Privacy and Cookie Policy

Read below to learn more about the data we collect, how we process data, what we use it for and what rights you have as a data subject. You can read more about Gramex’ cookie policy and use of cookies on by scrolling down.

Privacy policy

Data controller

Gramex is the data controller for the processing of the personal data that we receive. When Gramex processes your personal data, we ensure that it is done confidentially, securely and in accordance with applicable law.

Gammel Kongevej 11-13
Phone +45 33 85 32 00
1610 Copenhagen V
CVR 51396715

Please contact us if you have questions about our processing of personal data.

Who does Gramex process personal data about?

Gramex processes personal data from:

  • Rightsholders
  • Customers, suppliers and stakeholders


What is the purpose of the collection of personal data?

  • To obtain payment on behalf of performing artists and record companies when their recorded music is played in public, cf. section 68 of the Danish Copyright Act
  • Membership service

What types of personal data do we process?

  • General information such as name, address, contact information, (work) email address, workplace, information about which recordings the rightsholders contribute to or have published as well as information about any heirs and proxies
  • Civil Registration Numbers (CPR number). CPR numbers are necessary to uniquely identify the right rightsholders/their heirs who is entitled to remuneration from Gramex
  • The legal basis for our processing of personal data: GDPR art. 6.1.c. (legal obligation). CPR numbers are processed in accordance with the Danish Data Protection Act, section 11, subsection 2, Nos. 1 and 3

How is personal data collected?

  • From the rightsholder, for example when a rightsholder submits a membership form or adds / changes information on the member site “My Gramex” or contacts us regarding a specific issue
  • From record companies when reviewing a new release
  • From agents or managers when they by proxy send us a rightsholder’s discography or make a claim on the rightsholder’s behalf
  • From Gramex’ customers when they report which music they have publicly played
  • From sister organizations abroad for the purpose of exchanging remuneration
  • From SCAPR’s international databases VRDB and IPD, see below, or
  • From public authorities, for example from CPR-Kontoret which administers the Civil Registration System

How long is the personal data stored?

  • As long as further processing is necessary, i.e. as long as the rightsholders’ copyright lasts plus 5 years in accordance with Gramex’ statutory accounting obligation to keep accounting and accounting material in a secure manner for 5 years from the end of the financial year in which the material regarding.

Personal data is transferred to:

  • Danske Bank/NemKonto. Payment of remuneration is made using NemKonto
  • Skat (Danish Customs and Tax Administration). Gramex is required by law to provide information on civil registration numbers in connection with reporting to Skat
  • CPR-Kontoret. We update our information on relocation and deaths via the Civil Registration System
  • Sister organizations abroad. Gramex exchanges information regarding played recordings with our sister organizations abroad with whom we have entered into an agreement. This means that the rightsholders also receive payment for their air plays outside Denmark and vice versa. You can find an overview of the organizations with whom we exchange information here
  • SCAPR. Gramex is a member of SCAPR, an international umbrella organization for organizations that manage rights on behalf of performers. Gramex transfers and receives information about Danish repertoire and rightsholders to and from SCAPR’s international databases VRDB and IPD, cf.
  • Agents/managers/sister organisations. In the event of double claims, Gramex exchanges contact information between agents/managers/sister organisations who claim the same remuneration for a release. Gramex has a legitimate interest in clarifying who the rights belong to, so that we can pay remuneration to the rightsholder/his or hers representative of the rights
  • Statistics Denmark.

Customers, suppliers and stakeholders

What is the purpose of the collection of personal data?

  • To obtain payment on behalf of performing artists and record companies when their recorded music is played in public, cf. section 68 of the Copyright Act
  • Customer service

What types of personal data do we process?

  • General information such as name, address, contact information, (work) email address and workplace

What is the legal basis for our processing of personal data?

  • Customers: GDPR art. 6.1.c (legal obligation) and art. 6.1.b. (contract). Suppliers and stakeholders: GDPR art. 6.1.f (legitimate interest)

How personal data is collected?

  • From the customer, the supplier and the stakeholder themselves

How long is the personal data stored?

  • As long as the contractual relationship/collaboration lasts, and when the contractual relationship/collaboration has ceased, as a starting point, 5 years after the most recent activity

Personal data is transferred to:

  • Statistics Denmark

Emails and newsletters

Mailings to members

Gramex sends identical emails to members that contain important information for you as a member of Gramex, for example information about payments, general annual meetings, introductory emails to new members, etc. This information is part of Gramex’ obligation under section 68 of the Danish Copyright Act and is in accordance with GDPR art. 6.1.b and 6.1.c, cf. the Danish Act on Collective Management of Copyright and Related Rights section 19, subsection 1, no. 2 and sections 15-16.


In addition, Gramex sends newsletters to those who have signed up for the newsletter. The newsletter is sent out per mail and contains news from Gramex and the music industry as well as interviews and stories from our members, customers, and the music industry.

When subscribing to Gramex newsletter, the name and e-mail address that you provide yourself is registered. The information is used solely to send you Gramex’ newsletter and is registered with Gramex’ data processor, which handles the sending of the newsletter. You can unsubscribe from the newsletter at any time. The legal basis for the processing of your personal data is GDPR art. 6.1.a.

Technically, we are able to see if the recipients have opened an email/newsletter and clicked on links. This involves the collection and processing of personal data about the recipients. However, we only use the information for statistical purposes to optimize our communication with the outside world. Gramex does not pass on your information to third parties, other than to our data processor, with whom we have a data processing agreement.

Subscribe  |  Unsubscribe

Security – how do we take care of personal data?

Gramex processes and stores personal data in closed internal systems with high focus on IT security. We have implemented appropriate technical and organizational security measures to protect your data against accidental or unlawful erasure, publication, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of the law.

We regularly check and update the personal data that is processed to ensure that it is correct and is not, for example, misleading. We delete personal data when they are no longer necessary and relevant and no longer fulfill the purpose for which the personal data was collected.

Gramex’ employees are instructed in how to process personal data, and internal guidelines have been adopted for what to do in the event of a breach of our personal data security.

Your rights

As registered with Gramex, you have some rights that we as the data controller have an obligation to fulfill. By contacting us at you can:

  • gain insight into what personal information we process about you
  • correct any insufficiencies and errors in your information
  • have the information we process about you deleted or restricted
  • object to our processing of your information
  • exercise your right to data portability.

If you, as the rightsholder, have signed up for the “My Gramex” login, you can always check what information you have submitted, as well as being able to update and change it.

If you wish to file a complaint over our processing of your personal data, you can also contact the Data Protection Agency.

Cookie policy

What is a cookie?

A cookie is a text file that is stored on your computer, mobile or similar for the purpose of recognizing it, remembering settings, and performing statistics. There is no personal information stored in our cookies and they cannot contain viruses. Virtually all websites use cookies.

The website’s use of cookies

Gramex registers your visits to our website using cookies. We use cookies to optimize our website to improve your experience of the website and for statistical purposes. We do not use marketing cookies.

The use of cookies takes place on the basis of your consent, which you may withdraw at any time by updating your consent settings at the bottom of this page and by deleting cookies.

How does Gramex use third-party cookies?

Cookies which Gramex does not place in your browser, but which we have given permission to other parties to place in your browser can be described as “third-party cookies”.

At we only use one third-party cookie. It is the web analytics tool Google Analytics to analyze how our users use the website. The information is registered with Google Analytics, which is Gramex’ data processor.

How to reject or delete your cookies?

If you do not want to accept any cookies, you can block all cookies and delete existing cookies from your computer, mobile or tablet. Be aware, however, that without cookies you may not be able to use all the features of the website.

You can refuse to use cookies on your computer by selecting the appropriate settings in your browser.

You can opt out of cookies from Google Analytics here.

You can delete your cookies in your own browser. Remember that if you use several internet browsers, you must delete cookies in all of them.

Updated August 3, 2021