EnaruWhite-LabelBack to home
Legal

Privacy Policy

How enarumusic collects, uses, and protects your personal data. We are committed to full compliance with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (AVG).

Last updated: 1 January 2026

This Privacy Policy applies to enarumusic (“we”, “us”, “our”), operator of the enarumusic White-Label platform accessible at white-label.enarumusic.nl. We are the data controller responsible for your personal data as defined under the GDPR and AVG.

By using our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these terms, please do not use our services.

1. Who We Are

enarumusic is a music technology company registered in the Netherlands, providing white-label music distribution infrastructure for record labels and music distributors. For privacy-related enquiries, you can contact our data protection team at privacy@enarumusic.nl.

2. What Data We Collect

We collect the following categories of personal data depending on how you interact with our platform:

2.1 Account and Identity Data

  • Full name and business name
  • Email address
  • Password (stored as a cryptographic hash — never in plain text)
  • Country and business address
  • VAT number or business registration number (where applicable)

2.2 Platform Usage Data

  • Music releases submitted through the platform (titles, metadata, audio files)
  • Artist profiles created within your white-label portal
  • Royalty statements and revenue data
  • Support communications and correspondence

2.3 Technical and Analytical Data

  • IP address and general location data
  • Browser type, device type, and operating system
  • Pages visited and features used within the platform
  • Session duration and navigation patterns
  • Error logs and performance data

2.4 Communications Data

  • Email communications with our team
  • Support ticket contents
  • Early access request details

3. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

  • Performance of contract (Art. 6(1)(b) GDPR): To provide, operate, and maintain the white-label distribution platform; to process releases and deliver royalties; to manage your account and your artists' portals.
  • Legitimate interests (Art. 6(1)(f) GDPR): To improve our services, prevent fraud, ensure platform security, and conduct internal analytics to understand how our platform is used.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with financial record-keeping requirements, tax obligations, and other applicable laws in the Netherlands and European Union.
  • Consent (Art. 6(1)(a) GDPR): To send you marketing communications, product updates, and beta programme announcements where you have opted in. You may withdraw consent at any time.

4. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide you with our services. Specifically:

  • Account data is retained for the duration of your active account plus 3 years after account closure, in line with Dutch commercial law requirements.
  • Financial records and royalty statements are retained for a minimum of 7 years to comply with Dutch tax and accounting law (Belastingdienst requirements).
  • Support communications are retained for 2 years.
  • Analytics data is anonymised after 13 months.

When retention periods expire, your data is securely and permanently deleted or anonymised.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share data with trusted third parties only where necessary to operate the platform:

  • Music distribution partners: We share release metadata (not personal account data) with streaming platforms and stores (Spotify, Apple Music, TIDAL, etc.) solely to fulfil distribution.
  • Cloud infrastructure providers: We use industry-standard cloud providers for hosting. All processing agreements comply with GDPR Chapter V requirements.
  • Payment processors: If applicable, payment data is handled exclusively by PCI-DSS compliant payment processors. We do not store card data.
  • Analytics services: We may use privacy-respecting analytics tools. No data is shared with advertising networks.
  • Legal authorities: We may disclose data where required by law, court order, or a competent regulatory authority.

All third parties processing data on our behalf are bound by Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or transfers to countries with an EU adequacy decision.

7. Your Rights Under GDPR

As a data subject under the GDPR and AVG, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data where no legitimate legal basis for retention applies.
  • Right to restriction of processing (Art. 18): Request that we restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to object (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@enarumusic.nl. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Cookies and Tracking Technologies

We use strictly necessary cookies to operate the platform (session management, security). We also use optional analytics cookies to understand platform usage. You may manage your cookie preferences through your browser settings. We do not use advertising or tracking cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS 1.3), encrypted storage of sensitive data, access controls, regular security assessments, and strict internal data handling policies. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within the timeframes required by Art. 33–34 GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email or a prominent notice on the platform. The “last updated” date at the top of this document reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

enarumusic — Data Controller
Email: privacy@enarumusic.nl
General enquiries: white-label@enarumusic.nl