UK GDPR privacy notice

Privacy Policy

A plain-English notice explaining what we collect, why we collect it, who helps us process it, and how you can use your rights.

Last updated: 18 May 2026. This notice applies to musiciansrights.org.uk, the member app, newsletter forms, member profiles, partnership applications and confidential story submissions.

Who We Are

Musicians Rights UK Limited is the data controller for the personal data described in this notice. We are an independent membership, education and access initiative for musicians in the UK.

For privacy questions, rights requests or consent withdrawals, contact team@musiciansrights.org.uk. We may ask for information to confirm your identity before acting on a request.

What We Collect And Why

We only ask for information that helps us run the membership, send requested updates, review applications, protect the service and understand the rights problems musicians are trying to prevent.

Purpose
Personal data
Lawful basis
Member accounts and applications
Name, email address, role, location, career stage, rights profile answers, membership status and account activity.
Contract or pre-contract steps where membership is requested; legitimate interests for administration, service improvement and abuse prevention.
Newsletter and member updates
Email address, consent record, source of sign-up and unsubscribe status.
Consent. You can withdraw consent at any time by unsubscribing or contacting us.
Confidential story submissions
The story you submit, optional name/email, consent choices, category, timing and follow-up preference.
Consent for optional follow-up or anonymised insight use; legitimate interests for reviewing themes and improving educational resources.
Partnership applications and bookings
Organisation name, contact details, website, audience information, partnership goals and call preferences.
Pre-contract steps and legitimate interests in assessing suitable musician-facing partnerships.
Security, anti-spam and service operation
Technical request data, IP-derived security signals, form challenge tokens, audit logs and limited hosting logs.
Legitimate interests and legal obligations to keep the service secure and accountable.

Confidential Stories

Story submissions may include sensitive details about disputes, finances, working relationships, health, discrimination or other difficult experiences. Please only share what you are comfortable sharing. We treat these submissions as private, do not publish personal contact details, and only use anonymised insights where you have given the relevant consent.

Marketing And Newsletter Consent

Newsletter sign-up is optional and requires an active opt-in. We do not add membership applicants to the newsletter unless they separately choose to receive updates. Every marketing email should include a way to unsubscribe.

Cookies, Storage And Similar Technologies

Essential only

We use essential cookies and local storage for secure sign-in, form protection, basic preferences and the privacy notice dismissal.

No optional tracking

We do not currently use optional advertising or analytics cookies on this website. If that changes, we will ask before setting non-essential tracking.

See the full cookie notice for current storage details, including Supabase authentication, Cloudflare Turnstile form security and Cal.eu booking links.

Who We Share Data With

We do not sell personal data. We use carefully chosen service providers where needed to run the website and membership:

  • Supabase for authentication, database and member access control.
  • Vercel for website hosting, deployment and operational logs.
  • Resend or another configured email provider for transactional and newsletter emails.
  • Cloudflare Turnstile where enabled, to reduce spam and abusive form submissions.
  • Cal.eu when you choose to open the external booking page for a call.

Some providers may process data outside the UK. Where that happens, we expect appropriate safeguards such as UK adequacy arrangements, standard contractual clauses or equivalent transfer protections.

How Long We Keep Data

We keep personal data only for as long as we need it for the purpose collected, then delete, anonymise or archive it where appropriate. As a working guide:

  • Newsletter records are kept until you unsubscribe, plus a limited suppression record to avoid emailing you again by mistake.
  • Member profile and account data is kept while your account is active and for a reasonable period afterwards for administration, audit and legal reasons.
  • Applications that do not become active memberships are reviewed periodically and removed or anonymised when no longer needed.
  • Story contact details are kept only where relevant to review, follow-up consent or safety context; anonymised themes may be retained for education and advocacy work.
  • Security, anti-spam and audit logs are kept for the shortest practical period consistent with service security and accountability.

Your Rights

Under UK data protection law, you can ask us to:

  • Access a copy of the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete data where we no longer need it or where consent has been withdrawn.
  • Ask us to restrict processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Receive certain data in a portable format.
  • Withdraw consent for newsletter, story follow-up or optional uses at any time.

You also have the right to complain to the Information Commissioner's Office. You can contact the ICO at ico.org.uk/make-a-complaint.

Children And Young People

Musicians Rights UK is built for musicians, creators and music professionals. If you are under 16, please involve a parent, guardian or trusted adult before creating an account, submitting a story or sharing contact details.

Security

We use access controls, row-level database protections, server-side form handling, anti-spam checks and administrative audit trails to protect personal data. No online service can guarantee perfect security, so we also limit what we collect and avoid optional tracking by default.

Changes To This Notice

We may update this notice when our services, providers or legal obligations change. Material changes will be reflected on this page with an updated date.