UK GDPR privacy notice
Privacy Policy
A plain-English notice explaining what we collect, why we collect it, who helps us process it, and how you can use your rights.
Last updated: 18 May 2026. This notice applies to musiciansrights.org.uk, the member app, newsletter forms, member profiles, partnership applications and confidential story submissions.
Who We Are
Musicians Rights UK Limited is the data controller for the personal data described in this notice. We are an independent membership, education and access initiative for musicians in the UK.
For privacy questions, rights requests or consent withdrawals, contact team@musiciansrights.org.uk. We may ask for information to confirm your identity before acting on a request.
What We Collect And Why
We only ask for information that helps us run the membership, send requested updates, review applications, protect the service and understand the rights problems musicians are trying to prevent.
Confidential Stories
Story submissions may include sensitive details about disputes, finances, working relationships, health, discrimination or other difficult experiences. Please only share what you are comfortable sharing. We treat these submissions as private, do not publish personal contact details, and only use anonymised insights where you have given the relevant consent.
Marketing And Newsletter Consent
Newsletter sign-up is optional and requires an active opt-in. We do not add membership applicants to the newsletter unless they separately choose to receive updates. Every marketing email should include a way to unsubscribe.
Cookies, Storage And Similar Technologies
Essential only
We use essential cookies and local storage for secure sign-in, form protection, basic preferences and the privacy notice dismissal.
No optional tracking
We do not currently use optional advertising or analytics cookies on this website. If that changes, we will ask before setting non-essential tracking.
See the full cookie notice for current storage details, including Supabase authentication, Cloudflare Turnstile form security and Cal.eu booking links.
Who We Share Data With
We do not sell personal data. We use carefully chosen service providers where needed to run the website and membership:
- Supabase for authentication, database and member access control.
- Vercel for website hosting, deployment and operational logs.
- Resend or another configured email provider for transactional and newsletter emails.
- Cloudflare Turnstile where enabled, to reduce spam and abusive form submissions.
- Cal.eu when you choose to open the external booking page for a call.
Some providers may process data outside the UK. Where that happens, we expect appropriate safeguards such as UK adequacy arrangements, standard contractual clauses or equivalent transfer protections.
How Long We Keep Data
We keep personal data only for as long as we need it for the purpose collected, then delete, anonymise or archive it where appropriate. As a working guide:
- Newsletter records are kept until you unsubscribe, plus a limited suppression record to avoid emailing you again by mistake.
- Member profile and account data is kept while your account is active and for a reasonable period afterwards for administration, audit and legal reasons.
- Applications that do not become active memberships are reviewed periodically and removed or anonymised when no longer needed.
- Story contact details are kept only where relevant to review, follow-up consent or safety context; anonymised themes may be retained for education and advocacy work.
- Security, anti-spam and audit logs are kept for the shortest practical period consistent with service security and accountability.
Your Rights
Under UK data protection law, you can ask us to:
- Access a copy of the personal data we hold about you.
- Ask us to correct inaccurate or incomplete data.
- Ask us to delete data where we no longer need it or where consent has been withdrawn.
- Ask us to restrict processing in certain circumstances.
- Object to processing based on legitimate interests.
- Receive certain data in a portable format.
- Withdraw consent for newsletter, story follow-up or optional uses at any time.
You also have the right to complain to the Information Commissioner's Office. You can contact the ICO at ico.org.uk/make-a-complaint.
Children And Young People
Musicians Rights UK is built for musicians, creators and music professionals. If you are under 16, please involve a parent, guardian or trusted adult before creating an account, submitting a story or sharing contact details.
Security
We use access controls, row-level database protections, server-side form handling, anti-spam checks and administrative audit trails to protect personal data. No online service can guarantee perfect security, so we also limit what we collect and avoid optional tracking by default.
Changes To This Notice
We may update this notice when our services, providers or legal obligations change. Material changes will be reflected on this page with an updated date.