Privacy Notice


Last updated 6th November 2025


Alloy Music Ops. Ltd. t/a Alloy Sync Distro (“we” / “us” / “our”/“Alloy”) recognise the importance that individuals place on their privacy when they provide us with personal data; we are committed to- protecting and respecting the privacy of any personal data we process.


This policy (“Privacy Notice“) sets out the basis on which any personal data we collect from you or any third party about you, or that you provide to us, will be processed by us. In addition to this Privacy Notice, our website Terms Of Use sets out information relevant to your use of alloy.music, our sync rights platform, and/or any other Alloy services (individually and collectively, the “Platform”).


Additionally, when you visit or use any aspect of the Platform, we may send a cookie to your computer. A cookie is a text file containing a small amount of data that allows us to improve the functionality of our Platform and provide you with a tailored Platform experience. For further details on how we use cookies, please see our Cookies Notice, which forms part of this Privacy Notice.


Please read the following information carefully to understand our personal data collection, usage and disclosure practices and your rights in relation to the same.


1. Introduction and interpretation

2. Information we may collect from you

3. How we obtain information about you

4. How we use your information

5. How your information may be shared

5. Where and how your information is stored

6. Third party websites

7. Your rights

8. Complaints

9. Changes to this policy

 

1. Introduction and interpretation


1.1        For the purposes of this Privacy Notice, “UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, and “consent”, “controller”, “personal data”, “process”, “processing” “profiling”, and “third party” shall have the definitions prescribed to them under the UK GDPR. Where a user is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), references to the UK GDPR under this Privacy Notice shall be deemed to be references to the GDPR.


1.2         This Privacy Notice does not apply to our use of personal data where we act as an employer (save for the purposes of pre-employment and recruitment).


1.3         For the purpose of the UK GDPR, Alloy Music Ops. Ltd.  of C/O Harris And Trotter 1st Floor South, 101 New Cavendish Street, London, United Kingdom, W1W 6XH, acts as data controller in relation to personal data processed by it pursuant to this Privacy Notice.


1.4       If you have any questions, comments or complaints regarding this Privacy Notice or how we process your personal data, please contact us at data@alloy.music.


2. Information we may collect from you


2.1       During the course of providing our services and operating the Platform, we may collect various types of personal data about you, including:

  • personal identification information and employment details such as your name, age, employer and job role;
  • contact details such as your home or office address, e-mail address, and phone number;
  • log data and computer information when accessing the Platform, including  your Internet Protocol (“IP”) address and device information; and
  • any other personal data relevant to the work that we undertake (or plan to undertake) that you provide to us.

2.2  We do not proactively or knowingly collect special categories of data (including data regarding ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life or sexual orientation) or data relating to criminal convictions, and we will only process such data where you provide it to us voluntarily or where you have manifestly made such data public.


2.3  Please note that we do not collect or hold personal data relating to payment methods (including payment card information). Any personal data specifically required to facilitate payments on the Platform is processed by our third party payment processor, Stripe, in accordance with its privacy policy made available to you prior to any payment being made.


3        How we obtain information about you


3.1 We may collect or receive personal data about you in a number of different ways, including:


·        Where you, or other persons at your organisation, contact us (e.g. by phone, e-mail or otherwise) or provide personal data to us directly (e.g. in filling out a Platform subscription form). We may receive personal data about you via different communications channels, and we may keep a record of such data and/or of the correspondence in line with our data retention policy;


·         Where you or other users of the Platform provide us with personal data about you where it is relevant and connected to the provision (or envisaged provision) of our services or the Platform;


·        Where we monitor use of, or interactions with, our Platform, any marketing we may send to you, or other email communications sent from or received by Alloy; and


·       From publicly available sources – we may for instance gather personal data about you from public sources or from enquiries that we may make to ensure we hold accurate contact details about you.


3.2         Certain personal data about you will be created and logged automatically when you access the Platform. This is often referred to as “log data”, and includes but is not limited to:


·         technical information, including the type of device(s) you use, a unique device identifier, the IP address used to connect your device(s) to the Internet, network information, browser type and version, time zone setting, browser plug-in types and versions and your operating system and platform; and


·         information and details about your use of the Platform (including but not limited to traffic data; location data; weblogs and other communication data; the full Uniform Resource Locators (URL) clickstream to, through and from the Platform (including date and time); what you viewed or searched for; page response times, download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page).


3.3         We may receive personal data about you from other sources such as analytics providers and search information providers.


4. How we use your information


4.1       We will only use your personal data in connection with the provision of our services and the Platform, and at all times in compliance with applicable data protection laws, including the UK GDPR. Specifically, your personal data is only collected and processed by us where we have a lawful basis do so including where:


  • you have consented to the processing of your personal data;
  • we are required to process your personal data to comply with legal obligations which we are subject to;
  • it is necessary to enable us to defend, prosecute or make a claim against you, us or a third party;
  • it is necessary for us to process your personal data in order for us perform a contract we have entered into with you or to take steps (at your request) necessary to enter into a contract with you; or
  • in certain cases, where we have a legitimate business interest in processing your personal data (i.e. when it is essential for us to process your personal data to enable us to operate the Platform).

4.2         We may use your personal data in the following ways during the course of our business:


  • To provide our services to you and other Platform users. If you are subscribed to or are registered to use the Platform, we may process your data in order to deliver the services that you and other users have subscribed for, and to otherwise ensure that the Platform can be used in accordance with its intended purpose. The lawful bases we rely on are: contractual performance; legitimate interests (to provide our services and deliver the Platform); and/or consent. If you are not a subscriber or a registered user of the Platform, but we receive personal data about you in connection with delivering the Platform to our subscribers and registered users, we rely on the lawful basis of legitimate interests (to provide the Platform and our services to Platform users and subscribers) to process your personal data.

  • To maintain your account and to verify your identity. We may process your personal data during the course of a user account being created for or by you on the Platform, in order to verify your identity, and to otherwise to enable you to access the Platform on an ongoing basis. The lawful bases we rely on are: contractual performance; consent and/or legitimate interests (to ensure we can provide our services to you).

  • For marketing purposes. We may process your personal data in order to contact you about details of changes and updates to the Platform, industry news, information about Alloy and information about events where you have chosen to receive these. We will provide an option to unsubscribe or opt-out of further communications on all electronic marketing communications sent to you. The lawful bases we rely on are: legitimate interests (to keep you updated with information about us that we think will be relevant to you), and consent.

  • To facilitate a sale, restructuring or reorganisation of, any part of our business or its assets. In the event that we sell, restructure or otherwise reorganise our business, we may be required to disclose a limited amount of your personal data as part of any due diligence process to which we are subject. The lawful basis we rely on is: legitimate interests (in order to allow us to reorganise our business).

  • To develop and improve our business and services. We may process your personal data for research and development purposes to help us understand and enhance the quality of any services you receive and otherwise optimise the performance of the Platform. The lawful basis we rely on is: legitimate interests (to ensure the Platform operates effectively and to ensure that we can continue to provide you with a high quality service).

  • To ensure that the Platform and any advertising subsisting therein operates effectively. We may process your personal data to improve your experience on the Platform and to resolve any troubleshooting issues; undertake testing; improve our security; and monitor the effectiveness of any adverts displayed to you. The lawful bases we rely on are: legitimate interests (to ensure that you and other users are able to effectively use the Platform); contractual performance and/or consent.

  • To ensure we are paid for any services we provide. Where outstanding fees are owed to us in connection with services we have delivered to you (e.g. outstanding subscription fees), we may need to process your personal data to enable us to recover those funds owed to us. The lawful bases we rely on are: bringing and defending legal claims; contractual performance; and/or legitimate interests (to ensure we are fairly remunerated for our services).

  • For pre-employment and recruitment purposes. We may process personal data you provide to us in connection with possible employment opportunities with us (if you are subsequently employed by us, your personal data will be processed in accordance with our separate employee privacy policy). We will not process special category personal data in connection with our recruitment processes unless you voluntarily provide such personal data to us. The lawful bases we rely on are: contractual performance; and/or legitimate interests (to ensure we hire the right candidate for the job).

4.3        We do not use your personal data as part of any automated decision-making, including profiling, which produces legal or similarly significant effects concerning you.


5. How your information may be shared


5.1       We do not sell, share, or transfer your personal data except as set out in this Privacy Notice.


5.2      We may share your personal data with our selected business partners and third party service providers including:


  • our IT and technology support partner(s), including our cloud storage provider(s), digital infrastructure providers and payment service provider(s);

  • our accountants, auditors, lawyers , insurance brokers and other professional advisors;

  • our email processing and business software suppliers, including Salesforce;

  • analytics and search engine providers that assist us in the improvement and optimisation of the Platform;  and

  • to other users of the Platform, where you have permitted us to do so (or where you have otherwise intentionally shared such personal data with other users on the Platform).

5.3       Where necessary in the course of, and as part of, delivering the Platform, certain personal data about you may be visible to other users of the Platform. Such personal data will only be visible to other users if you have actively made such data publicly visible to other users, or have authorised a third party to do so. Your data subject rights in relation to such personal data remain unaffected.


5.4        Examples of situations where we may disclose your personal data to third parties include:


  • where we buy or sell any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

  • if we are, or substantially all of our assets are, acquired by a third party, in which case personal data held by us about our users will be one of the transferred assets; or

  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, or property, or safety, or those of others.

5.5      Other than as expressly set out in this Privacy Notice or as otherwise required or permitted by law, we will not share, sell or distribute any personal data you provide to us without your consent.


6. Where and how your information is stored


6.1      All personal data you provide to us is stored directly with reputable third party cloud storage provider(s). Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of personal data transmitted to us via the Platform or otherwise; any such transmission is always at your own risk. Notwithstanding the foregoing, we use strict procedures and security features, including appropriate technical and organisational measures to secure your personal data from accidental loss, damage or destruction or unauthorised access.


6.2         Notwithstanding the foregoing, we recognise that the data entrusted to us by our partners is highly sensitive and commercially valuable. Protecting it is our absolute priority, and the Platform has been designed with security and access controls at its core. Our Platform is built on Salesforce, which is recognised globally as one of the most secure enterprise cloud environments. Salesforce is ISO 27001, SOC 2, and GDPR compliant, and its security framework is trusted by the world’s largest banks, governments, and technology companies. All personal data is encrypted both in transit (when moving between your browser and Salesforce servers) and at rest (when stored in the database). This ensures that even if someone intercepted your data, it would be unreadable without the proper encryption keys. The Platform is not open to the public internet – only authenticated users with permissions can view content. Salesforce automatically applies rate limiting, bot detection, and monitoring to prevent automated scraping.


6. 3       During the course of the activities of our support partners, your personal data may be transferred to and stored at a destination outside the UK and/or European Economic Area (“EEA”). Any personal data transferred internationally will be subject to appropriate legally recognised safeguards, such as the Standard Contractual Clauses approved by the European Commission, to ensure the lawful transfer of your personal data outside of the UK and/or EEA. We take all reasonable and appropriate steps to ensure the privacy and security of any personal data transferred internationally (whether by us or our partners), and we only transfer personal data to third parties whom have provided us the necessary assurances and protections in respect of the security of your personal data.


6.4        We will store your personal data for as long as is necessary to fulfil the purposes for which it was originally collected, as explained in this Privacy Notice, and for any other permitted or connected purpose. The retention period may therefore vary for different types of data, depending on how and why it was gathered. The criteria we use to determine retention periods are based on good business practice and include (as examples):


  • where personal data is necessary for the performance of a contract, we will retain such personal data whilst we perform our obligations under that contract, and for a period thereafter in which that data may still be relevant for the purposes of dispute resolution, enforcement of rights under the contract, or where additional connected contracts are likely to arise;

  • where personal data is processed pursuant to your consent, and consent is withdrawn, we may delete the data immediately if we are unable to process that data on another legal basis, or we may cease processing and retain the data for a period if we have a need to keep it for dispute resolution or the enforcement of our rights; and

  • in certain cases, we may be legally obliged to hold personal data for a specific period of time, or to delete personal data at a certain time, including in accordance with the exercise of your rights as data subject as explained in this Privacy Notice.

7. Third party websites


7.1        The Platform may, from time to time, contain links to and from third party websites.  If you follow a link to any of these websites, please note that those websites have their own privacy policies and privacy practices. We do not control such third parties’ websites and as such do not accept any responsibility or liability for how these websites process or handle your personal data.  Please check these websites’ policies before you submit any personal data to these websites.


8. Your rights


8.1       In certain circumstances, the UK GDPR may provide you with the right (subject to certain exceptions) to:


  • request from us further details as to how your personal data is processed;

  • request from us a copy of any personal data we hold about you;

  • request that we rectify or complete your personal data, where it is inaccurate or incomplete for the purposes of our processing of the data;

  • request that we erase your personal data where we have no legal basis to continue processing that personal data;

  • request that we restrict how we process your personal data;

  • object to any processing that is based solely on our, or a third party’s legitimate interests, upon which event we shall suspend processing until we demonstrate legitimate purposes that justify that processing. We may however continue to use data for the purpose of establishment, exercise or defence of legal claims; and

  • withdraw your consent for future processing (where the processing is based on that consent).

8.2      We will always endeavour to support your rights as a data subject under paragraph 7.1 above, however the exercise of such rights shall at all times remain subject to certain exemptions set out at law and the rights and responsibilities we are subject to at law.


8.3        In line with the UK GDPR, we will comply with any valid request for personal data under the rights explained above within one month, though we may opt to extend this period by a further two months where necessary, taking into account the complexity and number of the requests you have made to us. This will normally be provided free of charge. If the request is manifestly unfounded, excessive or repetitive we may charge a reasonable fee or refuse to action the request.


8.4       If you withdraw your consent for us to process your personal data and we are unable to rely on another legal basis to process that personal data, we may be unable to offer certain benefits and services to you.


9. Complaints


9.1        You have the right to make a complaint about how we process your personal data to the Information Commissioner (the UK’s data protection regulatory authority):


https://ico.org.uk/concerns/


Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel: +44 303 123 1113


10. Changes to this policy


10.1        We may revise this Privacy Notice from time to time. Please check this page regularly to take notice of any changes we may have made.