NLA Media Access Privacy Policy

NLA Media Access Limited (“we” ”us” ”our” “NLA”) are committed to protecting and respecting your privacy.

This Privacy Policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which we collect, use and share information relating to identifiable individuals (“Personal Data”) in the course of our business activities.

Use the links below to find out more about the following topics:

For the purpose of the General Data Protection Regulation 2016/679 and the Data Protection Act 2018 and any subsequent legislation, the Controller of Personal Data is NLA Media Access Limited of Mount Pleasant House, Lonsdale Gardens, Tunbridge Wells, Kent, TN1 1HJ, registered on the data protection register of the Information Commissioner’s Office with registration number Z682309X.

Personal data we collect about you and the purposes for which we process it

We collect Personal Data about you if you:

Personal data we collect and use in other situations.

This includes information we obtain on CCTV at or in our offices. We process this information:

  • To maintain the security of our premises and staff.
  • For the establishment, exercise or defence of legal claims.

We will only process your Personal Data when we have a legal basis to do so. The Personal Data processing described in this Privacy Policy may be:

  • necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • For example:
      • maintaining and promoting our business by providing Licensees and MMOs with feedback opportunities;
      • where we need to contact you about a new or existing licence;
      • where we are renewing your licence;
      • meeting and complying with our accountability requirements and legal and regulatory obligations globally;
      • exercising our fundamental rights and freedoms, including our freedom to conduct a business and our (or our members’) right to property, and/or
      • other instances where we have carried out a legitimate interests assessment and have established a legitimate interest.
    • We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our or a third party’s legitimate interests. In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights. You have a right to object to such processing as explained in the Data Subject Rights section below.
    • ;or
  • necessary for entry into, or performance of, any licences or other contracts with you; or
  • necessary in order to comply with our legal obligations under certain laws; or
  • in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we may obtain from you from time to time).

Disclosure of your personal data

We share your Personal Data with third parties for the purposes described below:

  • With analytics and search engine providers that assist us in the improvement and optimisation of our site. Wherever possible, we share aggregated non-personal information, for example regarding the visitors to our Websites, traffic patterns and website usage.
  • In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
  • If NLA, or substantially all of its assets, are acquired by a third party, in which case Personal Data held by NLA will be one of the transferred assets.
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of NLA, our customers, or others.
  • With third parties who help manage our business and deliver our services. These include business partners, suppliers and sub-contractors.


Name Role Location of data processing
Ninestars IT support and project services India
Google Cloud Platform Software and cloud services Primarily UK. Where services are multi-region data may also reside in the EU
Microsoft Azure Software and cloud services Primarily UK. Where services are multi-region data may also reside in the EU
Cloudflare eClips Web Application Firewall Provider Global service – location is dependent on the location of the end-user consuming eClips.
Datadog Log storage and processing EU
Agilis Backup management UK
CTS Server management UK and EU
Tasman Server management UK and EU
Claranet Server management UK and EU


How we use your Personal Data to keep you up to date with our products and services

We may use your Personal Data to let you know about NLA’s products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you. Where we are required to obtain your consent before sending you marketing, we will do so.

You can ask us to stop direct marketing at any time – you can ask us to stop sending email marketing, by following the ‘unsubscribe’ link you will find on all the email marketing messages we send you. Alternatively you can email us at [email protected]. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

International transfers

We primarily operate in the UK. However, the Personal Data we collect or receive about you may be transferred to countries that are subject to different standards of data protection. We will take all appropriate steps to ensure that any transfers of your Personal Data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. We will only transfer Personal Data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end, we will obtain contractual commitments and assurances from them to protect Personal Data. Some of these assurances are well recognised certification schemes such as standard contractual clauses. You can ask us for more information about the specific safeguards we have explained here where Personal Data is transferred internationally by using the contact details at the end of this Privacy Policy.

Data Security

We have put in place appropriate security measures designed to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a need to know.

We have put in place procedures to deal with any suspected Personal Data breach.

Personal Data Retention Periods

We retain your Personal Data for varying periods of time in order to assist us in complying with legal, regulatory, tax, accounting or reporting requirements; to enable compliance with any requests made by regulators or other relevant authorities and agencies; to enable us to establish, exercise and defend legal rights and claims; and for other legitimate business reasons.

To determine the appropriate retention period for Personal Data, we consider the following criteria: the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


Our site is directed at an adult audience and we do not knowingly collect information from or about children.

Data Subject rights

You are entitled by law to the following rights in respect of your Personal Data.

Third party websites

Our Websites may, from time to time, contain links to and from the websites of other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

This page was updated 15 June 2023.


Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to [email protected]