Privacy Policy

I- Definitions:

For purposes of this Policy:

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation performed on Personal Data including collection, storage, use, disclosure, transfer, deletion, or analysis.
• “Controller” means the entity determining the purposes and means of Processing.
• “Processor” means the entity Processing Personal Data on behalf of a Controller.
• “Platform” means the cloud-based SaaS platform “Tiny House Music” owned and operated by THM SAL.
• “Clients” means rights holders, artists, composers, publishers, licensors, beneficiaries, or counterparties using or administered through the Platform.

II- Data Controller and Processor Operator:

Tiny House Music SAL (“THM SAL”) acts as the primary operator of the Platform and the principal Data Controller in relation to personal data collected through the Platform. THM SAL is responsible for the operation, maintenance, hosting, infrastructure management, and technical administration of the Platform, as well as for determining the purposes and means of processing personal data in connection with users’ access to and use of the Platform and related services.

In connection with the international administration of musical works and rights, THM SAL works in coordination with its affiliated company, Tiny House Music Ltd (“THM Ltd”), a company incorporated under the laws of England and Wales. THM Ltd provides publishing administration, royalty collection, payment processing, rights registration, compliance, and related operational services in connection with the global exploitation and administration of musical works and associated rights.

Accordingly, certain personal data collected through the Platform may be shared by THM SAL with THM LTD where reasonably necessary for the provision of publishing administration services, royalty processing, rights management, regulatory compliance, payment facilitation, dispute resolution, fraud prevention, or interactions with Collective Management Organizations (“CMOs”), digital service providers, financial institutions, payment processors, and other authorized industry participants.

THM SAL and THM LTD may, depending on the nature of Processing activities, act as independent controllers; joint controllers or controller and processor as defined under applicable data protection laws.

THM SAL and THM LTD process personal data strictly in accordance with applicable data protection and privacy laws and implement appropriate technical and organizational safeguards designed to ensure the confidentiality, integrity, availability, and lawful processing of personal data.

III- Personal Data we collect:

In connection with the operation of the Platform and the provision of publishing administration, royalty management, rights registration, payment processing, compliance, and related services, Tiny House Music SAL (“THM SAL”) and its affiliated company, Tiny House Music Ltd (“THM Ltd”), may collect, receive, store, use, process, and transfer certain categories of personal data relating to users, songwriters, composers, publishers, rights holders, representatives, business partners, and authorized platform users (subject to applicable legal requirements and restrictions):

The categories of personal data that may be collected and processed include, without limitation:

• Identification and account-related information, including full legal names, professional or stage names, usernames, account credentials, encrypted passwords, profile information, user account identifiers, publishing identification numbers, IPI/CAE numbers, tax identification numbers where required for compliance purposes, and other publishing-related identification metadata necessary for the administration, registration, verification, exploitation, and protection of musical works and associated rights.
• Contact and communication information, including email addresses, telephone numbers, business addresses, mailing addresses, billing addresses, contact preferences, customer support communications, and other information reasonably necessary to communicate with users, administer accounts, process payments, provide platform services, respond to inquiries, and fulfill contractual obligations.
• Financial, payment, and royalty administration information, including banking details, beneficiary information, royalty statements, payment records, payout instructions, invoicing information, transaction histories, withholding tax information, tax residency information, tax forms, accounting records, and other financial data required for royalty processing, publishing administration, audit compliance, payment facilitation, fraud prevention, financial reporting, and the lawful administration of rights and revenues.
• Technical, operational, and device-related information generated through the use of the Platform, including IP addresses, browser types and versions, operating systems, device identifiers, login records, authentication records, access timestamps, session logs, API usage data, cookies, usage analytics, crash reports, system activity logs, security monitoring information, and other technical information reasonably necessary to maintain platform integrity, monitor performance, prevent unauthorized access, ensure cybersecurity, investigate suspicious activity, and improve the functionality and security of the Platform.
• Rights management and publishing-related information, including musical works metadata, songwriter and composer information, publishing ownership splits, contributor shares, ISWC identifiers, ISRC identifiers, licensing information, cue sheet information, collection society affiliations, royalty allocation data, copyright registration information, publishing administration records, contractual rights information, and other metadata necessary for the registration, administration, collection, exploitation, licensing, monitoring, and protection of musical works and related intellectual property rights worldwide.

IV- Why do we process Personal Data?

Tiny House Music SAL (“THM SAL”) and, where applicable, its affiliated company, Tiny House Music LTD (“THM LTD”), may process personal data for legitimate business, contractual, operational, legal, regulatory, technical, security, publishing administration, and royalty management purposes in connection with the operation of the Platform and the provision of related services.

Personal data may be collected, used, stored, analyzed, transmitted, and otherwise processed for the following purposes:

• Publishing Administration and Rights Management: To administer, register, manage, monitor, protect, exploit, and enforce musical works and associated rights worldwide, including the management of publishing ownership information, royalty participation data, copyright registrations, licensing activities, collection society registrations, and related publishing administration functions.
• Royalty Processing and Financial Administration: To calculate, reconcile, process, allocate, audit, verify, report, and distribute royalties and other payments arising from the exploitation of musical works and associated rights, including the processing of financial transactions, payment instructions, tax documentation, withholding obligations, accounting records, and royalty statements.
• User Authentication and Account Administration: To create, authenticate, secure, maintain, administer, and manage user accounts and platform access credentials, including identity verification, account security monitoring, password management, access control, user authorization, login authentication, and platform access administration.
• Operation, Maintenance, and Improvement of the Platform: To operate, maintain, monitor, support, troubleshoot, improve, develop, optimize, secure, and enhance the functionality, performance, reliability, and user experience of the Platform and related systems, infrastructure, APIs, databases, integrations, and technical services.
• Performance of Contractual Obligations: To perform, administer, and enforce contractual obligations arising under publishing agreements, platform terms, licensing arrangements, royalty administration agreements, service agreements, payment arrangements, and other commercial or legal relationships entered into with users, rights holders, business partners, and authorized representatives.
• Fraud Prevention, Security, and Cybersecurity: To detect, prevent, investigate, mitigate, monitor, and respond to unauthorized access, fraudulent activities, suspicious behavior, security incidents, cybersecurity threats, abuse of the Platform, intellectual property infringement, money laundering risks, and violations of applicable laws, regulations, contractual obligations, or platform policies.
• Regulatory, Legal, and Compliance Purposes: To comply with applicable laws, regulations, court orders, governmental requests, industry requirements, tax obligations, anti-money laundering requirements, sanctions compliance obligations, data protection laws, financial reporting obligations, copyright regulations, and other legal or regulatory requirements applicable to THM SAL, THM LTD, or their respective operations.
• Financial Reporting and Accounting: To maintain financial records, accounting documentation, audit trails, transaction histories, internal controls, operational reporting systems, tax records, and other financial and administrative documentation necessary for lawful business operations, royalty administration, compliance, and corporate governance purposes.
• Analytics, Research, and System Optimization: To analyze usage trends, monitor platform activity, generate statistical reports, improve operational efficiency, conduct internal research, enhance security measures, optimize workflows, develop new features, and improve the performance and reliability of the Platform and related services.
• Legal Claims and Regulatory Requests: To establish, exercise, protect, defend, investigate, or enforce legal rights, contractual rights, intellectual property rights, regulatory obligations, or claims arising in connection with the Platform, publishing administration activities, royalty administration, commercial operations, disputes, investigations, audits, litigation, arbitration, or governmental and regulatory requests.

V- Legal Basis for Processing:

Tiny House Music SAL (“THM SAL”) and, where applicable, Tiny House Music LTD (“THM LTD”), process personal data only where a valid legal basis exists under applicable data protection and privacy laws, including the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”), and other applicable legislation.

Depending on the nature of the processing activity and the relationship with the user, personal data may be processed on one or more of the following legal bases:

• Performance of a Contract: Processing may be necessary for the performance of contractual obligations entered into between the user and THM SAL, including publishing administration agreements, royalty administration services, payment processing arrangements, platform terms of service, licensing arrangements, account administration, and related operational activities.
• Legitimate Business Interests: Processing may be necessary for the legitimate business interests pursued by THM SAL and THM LTD, provided that such interests are not overridden by the rights and freedoms of data subjects. Such legitimate interests may include operating and improving the Platform, rights administration, fraud prevention, cybersecurity, platform security, financial administration, analytics, operational management, dispute resolution, enforcement of contractual rights, intellectual property protection, and the lawful administration and exploitation of musical works and associated rights.
• Compliance with Legal Obligations: Processing may be necessary to comply with legal, regulatory, accounting, tax, anti-money laundering, sanctions compliance, copyright, financial reporting, and other statutory or regulatory obligations applicable to THM SAL, THM LTD, their affiliates, or authorized service providers.
• Consent: Where required by applicable law, THM SAL may obtain the user’s consent prior to processing certain categories of personal data, including where consent is required for marketing communications, non-essential cookies, analytics technologies, or other processing activities requiring affirmative authorization. Users may withdraw consent at any time, subject to applicable legal or contractual limitations.

VI- International Transfers of Personal Data:

Due to the international nature of the Platform and the global administration of musical works and rights, personal data may be transferred, accessed, processed, or stored in jurisdictions outside the user’s country of residence, including jurisdictions that may not provide the same level of data protection as the United Kingdom or the European Economic Area.

Where international transfers of personal data occur, THM SAL and THM Ltd shall implement appropriate safeguards designed to ensure that personal data remains adequately protected in accordance with applicable data protection laws. Such safeguards may include contractual protections, data transfer agreements, standard contractual clauses, access controls, encryption measures, confidentiality obligations, and other legally recognized transfer mechanisms where applicable.

Accordingly, Personal Data may be transferred internationally between Tiny House Music SAL (“THM SAL”), Tiny House Music LTD (“THM LTD”), and authorized third-party service providers where reasonably necessary for publishing administration, royalty administration, payment processing, platform operations, compliance activities, technical support, fraud prevention, cybersecurity, and related legitimate business purposes.

Where required under applicable data protection laws, THM SAL and THM LTD shall implement appropriate safeguards designed to ensure that Personal Data remains adequately protected during international transfers. Such safeguards may include, without limitation:

• Standard Contractual Clauses (“SCCs”);
• contractual data protection obligations;
• encryption and pseudonymization measures;
• access restriction and authentication controls;
• technical and organizational security measures;
• data minimization procedures;
• adequacy decisions or equivalent lawful transfer mechanisms recognized under applicable data protection laws, including the UK GDPR and EU GDPR where applicable.

VII- Data Retention:

THM SAL and THM Ltd retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including for the purposes of rights administration, royalty processing, contractual performance, dispute resolution, legal compliance, accounting obligations, fraud prevention, enforcement of legal rights, and operational continuity.

Retention periods may vary depending on the nature of the personal data, the applicable contractual relationship, legal or regulatory obligations, industry standards, accounting requirements, limitation periods, and legitimate business needs.

Where personal data is no longer required for the purposes for which it was collected, such data may be securely deleted, anonymized, archived, or otherwise disposed of in accordance with applicable laws and internal retention policies.

VIII- Rights of Data Subjects:

Subject to applicable law, users may have certain rights regarding the processing of their personal data, including the right to:

• request access to personal data;
• request correction or rectification of inaccurate data;
• request deletion or erasure of personal data;
• request restriction of processing;
• object to certain forms of processing;
• request portability of personal data where applicable;
• withdraw consent where processing is based on consent;
• lodge complaints with a competent supervisory authority.

Requests relating to personal data rights may be submitted using the contact information provided in this Privacy Policy. THM SAL may request reasonable verification of identity prior to responding to such requests in order to protect user privacy and platform security.

IX- Cookies, Analytics and Tracking Technologies:

The Platform may use cookies, log files, analytics technologies, device identifiers, and similar tracking technologies to operate, maintain, secure, improve, and optimize the Platform and related services.

Such technologies may be used to:

• maintain user sessions;
• authenticate accounts;
• monitor platform performance;
• analyze usage patterns;
• prevent fraud and unauthorized access;
• improve user experience;
• generate operational analytics;
• support security and infrastructure integrity.

Where required by applicable law, users may be provided with options to manage or disable certain cookies or tracking technologies through browser settings or platform consent management tools. Certain functionalities of the Platform may be limited if such technologies are disabled.

X- Data Security:

THM SAL implements commercially reasonable technical, administrative, organizational, and security measures designed to protect Personal Data against unauthorized access, unlawful or accidental processing, destruction, loss, misuse, disclosure, alteration, corruption, cybersecurity threats, and other unauthorized activities.

Such measures may include, without limitation:

• encryption technologies for data in transit and, where appropriate, data at rest;
• authentication and identity verification systems;
• role-based access controls;
• logging, monitoring, and audit trail systems;
• network security protections;
• vulnerability assessments and security testing procedures;
• incident detection and response protocols;
• security reviews and internal access management procedures;
• backup, recovery, and disaster recovery systems;
• segregation of testing and production environments where applicable.

THM SAL and THM Ltd regularly review and evaluate security measures in light of evolving operational, technological, regulatory, and cybersecurity developments. However, notwithstanding commercially reasonable safeguards, no transmission, storage, or electronic system can be guaranteed to be completely secure or immune from unauthorized access, misuse, interruption, or cybersecurity incidents.

XI- Data Breaches and Security Incidents:

In the event of an actual, suspected, or reasonably likely Personal Data breach, cybersecurity incident, unauthorized disclosure, or security compromise affecting the Platform or related services, THM SAL shall take commercially reasonable measures to promptly investigate, contain, mitigate, assess, document, and remediate the incident in accordance with applicable laws and internal security procedures.

Where required by applicable law, THM SAL and/or THM LTD may notify affected individuals, regulatory authorities, business partners, or relevant stakeholders within legally required timeframes.

THM SAL and THM LTD shall reasonably cooperate with one another in connection with incident response activities, remediation efforts, compliance obligations, forensic investigations, regulatory communications, and mitigation procedures relating to any applicable security incident or Personal Data breach.

The allocation of liability, operational responsibilities, and indemnification obligations between THM SAL and THM LTD in connection with security incidents shall be governed by separate intercompany arrangements and applicable contractual obligations.

XII- Third-Party Services and Integrations:

The Platform may interact with, integrate with, or transmit information to third-party service providers, including but not limited to:

• Collective Management Organizations (“CMOs”);
• payment processors and financial institutions;
• analytics and infrastructure providers;
• digital service providers (“DSPs”);
• cloud hosting providers;
• identity verification providers;
• external APIs and technical integrations;
• compliance and fraud prevention providers.

Such third parties may independently collect, receive, store, process, or transmit Personal Data in accordance with their own privacy policies, contractual obligations, and applicable legal requirements. THM SAL does not control the independent privacy practices of third-party providers except where required by applicable contractual or legal obligations.

XIII- Children’s Data:

The Platform and related services are not directed toward individuals under the age of eighteen (18), and THM SAL does not knowingly collect Personal Data from minors without appropriate legal authorization, parental consent, or other lawful basis where required under applicable law.

If THM SAL becomes aware that Personal Data has been collected from a minor in violation of applicable laws or platform policies, commercially reasonable steps may be taken to delete, restrict, or otherwise remediate such data as appropriate.

XIV- Amendments and Updates:

THM SAL reserves the right to modify, amend, supplement, or update this Privacy Policy from time to time in order to reflect operational, legal, technical, regulatory, commercial, or organizational developments.

Updated versions of this Privacy Policy shall become effective upon publication on the Platform unless otherwise required by applicable law. Continued use of the Platform following publication of an updated Privacy Policy may constitute acknowledgment of the revised terms where permitted by applicable law.

XV- Contact Information:

For privacy-related inquiries, requests, notices, complaints, or data protection matters, users may contact: