Back to home

Legal

GDPR Compliance

Last updated: April 2026

Roster is GDPR Compliant

We are fully compliant with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR where applicable. Protecting your data and your artists' data is central to how we operate.

Our Commitment

KDYN MUSIC LIMITED takes data protection seriously. As a platform that handles sensitive financial and artist data on behalf of music industry professionals, we have built GDPR compliance into the foundation of how Roster operates.

Data Controller

KDYN MUSIC LIMITED acts as the data controller for all personal data collected through the Roster website and platform. When you use Roster to manage your artists, you act as the data controller for your artists' personal data, and Roster acts as your data processor.

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by UK GDPR Article 6:

  • Contract (Article 6(1)(b)) — processing necessary to provide the Roster service to you
  • Legitimate Interests (Article 6(1)(f)) — product analytics and platform improvement
  • Legal Obligation (Article 6(1)(c)) — where required by applicable law
  • Consent (Article 6(1)(a)) — for optional marketing communications

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request a copy of the data we hold about you.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data.

Right to Restriction

Limit how we process your data.

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, contact us at legal@rosterroyalties.com. We will respond within 30 days.

Data Storage and Security

All data is stored on secure servers provided by Vercel, with infrastructure in the European region where possible. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction.

Data Processors

We use the following third-party data processors, all of whom are contractually bound to GDPR-compliant data handling:

  • Stripe — payment processing (EU/UK GDPR compliant)
  • PostHog — product analytics (self-hostable, EU GDPR compliant)
  • Vercel — cloud infrastructure and hosting

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware, and affected individuals without undue delay.

Complaints

If you have concerns about how we handle your data, please contact us first at legal@rosterroyalties.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Contact

KDYN MUSIC LIMITED
1 Pancras Square, London, N1C 4AG
legal@rosterroyalties.com