Privacy policy for authors of literary works

Privacy policy of the copyright holder register maintained by Sanasto.

Drafted: 15 May 2018
Updated: 20 March 2024

Sanasto ry (Business ID: 1981169-8)
Korkeavuorenkatu 30 A, 5th floor, 00130 Helsinki
+358 9 5629 3300
[email protected]

Ville Verronen, Legal Adviser, Sanasto ry
Korkeavuorenkatu 30 A, 5th floor, 00130 Helsinki
+358 50 305 8224
[email protected]

Sanasto’s copyright holder register

The personal data saved in the register will be used

• to establish and manage a client relationship
• to maintain data on works and authors
• to distribute royalty payments
• to allocate compensations for the performance and use of works
• to disclose the contact details of authors or copyright holders to parties enquiring about licences if Sanasto does not grant licences in the situations in question (the contact information is only provided with the author’s permission)
• to publish the author’s name or alias on the list of literary authors represented by Sanasto that is published on the Sanasto website (the author’s name or alias will only be published on the list with the author’s permission).

The register is composed of several sub-registers used for the same purpose. The following information on a data subject may be stored:

• name, address, personal identity code, business ID, telephone number, email address
• taxation details, bank’s contact information, possible debt recovery information
• information on customer relationship, IP address in online connections
• username and password
• beneficiaries
• aliases (names and pseudonyms used by authors to publish works)
• compensation history
• the work’s name and author information and author role (writer, translator, editor, illustrator)
• genres of literature represented by the author
• membership of a Sanasto member organisation

The data in the register is collected from the data subject, from the client contract and from other material provided by the data subject required for the management of the client relationship, from the authorities (e.g. the Tax Administration), from the controller’s member and sister organisations and from other cooperation organisations.

In addition to manual material, Sanasto’s online service, in which data subjects can maintain their own data, is also used for the collection of personal data. Data sent over the internet is always protected with a secure TLS network connection.

Data on the use of works is collected from reports on radio and television use, programme reports and other reports. Data on the use of works is also collected from information on lending compiled by libraries and notifications of the use of works from Sanasto’s licensing store and Sanasto’s other reports collected from users of literature.

Data in the register can be disclosed for notifications to the authorities (e.g. Tax Administration, Kela).

 

If the data subject has separately given consent in the client contract submitted to Sanasto or in Sanasto’s online service, the data subject’s basic information (name, address, numerical data, email address) and information on works may be disclosed to enable copyright permission to be obtained directly from the client in those use situations in which Sanasto does not grant licences. Information on authors and works may be disclosed to the controller’s member and sister organisations and other cooperation organisations in order to ensure the correct distribution of royalties and to improve the quality of the information on works in databases used in the field of literature.

The data subject’s basic information and information on works may also be transferred outside of the EU and EEA for the purposes mentioned in section 7.

Manual material is stored in locked premises in the controller’s premises and it is only used by Sanasto’s personnel.

Digitally stored data are protected with appropriate technological measures. Only Sanasto’s personnel and the system supplier’s designated employees have access to the register. A personal username and password are required to access the data. Sanasto requires all system suppliers to have appropriate information security and to commit to the principles of the Personal Data Act.

The data subject has the right to inspect the data concerning him or her that is stored in the register. The inspection is free of charge when performed once a year. If the data subject wishes to receive further information on the processing of his or her personal data, he or she may contact the above-mentioned person in charge of register matters. The inspection request must be made with a document that has been self-signed or similarly verified or in person from the controller.

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller.

The controller shall rectify, erase or complete the personal data contained in the register that is inaccurate, unnecessary, incomplete or outdated from the perspective of processing, either on his or her own initiative or upon the request of the data subject.

The request for rectification must be delivered in writing and undersigned to the address:

Sanasto, Korkeavuorenkatu 30 A, 5th floor, 00130 Helsinki

The request for rectification shall specify the data to which the request relates. The data subject also has the opportunity to personally correct inaccurate data that the data subject has detected in Sanasto’s online service.

The controller shall store the personal data for the duration of the data subject’s customer relationship. Personal data shall be deleted at the end of the customer relationship.

However, in deviation of the above, the data subject’s compensation history to ensure the correct distribution of royalties and the fact that the data subject has been a client of Sanasto shall be stored in the register. Data can also be stored for a longer period pursuant to the obligations of the Accounting Act or another applicable law.

A data subject has the right to lodge a complaint with the competent supervisory authority if he or she considers that the controller does not comply with the applicable data protection regulations in the processing of his or her personal data. The right to lodge a complaint shall be without prejudice to other administrative redress or legal remedies.