Privacy Policy
Last updated: September 8, 2025
Royaltyport B.V. ("Royaltyport," "we," "us," or "our") respects your privacy and is committed to securing and protecting personal data we process about you. This Privacy Policy covers our treatment of personal data whenever you access or use Royaltyport products, services, features, and technologies, including our website (the "Site"), platform, and any plug-ins that exchange information with Royaltyport (collectively, the "Services"). It also covers other interactions you have with Royaltyport and describes your rights and how to exercise them. The Site and Services are collectively referred to as the "Online Services."
By using the Online Services, you accept this Privacy Policy. If you have any questions or concerns, please contact privacy@royaltyport.com.
1. Roles and responsibility
Royaltyport provides the Services to companies and other legal entities for professional use (our "Subscribers"). Our Subscriber agreements govern delivery and use of the Services ("Subscriber Agreements").
This Privacy Policy applies when Royaltyport is the data controller responsible for processing personal data (for example, website visitors, marketing contacts, and admin users). It does not apply to any input submitted to, output generated by, or documents and data uploaded to our Services ("Content"). We process Content as a data processor on behalf of our Subscribers (who are the data controllers), and our processing of Content is governed by the relevant Subscriber Agreement and Data Processing Addendum. Any queries or rights requests regarding personal data contained in Content should be directed to the relevant Subscriber. If we receive a rights request in situations where we act as processor, we will forward it to the appropriate Subscriber.
Royaltyport may maintain links to other websites, and other websites may link to the Online Services. This Privacy Policy applies only to royaltyport.com, app.royaltyport.com, and associated subdomains, not to third-party websites that link to or from our Services.
2. What information we collect
2.1 Information you provide to us
We collect personal data you provide when you create an account or communicate with us, including:
User account information. We require every user of our Services to have an account. When you or your employer creates a Royaltyport account for you, we collect your name, email address, company, role, language preferences, and account credentials.
Communication information. When you contact us for customer support, feedback, or inquiries, we collect your name, email address, phone number, and any other information you provide so we can assist you. For quality assurance and training, we may monitor or record support calls and retain email communications. We may receive confirmations when you open or click content in emails from us to improve the usefulness of our communications.
Social media information. When you interact with our pages on platforms like LinkedIn, YouTube, and X, we may receive personal data you choose to share (e.g., contact details, comments). Platform operators may provide aggregate analytics regarding use of our social pages.
Survey and contest information. Participation is voluntary. We may request name, email address, mailing address, and your responses to measure satisfaction or administer activities.
Testimonial and review information. With your consent, we may display testimonials or reviews. You may contact us to update or delete your testimonial.
2.2 Information we automatically collect
When you visit, use, and interact with the Online Services, we collect certain information indirectly, including through automated means from your computer or device ("Technical Information"):
Log data. IP address, browser type and settings, date/time of requests, and how you interacted with the Online Services.
Device information. Device name, operating system, browser, referring/exit pages, date/time stamps, and clickstream information (depending on your device and settings).
Usage data. Features you use, actions you take, time zone, coarse location, dates/times of access, session duration, and types/volumes of queries you submit. We never collect or store Content except in accordance with the applicable Subscriber Agreement.
Cookies. Small text files that help identify your browser or device. We use:
- Essential cookies for secure login and core features (e.g., access to secure areas).
- Performance/Analytics cookies (which may include Google Analytics) to track pages visited and content accessed so we can improve our Site and Services. These primarily record aggregate/anonymous data but may capture limited identifiable information.
- Functional cookies to remember choices (e.g., language, region). Many are deleted when you close your browser or the session expires.
You can disable cookies or set alerts in your browser (Chrome, Safari, Firefox, Edge, etc.). Note that disabling cookies may limit functionality.
2.3 Information collected from third parties
We may receive information about you from security partners, marketing vendors, and event organizers. Our Subscribers may also provide information about you (e.g., to provision your user account). We may combine such information with data we collect from you and use it as described in this Privacy Policy.
2.4 Publicly available information
We may process publicly available information relevant to the music industry (e.g., works/recordings metadata, publishing and rights information). Some of this may relate to individuals and may be considered personal data in some jurisdictions. We process such data to provide more accurate and relevant Services and not to intentionally identify individuals for unrelated purposes. We may also collect publicly available business contact details about Subscribers and prospects (e.g., name, email, phone).
2.5 Aggregated information
We may aggregate personal data to analyze the effectiveness of our Services and to improve and add features. We may analyze general behavior and characteristics of users and share or publish aggregated statistics (e.g., usage trends) that do not identify individuals. We may collect aggregated information via the Services, cookies, and other means described here.
3. How we use your personal data
Royaltyport may use personal data for the following purposes:
- To provide, administer, maintain, and improve our Services
- To support you and respond to inquiries
- To remember preferences and customize the Services
- To communicate with you, including sending information or marketing about our Services and events
- To analyze effectiveness of our Services and develop new features
- To verify identity, prevent fraud and criminal activity, and ensure security of our IT systems and networks
- To prevent misuse and enforce our legal terms
- To comply with legal obligations and processes
- To protect Royaltyport's rights, privacy, safety, or property, and/or those of our affiliates, you, or third parties
| Purpose | Types of personal data | Legal basis (GDPR) | Data retention |
|---|---|---|---|
| Manage our relationship with you/your employer and deliver the Services (including service messages, not marketing) | From you/your employer: User account, Communication. From other sources: User account, Log, Device, Usage | Contract (Art. 6(1)(b)) | Until the relevant contracts terminate |
| End-user satisfaction surveys, market research, reviews | Survey/contest, Testimonial/review, and Technical Information | Legitimate interests (Art. 6(1)(f)) | Until the contract ends or survey purpose is met |
| Network and information security | User account, Technical Information | Legitimate interests (Art. 6(1)(f)) | For as long as you use the Services (or longer if necessary for security) |
| Product development and service improvement (analytics) | User account, Technical/Usage (aggregated/anonymized where possible) | Legitimate interests (Art. 6(1)(f)) | For as long as you use the Services (or as noted below) |
| Usage-based cost calculations with suppliers/Subscribers (anonymized where possible) | Usage data | Contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)) | Up to 6 months after usage period, or longer if required by law or to safeguard rights |
| Identity verification | User account, Technical Information | Contract (Art. 6(1)(b)) | While you use the Services |
| Sharing with recipients described in Section 4 (processors, affiliates) | All types in Section 2 | Varies (typically Contract, Legitimate interests, or Legal obligation) | For the period necessary to fulfill obligations or legal requirements |
| Deciding what marketing to show you (may constitute profiling) | Communication, Social media, Technical/Usage | Legitimate interests (Art. 6(1)(f)) | Until you opt-out |
| Direct marketing and marketing surveys | Communication, Social media, Technical Information | Consent (Art. 6(1)(a)) | Until you withdraw consent or opt-out |
| Protecting legal rights and defending claims | Any relevant categories in Section 2 | Legitimate interests (Art. 6(1)(f)) | For the period necessary to establish, exercise, or defend claims |
| Legal/financial compliance (e.g., tax, bookkeeping) | Account/billing and related | Legal obligation (Art. 6(1)(c)) | As required by law |
We do not sell or rent personal data.
4. With whom we share your personal data
We may share personal data with third parties (without additional notice unless legally required) in the following situations:
Affiliates. We may share personal data with entities within the Royaltyport corporate group (our "affiliates"), who will use it consistent with this Policy.
Vendors and service providers. To support our operations and provide certain services and functions (e.g., hosting, cloud and IT services, event management, email and newsletter services, advertising/marketing services, and web analytics), we share data with vendors under data processing agreements and documented instructions.
Third-party websites and services. Our Services may contain links to websites not operated or controlled by Royaltyport (including social networks). Your information on those sites is governed by their terms and privacy policies.
Other users (collaboration features). If your organization enables collaboration, certain actions you take (e.g., sharing projects, comments, or activity indicators) may be visible to other authorized users within your tenant.
Plug-ins and integrations. If you connect Royaltyport to external applications (e.g., document editors or data pipelines), those providers may receive information needed to enable the integration. Their use is governed by their own terms and privacy policies.
Business changes. In connection with a strategic transaction (e.g., sale, merger, reorganization, liquidation, or transition of service), personal data may be shared during due diligence and transferred to a successor or affiliate as part of the transaction.
Legal requirements. We may share personal data to comply with law or lawful requests (including national security or law enforcement requirements), protect and defend our rights or property, prevent fraud, protect users' or the public's safety, or protect against legal liability.
5. International transfers
We strive to process your personal data as close to you as possible. Data is processed and stored primarily within the EU/EEA. In certain situations (e.g., sharing within our group or with suppliers/subcontractors), your personal data may be transferred outside the EU/EEA.
When we do, we ensure a high level of protection consistent with applicable data protection laws:
- Adequacy decisions by the European Commission (where available).
- EU Standard Contractual Clauses (SCCs) with the recipient, plus assessments of local laws and supplementary technical and organizational measures where needed.
- EU–U.S. Data Privacy Framework (DPF) participation by U.S. recipients, where applicable.
- Derogations (Article 49 GDPR) in limited cases, such as your explicit consent or transfers necessary for the establishment, exercise, or defense of legal claims.
Your rights described in Section 6 are not affected by international transfers.
6. Your rights
Subject to applicable law (including the GDPR), you have the right to:
- Information and access. Learn how we process your personal data and request a copy.
- Rectification. Correct incomplete or inaccurate personal data.
- Restriction. Request restricted processing in certain cases (e.g., accuracy dispute, unlawful processing, or while we assess an objection).
- Object. Object to processing based on legitimate interests (Art. 6(1)(f) GDPR) based on your circumstances. We will stop processing unless we demonstrate compelling legitimate grounds. You may always object to direct marketing, and we will stop.
- Erasure (right to be forgotten). Request deletion in certain cases (e.g., the data is no longer necessary or you withdraw consent).
- Data portability. Obtain a machine-readable copy of certain personal data and transmit it to another controller (when processing is based on consent or contract and carried out by automated means).
- Withdraw consent. Where processing relies on consent, you can withdraw it at any time.
- Lodge a complaint. With your local supervisory authority; in the Netherlands, the Autoriteit Persoonsgegevens.
- Process and verification. We may verify your identity before acting on a request. You may submit a request through an authorized agent with written authority; we may still ask you to verify your identity directly. We will not discriminate against you for exercising your rights.
Please note that even after deletion, certain residual data may remain in backups or archives for a limited period under our retention policies and applicable law. Such data is isolated from routine processing until deletion is possible.
To exercise your rights, contact privacy@royaltyport.com.
7. How we keep your personal data safe
We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Measures include physical access controls, encryption (in transit and at rest), intrusion detection, and network monitoring, proportionate to the nature and risks of processing. For more details, see our Security Policy.
8. How long we store your personal data
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law:
- If you are a user covered by a Subscriber Agreement, we handle deletion consistent with that agreement.
- Personal data we must retain for legal obligations (e.g., tax/bookkeeping) is kept for the statutory period (typically 5–7 years, depending on the rule).
- Non-contract, contact-only data (e.g., ad-hoc inquiries with no ongoing relationship) is typically retained for ~3 months to manage follow-ups.
- Technical/log data is typically retained ≤ 12 months (unless needed for security or legal reasons).
- In limited cases, we may retain data longer to establish, exercise, or defend legal claims.
Having a legal obligation to store personal data does not permit us to use it for unrelated purposes. When data is no longer needed, we delete or anonymize it in line with our policies and applicable laws. If immediate deletion is not possible (e.g., data in backups), we securely store and isolate it from further processing until deletion is possible.
9. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. When updated, we will post the revised version on this page (or provide another form of notice if required by law or contract). By continuing to use the Online Services or providing personal data after we post an updated policy (or notify you by other means), you consent to the revised policy.
10. Contact us (Controller)
If you have questions about this Privacy Policy or any privacy matter, please contact privacy@royaltyport.com or write to:
Royaltyport B.V. (KvK/CCI 93894953, RSIN 866564238) — Statutaire zetel: Amsterdam
Visiting address: Parnassusweg 126, 1076 AT Amsterdam, Netherlands.