The Irish Copyright Licensing Agency (ICLA) is a collective management organisation (CMO) representing literary authors and publishers in relation to the secondary licensing of their works, primarily in the educational sector. The organisation is not-for-profit, constituted as a company limited by guarantee. It is owned by its members, with control shared equally between authors and publishers. It is registered as a licensing body with the Controller of Patents Designs and Trade Marks, pursuant to section 175 CRRA. ICLA is also subject to the provisions of The European Union (Collective Rights Management) (Directive 2014/26/EU) Regulations 2016.
Personal Data and Privacy
In order for ICLA to fulfill its function as a CMO, we process personal data which relates to our rightsholders, as well as other stakeholders and contacts. ICLA is committed to maintaining the appropriate confidentiality, integrity and security of personal data that we process by complying with both our legal and ethical obligations in respect of data protection and privacy. This policy sets out the principles ICLA adheres to when processing personal data and outlines the operational aspects of our various data processing activities.
What personal data do we collect?
Personal data is any information relating to an identifiable living individual. We collect the following information about individuals:
In order to enable ICLA to develop and offer licensing schemes on behalf of its mandating rightsholders and to distribute shares of the resulting income to them, ICLA maintains a Rightsholder Database comprising the following information which may contain personal data:
Personal/contact information: names (including pseudonyms), gender, contact and address details, dates of birth and death.
Payment information: details of ICLA income, bank details, agent details and agent bank details.
Works information: details of editions for books and serial publications; series and episode details for TV and radio programmes; film titles.
Correspondence: information relevant to your specific enquiries.
Other: any other information you choose to provide to us.
The Rightsholder Database will include personal data of members who are beneficiaries of or representing beneficiaries of author’s estates.
Typically the information described above is provided to ICLA by rightsholders when they provide ICLA with a mandate (on behalf of themselves or others). However, in some cases, works information and contact information are obtained indirectly by ICLA for the purposes of identifying, locating and contacting writers to whom outstanding fees are owed. ICLA is under a legal obligation to do this (see What is the Legal Basis for ICLA Data Processing? below).
When you apply for and enter into a Licence agreement with ICLA:
- The information you give us may include the following: Your name and/or that of colleagues, postal address, premises name, premises address, the type of establishment, your position within the business or institution, email address, telephone number, ICLA ID number, licence details, number of employees/students, VAT details, Bank details, transaction history, and other information you may provide
- As a Licensee, you are obliged under your licence agreement and the European Union (Collective Rights Management) (Directive 2014/26/EU) Regulations 2016, to advise us of details of works used under the licence, such as the title of the work, author, publisher, number of pages, number of recipients, ISN identifier and any other information as required to identify the work.
In addition to the Members Database, ICLA also maintains a database comprising information (including name, address, contact details and business employer) provided by individuals from licensees, related organisations, industry stakeholders and other contacts.
ICLA is committed to fair and transparent processing and any individual requiring information as to where ICLA originated his/her personal data (including any public sources) may contact ICLA at any time.
WHAT DO WE DO WITH YOUR PERSONAL DATA?
ICLA will use the contact details supplied by rightsholders to provide them with information on distributions and to enable the exercise of their governance rights, by providing notices regarding company meetings and elections where approprit.
Contact details are also used to provide news and information about ICLA and its activities. Rightsholders can opt-out of receiving these notifications or change their preferences at any time using the ‘unsubscribe’ link provided in these emails or by contacting: email@example.com
Rightsholder banking details are used to make distribution payments.
ICLA uses data linking authors and their works for the purposes of submitting claims to the licensing bodies we work with in Ireland and overseas. Typically, this involves the exchange of data in the form of electronic files confirming schedules of works, publishers and authors that are represented by ICLA and, where relevant, the partner organisation.
ICLA uses data it has collected about authors (e.g. their locations and/or contact details) for the purpose of contacting the relevant authors to pay them their fees.
We use the contact details of individuals from related organisations, industry stakeholders and other contacts in the ordinary course of conducting our function as a CMO in accordance with applicable law and regulations.
From time to time, we may contact mandating and non-mandating rightsholders and other contacts to invite them to specific events relating to our function as a CMO. We take care to only invite individuals to events that are relevant to, and likely to be of interest to those individuals. If you do not want ICLA to contact you or would like to inform ICLA of your preferences regarding such contact, please contact: firstname.lastname@example.org
WHAT IS THE LEGAL BASIS FOR ICLA DATA PROCESSING?
By law, ICLA may only process personal data where it has a legal justification or requirement to do so.
In accordance with that law, ICLA processes personal data as described above because it is:
1) Necessary for the performance of our mandates with our rightsholders: and/or
2) Necessary for the purposes of ICLA’s legitimate interests, namely to fulfil its function as a CMO in accordance with applicable law and regulations and to conduct and manage our relationship with specific individuals. Where we use your personal data for ICLA’s legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests then we won’t use your personal data on this basis and may seek your specific consent, and/or
3) Necessary for compliance with its legal obligations.
As a CMO, ICLA is bound by the terms of The European Union (Collective Rights Management) (Directive 2014/26/EU) Regulations 2016 These regulations legally require CMOs to take the necessary steps to identify, locate and pay fees due to non-member rights holders.
ICLA would not be able to fulfil its function as a CMO as set out in its membership contract and in the manner required by applicable law and regulation without processing personal data as described in this policy.
If you have any concerns about our processing please refer to details of “Your Rights in Relation to Personal Data” below.
YOUR RIGHTS IN RELATION TO PERSONAL DATA
Individuals whose personal data we process have certain rights in respect of that data, including:
(1) RIGHT TO INFORMATION AND ACCESS
You have the right to request access to the information that we hold about you.
In accordance with data protection laws, members also have the right to receive a copy of any information we hold about them in connection with the performance of our contract with them. On request, ICLA will provide rightsholders with copies of their personal data in a convenient format (via electronic means or otherwise). Where technically feasible, ICLA will also meet any member’s request to transfer their data to a third party.
(2) RECTIFICATION, ERASURE, AND RESTRICTION
You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. In responding to such requests, ICLA will communicate to the individual concerned the impact of such restrictions or deletions, for example, on ICLA’s ability to carry out collections and distributions on their behalf.
ICLA takes reasonable steps to ensure that the personal data it holds about you is accurate and up-to-date and we will comply with any requests to rectify any inaccurate data we may hold about you.
ICLA relies on the accuracy of information provided by its rightsholders and will rectify any notified inaccuracies following a request by the individual concerned. Requests for access to information regarding personal, financial and works information should be made in writing to email@example.com or Distribution Manager, Irish Copyright Licensing Agency, 63 Patrick Street, Dun Laoghaire, Co. Dublin A96 WF25. Requests by members to make changes to their personal, financial and works information should be made by post or phone; in the latter case ICLA requires rightsholders to provide proof of their identity by answering security questions prior to making the changes.
(3) RIGHT TO OBJECT
You have the right to object to ICLA using your information on the basis of its legitimate interests and the right to ask us not to process your personal data for marketing purposes, where relevant (see “What do we do with your personal data?” section above).
ICLA is committed to respecting individuals’ rights. You may action your rights by contacting us using the details provided above and we will comply with your requests unless we have a lawful reason not to do so. ICLA will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.
HOW ICLA MIGHT SHARE YOUR PERSONAL DATA
ICLA will only share personal data with third parties in the following circumstances:
IRISH AND INTERNATIONAL CMOS
Data recording authors’ names and their works is passed on to CMOs in Ireland and overseas for the purposes of identifying the level of licence fees due to individual rightsholders.
SERVICE PROVIDERS AND SUPPLIERS
ICLA employs external IT consultants to provide support and development services in relation to ICLA’s systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
ICLA also uses third party providers to facilitate certain communications on its behalf, such as mail-outs providing notices of company meetings and elections, which requires them to access contact data. All such third parties are vetted by ICLA to ensure they provide adequate levels of security when processing data.
FINANCIAL REPORTING ON MEMBERS
At the end of the distribution process, ICLA submits various payment instructions to its bank detailing the relevant member’s bank account details and the amounts to be credited. In line with financial reporting regulations, ICLA is required to give full details of distributions to Revenue for any member paid more than €6,000 in the financial year. Details provided are: name, address, amount paid, VAT registration or PPSN.
The ICLA auditors are also given access to ICLA systems for the purpose of the audit only.
In some circumstance, ICLA may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect information from unauthorised access or processing.
ICLA will take appropriate technical and organisational measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access.
Bank account information is never returned fully to members in correspondence or remittance advice (account numbers are masked out, i.e. ****1111).
All paper mandate forms are scanned into electronic format and stored on a database which is password and firewall protected. The paper copies are stored under a double lock princple. On a daily basis members’ personal data is backed up to a secure location.
Data files shared by ICLA with third parties are password protected. Data stored on ICLA laptops and portable devices is encrypted. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, although ICLA strives to protect your personal data online, including through use of encryption and other measures, we cannot guarantee the security of any Internet communication or transmission. If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.
Prior to introducing new systems or technologies relevant to the processing of personal data, ICLA will undertake the necessary impact assessments with a particular focus on any associated risks.
HOW LONG DOES ICLA RETAIN PERSONAL DATA FOR?
ICLA will only retain personal data for as long as is necessary to provide our services or for as long as we reasonably require to retain the information for our lawful business purposes or comply with a statutory or other legal requirement. Please contact us if you require further information about our retention policies.
In the event of any breach of ICLA systems impacting on the security of a rightsholder or any other individual’s personal data, ICLA will inform the affected rightsholder(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law.
If you are unhappy with the way in which ICLA processes your personal data, please contact us using the information provided below. You also have the right to lodge a complaint before the Data Protection Commissioner, (DPC) the Irish data protection authority. Their contact details as are follows: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co Laois, R32 AP23, tel: 1890 25 22 31 or see their website.
Updating this Policy
From time to time we may change our data processing activities. We will notify you of any changes to this policy as required by law. We will also post an updated version on our website.
Last modification was made 29th May 2018.