for which we process it
- The legal bases for processing your personal data
- Disclosure of your personal data
- Marketing
- International transfers
- Data security
- Personal data retention periods
- Children
- Data subject rights
- Third party websites
- Changes to this privacy policy
For the purpose of the General Data Protection Regulation 2016/679 and the Data Protection Act 2018 and any subsequent legislation, the Controller of Personal Data is NLA Media Access Limited of Mount Pleasant House, Lonsdale Gardens, Tunbridge Wells, Kent, TN1 1HJ, registered on the data protection register of the Information Commissioner’s Office with registration number Z682309X.
Personal data we collect about you and the purposes for which we process it
We collect Personal Data about you if you:
Register with or use one of our websites (collectively referred to as our “Websites”).
Personal data we collect and use if you use our Websites
We collect Personal Data about you when you fill in forms on our Websites. The Personal Data you give to us may include your name, address, e-mail address, and phone number.
With regard to each of your visits to our Websites we may also automatically collect Personal Data including:
- technical information, including the internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Websites (including date and time), products you viewed, search terms, page response times, download errors, duration of page visits, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
We collect and process this Personal Data for the following purposes:
- to administer our Websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Websites to ensure that content is presented in the most effective manner for you and for your computer; and
- as part of our efforts to keep our Websites safe and secure.
Use content which is subject to copyright or includes other intellectual property rights of the publishers we represent.
Personal data we collect and use if you use content which is subject to copyright or includes other intellectual property rights of the publishers we represent
As a licensing body, NLA is authorised by represented publishers to issue licences to organisations to permit copying from their publications and websites. NLA therefore processes Personal Data in order to research and ensure that organisations are properly licensed and investigate any actual or potential claims or infringements in relation to unlicensed use of copyright or other intellectual property rights.
The Personal Data we typically collect for these purposes includes name, work email address(es), work contact number(s) and job title. We collect and use such Personal Data from online sources (i.e. organisations’ own websites, LinkedIn profiles, etc) and from MMOs, to enable us to:
- research and discuss with you the appropriate licences that your organisation should hold;
- and detect and establish any instances of copyright (or other intellectual property) infringement.
Have a licence with us or are in the process of negotiating or renewing a licence for content which is subject to copyright (or includes other intellectual property rights) of the publishers we represent.
Personal data we collect and use if you have a licence with us or are in the process of negotiating or renewing a licence for content which is subject to copyright (or includes other intellectual property rights) of the publishers we represent. This applies whether you are a direct licensee (“Licensee”) or a Media Monitoring Organisation (“MMO”)
When entering into new, or renewing existing licences with us, we collect and use Personal Data about Licensees directly from Licensees themselves; from MMOs; and / or from online sources (for example, your organisations’ own website(s), Linked In profiles, etc). We also collect and use Personal Data about MMOs and their end users.
The Personal Data we typically collect for these purposes includes name, email address(es), contact number(s) and job title, together with financial information (and in exceptional circumstances, payment card information).
We use such Personal Data:
- To commence our relationship with Licensees and MMOs and deal with appropriate licence set up requirements, including accounts arrangements;
- To carry out our obligations and exercise our rights under licences granted to Licensees and MMOs;
- To notify Licensees and MMOs about changes to our services and licence terms;
- To contact Licensees and MMOs regarding renewals and to process any renewal requests; and
- For our own archiving purposes, as further described in the Personal Data Retention Periods section below.
Access one of our databases or Websites (such as eClips, ClipShare, Newspapers for Schools), including issuing, facilitating and updating credentials for such access.
Personal data we collect and use if you access one of our databases or websites (such as eClips, ClipShare, Newspapers for Schools), including issuing, facilitating and updating credentials for such access
- In providing access to NLA’s digitally sourced content to, for example, Licensees, MMOs, MMOs’ end users, publishers’ end users, photo agencies, we collect and use Personal Data (for example, name, contact number, and email address ) for the purposes of issuing, managing, facilitating and updating credentials for such access and will retain such credentials securely within our infrastructure.
Work with us as a business partner.
Personal data we collect and use if you work with us as a business partner
- If you work with us as a business partner or service provider (including, for example, other collective management organisations, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers), we will collect Personal Data from you, your representative and/or contact person such as your full name, job title, email address, phone number. We obtain such information directly from you. We use this Personal Data for the purposes of reviewing and assessing your suitability as a business partner or service provider and to meet obligations under any contracts we have with you.
Personal data we collect and use in other situations.
This includes information we obtain on CCTV at or in our offices. We process this information:
- To maintain the security of our premises and staff.
- For the establishment, exercise or defence of legal claims.
The legal bases for processing your personal data
We will only process your Personal Data when we have a legal basis to do so. The Personal Data processing described in this Privacy Policy may be:
-
necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- For example:
- maintaining and promoting our business by providing Licensees and MMOs with feedback opportunities;
- where we need to contact you about a new or existing licence;
- where we are renewing your licence;
- meeting and complying with our accountability requirements and legal and regulatory obligations globally;
- exercising our fundamental rights and freedoms, including our freedom to conduct a business and our (or our members’) right to property, and/or
- other instances where we have carried out a legitimate interests assessment and have established a legitimate interest.
- We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our or a third party’s legitimate interests. In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights. You have a right to object to such processing as explained in the Data Subject Rights section below.
- ;or
- For example:
- necessary for entry into, or performance of, any licences or other contracts with you; or
- necessary in order to comply with our legal obligations under certain laws; or
- in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we may obtain from you from time to time).
Disclosure of your personal data
We share your Personal Data with third parties for the purposes described below:
- With analytics and search engine providers that assist us in the improvement and optimisation of our site. Wherever possible, we share aggregated non-personal information, for example regarding the visitors to our Websites, traffic patterns and website usage.
- In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
- If NLA, or substantially all of its assets, are acquired by a third party, in which case Personal Data held by NLA will be one of the transferred assets.
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of NLA, our customers, or others.
- With third parties who help manage our business and deliver our services. These include business partners, suppliers and sub-contractors.
Sub-processors
| Name | Role | Location of data processing |
|---|---|---|
| Ninestars | IT support and project services | India |
| Google Cloud Platform | Software and cloud services | Primarily UK. Where services are multi-region data may also reside in the EU |
| Microsoft Azure | Software and cloud services | Primarily UK. Where services are multi-region data may also reside in the EU |
| Cloudflare | eClips Web Application Firewall Provider | Global service – location is dependent on the location of the end-user consuming eClips. |
| Datadog | Log storage and processing | EU |
| Agilis | Backup management | UK |
| CTS | Server management | UK and EU |
| Tasman | Server management | UK and EU |
| Claranet | Server management | UK and EU |
Marketing
How we use your Personal Data to keep you up to date with our products and services
We may use your Personal Data to let you know about NLA’s products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you. Where we are required to obtain your consent before sending you marketing, we will do so.
You can ask us to stop direct marketing at any time – you can ask us to stop sending email marketing, by following the ‘unsubscribe’ link you will find on all the email marketing messages we send you. Alternatively you can email us at [email protected]. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).
International transfers
We primarily operate in the UK. However, the Personal Data we collect or receive about you may be transferred to countries that are subject to different standards of data protection. We will take all appropriate steps to ensure that any transfers of your Personal Data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. We will only transfer Personal Data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end, we will obtain contractual commitments and assurances from them to protect Personal Data. Some of these assurances are well recognised certification schemes such as standard contractual clauses. You can ask us for more information about the specific safeguards we have explained here where Personal Data is transferred internationally by using the contact details at the end of this Privacy Policy.
Data Security
We have put in place appropriate security measures designed to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a need to know.
We have put in place procedures to deal with any suspected Personal Data breach.
Personal Data Retention Periods
We retain your Personal Data for varying periods of time in order to assist us in complying with legal, regulatory, tax, accounting or reporting requirements; to enable compliance with any requests made by regulators or other relevant authorities and agencies; to enable us to establish, exercise and defend legal rights and claims; and for other legitimate business reasons.
To determine the appropriate retention period for Personal Data, we consider the following criteria: the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Children
Our site is directed at an adult audience and we do not knowingly collect information from or about children.
Data Subject rights
You are entitled by law to the following rights in respect of your Personal Data.
Right to rectification.
You have the right to require that we rectify any inaccurate or incomplete Personal Data that we process about you.
Right to withdraw consent.
Typically we do not rely on your consent as a lawful basis to process your Personal Data. To the extent we do, then you have the right to withdraw your consent to such processing. You can withdraw your consent at any time by contacting us using the contact details set out below.
Right to make a subject access request (SAR).
You have the right to be provided with certain information about NLA’s processing of your Personal Data and access to a copy of your information (subject to exceptions).
Right to object to certain data processing
To the extent that NLA is relying upon the lawful basis of legitimate interests to process your Personal Data, then you have the right to object to such processing on grounds relating to your particular situation, and NLA must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where NLA needs to process your Personal Data for the establishment, exercise or defence of legal claims. Where NLA relies upon legitimate interests as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Right not to be subject to a decision based solely on automated processing, including profiling, which includes legal effects or similarly significantly affects you.
To the extent that we make decisions based solely on automated processing (i.e. with no human intervention), and our decision produces a legal effect concerning you, or similarly significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision-making process to protect your rights and freedoms.
Right to erasure.
You have the right to request that we erase your Personal Data in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which NLA is subject.
We will comply, unless the processing of your Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
Right to restriction of processing.
You have the right to request that we restrict our processing of your Personal Data but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
If this right applies, we will continue to store your Personal Data but will only further process it with your consent; for the establishment, exercise or defence of legal claims; to protect the rights of another person, or for reasons of important public interest.
Right to data portability.
In certain circumstances, you have the right to request NLA to provide a copy of your Personal Data in a structured, commonly used and machine-readable format and have it transferred to another provider where this is technically feasible. We do not consider that this right applies to our services. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s Personal Data which may still be retained for our legitimate and lawful purposes.
Right to lodge a complaint with the supervisory authority.
You also have the right to lodge a complaint with a data protection supervisory authority.
You can withdraw your consent to processing and exercise any of your other rights by sending an e-mail to [email protected] or writing to: Legal and Business Affairs Department NLA Media Access Limited, Mount Pleasant House, Lonsdale Gardens, Tunbridge Wells, Kent, TN1 1HJ. If you are requesting further information about our processing of your Personal Data or are seeking to exercise your right to access your Personal Data, please include a copy of your passport or other valid means of identification.
Third party websites
Our Websites may, from time to time, contain links to and from the websites of other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
Changes to our Privacy Policy
Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.
This page was updated 15 June 2023.
Contact
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to [email protected]