Privacy policy

RME privacy notice

Last updated September 2022.

We are RME US LLC, DBA at RME, and we are wholly owned by Pexeso Inc, DBA as Pex, a California company registered in Delaware. If you need to contact us about this privacy notice, please use the details set out in the ‘How to contact us’ section at the end of this notice.

 

This privacy notice tells you about how and why we use personal data in connection with providing the Attribution Engine.

What personal data do we collect?

‘Personal data’ is information about individuals or information from which individuals can be identified. We’ve set out below the broad categories of the personal data that we process in connection with the Attribution Engine.

User account information:

The Attribution Engine is used by rightsholders, representatives of rightsholders, and internet platforms on which audio, visual, and/or audio-visual work (Content) is displayed.

In the course of contracting with these customers and granting them (or employees acting on their behalf) access to the Attribution Engine, we collect the following personal data:

      • Contact details: name, email address, job title, company the user works for.
      • Account related information: username, password, IP address.
      • Correspondence: any information a user provides to us when they communicate with us.

Where we contract with a company, and you are a user accessing the Attribution Engine on its behalf, we may either collect this information from you directly or from the company that employs you.

Platform visitor information:

In the course of operating the Attribution Engine we collect the following personal data in connection with individuals that use our customers’ platforms:

      • Content usage information: IP address, and information in connection with Content consumed, including what Content is consumed and for how long and/or which parts of Content are consumed.

Due diligence information:

As part of our due diligence processes when contracting with new customers we may need to carry out some “Know Your Customer” (KYC) and “Know Your Business” (KYB) checks. We use a specialist third party providers to carry out these checks. Additionally, if rightsholders or platform users use our Attribution Engine to resolve disputes, KYC and/or KYB checks will occur to verify your identity. Third party KYC/KYB providers are independently responsible for the processing of any personal data they use or collect in carrying out these checks. We simply receive a notification that you (or the company you work for if you are an employee of one of our customers) has passed or failed these checks. Additionally, for purposes of the dispute resolution system, we will also receive your name, email address, and address, which are needed for this process. Lastly, if you are an individual rightsholder, the fact that you have or have not passed these checks will constitute your personal data.

Rightsholder information:

The Attribution Engine facilitates the management and licensing of Content on online platforms. To do this, we need to collect information on who the rightsholders of that Content are (for example, information on who created, featured in and owns the Content). The rights landscape in respect of Content is complex and there can be multiple rightsholders in respect of any one piece of Content. Where rightsholders are individuals, this information will constitute personal data.

If our customer is a company that a rightsholder has appointed to represent them and manage their Content and/or associated rights, we collect this information from that company. In some cases, we may collect rightsholder information from other trusted database sources. If you are an individual rightsholder with whom we contract directly, we collect your personal data directly from you.

Platform Content usage information:

The Attribution Engine processes information about the use of Content on internet platforms, which is used to enable rightsholders and platforms to calculate and account for royalties and licensing fees in respect of that use. Where this information is linked back to an individual rightsholder, this will constitute personal data.

Similarly, where this information relates to individual users of customer platforms, this will constitute personal data. Please see the ‘What personal data do we collect?’ section above for a description of personal data collected in connection with such Content usage.

Information on Content use is collected by technology incorporated in the Attribution Engine working in partnership with the internet Platforms on which Content is displayed.

Prospective customers’ data:

As part of our marketing campaigns from time to time we may identify potential customers and process their contact details to inform them of the Attribution Engine or other of our services we believe may be of interest to them. If you don’t want to receive marketing from us, you can let us know at any time by contacting us or by unsubscribing using the link in marketing emails we send to you.

Why do we use personal data?

The table below shows the various reasons why we use personal data.

Some of our customers are individuals based in the UK and EEA. To comply with data protection laws that apply to our use of their personal data we need to identify the ‘lawful basis’ we rely on for each use of their personal data. We’ve included this in the table, too.

Category of data Purpose Lawful basis
User account information To set up, administer and manage customer accounts. Where the customer is an individual rightsholder, necessary for the performance of our contract with the customer.

Where the customer is a company, our legitimate interests in fulfilling our contract with the company.

To respond to any communications from customers (or employees on their behalf), including customer support queries. Our legitimate interests in maintaining good customer relationships.
To send customers essential service messages about the Attribution Engine. Our legitimate interests and those of our customers, to keep them informed about important information they need to know about the service they have signed up for.
To manage rights claims and disputes. The legitimate interests of Pex and rightsholders to resolve disputes as to rights ownership.
Due diligence Information To undertake “Know Your Customer” / “Know Your Business” due diligence. Our legitimate interests, to prevent fraudulent behaviour.
Rightsholder information and Content usage information To enable the licensing of Content on internet platforms. Where the customer is an individual rightsholder, and we process their data, necessary for the performance of our contract with the customer.

Where the customer is a company, and we process the data of rightsowners, our legitimate interests in fulfilling our contract with the company.

To inform platforms we partner with or who are our customers of Content ownership so they can seek necessary licenses. The legitimate interests of Pex, rightsholders and platforms, to prevent copyright infringement and to facilitate licensing.
To inform rightsholders of the use of Content on internet platforms. Where the customer is an individual rightsholder, and we process their data, necessary for the performance of our contract with the customer.

Where the customer is a company, and we process the data of rightsowners, our legitimate interests in fulfilling our contract with the company.

To enable the calculation and payment of license fees for use of Content. Our legitimate interests in developing our business.
To identify and report on platform usage of Content. The legitimate interests of Pex and rightsholders to resolve disputes as to rights ownership.
To build up a database of Content metadata for ongoing internal analysis and marketing purposes. Our legitimate interests, to promote our company’s products and services.
To manage rights claims and disputes. The legitimate interests of Pex and rightsholders to resolve disputes as to rights ownership.
User account information and prospective customer information To send customers and potential customers marketing relating to our products and services which we believe may be of interest to them. Our legitimate interests, to promote our company’s products and services.
All categories of personal data To share with third party service providers we appoint from time to time. Our legitimate interests, to produce service efficiencies and to get the benefit of specialist products or services
To administer a sale or possible sale of the whole of or part of our business or the restructuring of our business. Our legitimate interests in facilitating any such possible or actual transaction or restructuring.
We may also process your personal data (a) to comply with a legal obligation we are under; and (b) for additional purposes in the future, but only if such purposes are compatible with those listed above.

 

In certain circumstances, you may be obliged to provide us with your personal data under a statutory requirement. This might include, but is not limited to, for tax and accounting purposes; and to enable us to fulfil our compliance and other obligations under relevant legislation or regulation. Failure to provide us with personal data required under a statutory requirement, or where we’ve indicated in the table above that it is necessary for our contract with you, may prevent us from entering into or performing our obligations under a contract with you or your company.

Who do we disclose personal data to?

Our customers and platform partners:

Where necessary for facilitating the licensing of Content, we disclose:

  • Rightsholder information to platforms that we partner with or who are our customers; and
  • Platform Content usage information to our customers who are rightsholders or who represent rightsholders.

Service providers:

We may disclose personal data to our service providers who need to process personal data to provide those services to us. Currently, we use a third-party data hosting provider, Microsoft Azure, to store data on our behalf. Azure’s servers are based in the USA and overseas, and we rely on Microsoft’s security arrangements for the security of data transfers.

We may from time to time engage other third-party service providers to act on our behalf. Where we do, and they will have access to personal data, we will include any contractual protections and undertake any due diligence that we deem necessary before disclosing any personal data to them in accordance with the data protection laws that apply to us.

Sale/restructuring:

We may disclose personal data that we process to third parties internationally in the context of a sale or possible sale of the whole of or part of our business or the restructuring of our business.

Other data sharing:

We may also disclose personal data to law enforcement agencies to assist with any investigations, when we bring a claim or defend ourselves against a claim that requires the disclosure of the personal data, and when we engage professional advisors.

International transfers:

We are a California company registered in Delaware, although we operate internationally.

We take steps to ensure personal data is protected irrespective of where in the world it is processed or transferred.

Where we process personal data of individuals based in the UK and EEA, by law we are required to ensure that they are afforded equivalent protection in respect of their personal data as they have in the country in which they are based. On a practical level this means that when we transfer personal data outside a country which is deemed to have an “adequate” data protection regime by the European Commission or UK government, we will put in place appropriate safeguards to protect personal data, such as contractual and other supplementary measures.

Data protection law also allows us to make transfers of personal data internationally without putting in place additional safeguards in certain, specific, limited situations, such as where the transfer is necessary for a contract with the individual concerned or a contract which is in the individual’s interests. The sharing of rightsholder information and platform Content usage information with customers and platforms which is necessary to facilitate licensing falls within that scope.

How long do we keep your personal data for?

We will retain your personal data for the period necessary to fulfil the purposes outlined in this privacy notice unless a longer retention period is required or permitted by law.

We retain user account information for as long as you (or the company you work for) hold an account with us. Once you (or the company you work for) no longer is a customer of ours we delete your account information. If we have reason to suspect a legal claim, we may hold personal data for longer, but in any event for no more than [7] years from when you cease being a customer of ours.

Our customers can delete rightsholder information and or platform Content usage information from their accounts. This will be deleted immediately from the live system but retained for up to 8 days in our data backups.

Please note that even if a customer deletes rightsholder information or platform Content usage information from its individual account, we will still retain a separate database of certain information. We will retain this information if it is necessary for the purpose of facilitating licensing (so, for the length of time the relevant Content is protected by copyright).

We retain information regarding users of customers’ platforms for as long as it is necessary for purposes of complying with our obligations under our contracts with our customers. We maintain details of customers or potential customers for marketing purposes for as long as there is a reasonable prospect of them benefiting from the services we offer. If you unsubscribe from our marketing communications at any time, we will maintain a record of your unsubscribe request and associate it with your email address to ensure you do not receive future communications.

Cookies:

We make minimal use of cookies – only using those that are necessary to ensure the security and functionality of your visit to our platform. Additionally, we use cookies to provide you, our users, with important notifications that confirm your choices and activity as to the management of your Assets. While we recommend keeping these notifications turned on to ensure a seamless experience, cookies controlling the delivery of these notifications can be disabled when you visit our platform.

UK and EEA citizens’ rights:

If you are an individual rightsholder based in the UK or EAA, you have the following rights under data protection legislation.

If you have any questions about your rights, or you wish to exercise any of these rights, please email data.protection@pex.com. We may require you to provide forms of identity should you wish to exercise one of your rights below.

Access: You are entitled to confirmation that we process your personal data and a copy of such personal data.

Rectification: If the personal data we hold about you is incorrect, you have the right for this to be rectified. You may also update your personal data through your account settings.

Erasure: You can request us to erase your personal data if there is no compelling reason to continue processing.

Restriction: You may request a restriction on the processing we undertake on your personal data. This will only apply if we have no lawful basis to process your personal data, your personal data is inaccurate or to comply with an objection request (see below).

Objection: You may object to our processing of your personal data if our processing is carried out on the basis of legitimate interests. Please note, however, that if we determine that our interests are so compelling as to override your objection, we may continue to process your personal data.

You may object to receiving direct marketing at any time.

Portability: You have the right to receive some of your personal data in machine readable format. This right extends to you being able to request that such data is sent to a third party.

Withdrawing consent: If the lawful basis we rely on to process your personal data is consent you have the right to withdraw this consent, although please note we generally do not rely on consent to process personal data.

Complaining to a supervisory authority: Further information about your rights can also be obtained from your national data protection regulator – in the UK, this is the ICO. Contact details or supervisory authorities in the EEA can be found here. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority, although we would ask that you contact us in the first instance.

Your right to be informed: You can contact us to find out more or to ask any questions you may have about our use of your personal data.

 

How to contact us:

No matter which country you are based in, if you have any questions about this privacy notice, how we use personal data or your rights in respect of your personal data, in the first instance, please contact us at team@rme.com.

We have representatives in the UK and EAA for data protection purposes. If you are based in the UK, or EEA you should contact our representatives. Their contact details are below.

 

UK Representative:

DataRep
107-111 Fleet Street
London, EC4A 2AB, United Kingdom

EU Representatives:

Austria DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland
Ireland DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden

If you are based anywhere else, please contact us via our email address: team@rme.com

Changes to this privacy notice:

We may update this privacy notice from time to time to make sure it is up to date. When we do, we will revise the “last updated” date at the top of the privacy notice. We’ll endeavor to make you are aware of material changes, but we suggest you also check this page from time to time to ensure you are up to date with our latest privacy practices.