FMTS Privacy Policy

Solutions
- Solutions
- Monitor
  Find your stolen content quickly, anywhere across the piracy landscape
- Identify
  Identify the sources of piracy and stop content theft at the source
- Disrupt
  Disrupt and stop pirate operations, and win back revenue
Technology
For you
- For you
- Broadcast & Pay TV
  Fight against the theft of premium linear content
- Content Owners
  Protect your rights, safeguard your revenues
- Streaming / OTT
  Highly effective protection where you need it most
- Live Sports
  The #1 anti-piracy solutions for live content
- VOD
  Premium content deserves premium protection
Insights
- Insights
- Blog
  The latest insights and analysis
- News
  The latest press releases, articles and news
- Resources
  The latest videos, white papers, and research
Case studies
About
- About
- Leadership
  Meet the Friend MTS Executive Team
- Careers
  Join our amazing teams & help stop piracy
  - Current vacancies
Contact

Friend MTS Privacy Notice

We take your privacy very seriously. Please read this privacy notice carefully because it gives you important information about us and how we collect and use your personal data through your use of www.friendmts.com (Site) or when you interact with us in any other way (unless you are one of our employees or are applying for a job with us, in which case our employee data protection notice applies instead).

This notice also explains your rights in relation to your personal data, including your right to complain directly to us, and how to contact us or a supervisory authority if you have a complaint.

Children

This Site is not intended for children and we do not knowingly collect data relating to children through it.

Third party sites

This Site may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third party websites and are not responsible for their privacy statements. When you leave this Site, we encourage you to read the privacy policy of every website you visit.

Who we are

When we refer to “Friend MTS”, “FMTS”, “we”, “us” or “our”, we mean the Friend MTS group entity that controls and is responsible for your personal data. This notice applies to Friend MTS Limited and Friend MTS (US) Inc. (together, FMTS Group). We may add to this list as our business develops, and information may be shared between FMTS Group entities for the purposes set out in this notice.

Friend MTS Limited, incorporated in England and Wales with registered number 03513618 and registered office at 177 Shaftesbury Avenue, London, England, WC2H 8JR, is the controller responsible for this Site. A reference in this notice to the contract we have with you is a reference to the contract between you and the relevant FMTS Group entity you have contracted with.

FMTS operates internationally. Where local data protection law applies to our processing of your personal data, supplementary information may apply and is available on request.

Our Head of Legal is responsible for overseeing our compliance with data protection law. If you have any questions about this notice or how we handle your personal data, please contact legal@friendmts.com.

How to contact us

If you have any questions about this privacy notice, wish to exercise your legal rights, or wish to make a data protection complaint directly to us, please contact:

Friend MTS Limited
177 Shaftesbury Avenue, London WC2H 8JR
legal@friendmts.com
(+44) (0)203 588 2111

We will acknowledge data protection complaints within 30 days of receipt. Please see the section “Your right to complain to us” below for details of our complaints handling process.

Personal data that we collect about you

Personal data means any information about an individual from which that person could be identified. We may collect, use, store and transfer the following personal data about you, which we have grouped together as follows:

Identity Data: your first and last name, date of birth, any previous names, user name or similar identifier, marital status, title, gender, professional network profile details (e.g. LinkedIn profile URL), and information from accounts you choose to link with us.
Contact Data: billing address, delivery address, email address, telephone numbers, and details of your employer.
Financial Data: bank account and payment account details.
Transaction Data: details about payments to and from you and other details of products and services you have purchased from us.
Technical Data: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this Site.
Profile Data: your username and password, purchases or orders made by you, your interests and preferences, and feedback and responses to surveys, competitions and promotions.
Usage Data: information about how you interact with and use our Site, products and services.
Marketing and Communications Data: your contact history, your preferences in receiving marketing from us and our third parties, and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data, which is not personal data as it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to calculate the percentage of users accessing a Site feature in order to analyse trends and improve our Site and service offerings.

How we collect personal data

We use different methods to collect personal data from and about you, including through:

Your interactions with us. you may give us personal data by completing online forms or by corresponding with us by email or otherwise. This includes when you (a) contact us or give us feedback; (b) subscribe to a service or publication we provide; or (c) request marketing to be sent to you.
Automated technologies or interactions: as you interact with the Site, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies and similar technologies, and we may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.

We may also collect information about you from third parties such as our customers, intermediaries or business partners, from credit reference and background check agencies, and from public sources such as Companies House, online searches or professional networking sites.

Where we need to collect personal data by law, or under the terms of a contract we have with you or your employer, and you do not provide that data when requested, we may be unable to perform the contract we have or are trying to enter into with you (for example, to provide our services). In that case we may need to decline a service, and we will notify you if this is the case at the time.

Why and for what purpose we collect personal data

We only process your personal data to the extent we have a legal basis for doing so. Our legal basis will be one or more of the following:

Legal Obligation: to comply with our legal and regulatory obligations.
Contract: to perform a contract with you or take steps at your request before entering into a contract.
Consent: on a case-by-case basis, where you have given specific, informed and voluntary consent.
Legitimate Interest: where it is necessary to conduct our business and pursue our legitimate interests, unless those interests are overridden by your interests, rights or freedoms. Where required, we carry out a balancing assessment when relying on this basis, and records of those assessments are available on request.

Where we process special category personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation), our legal basis will be one of the following: (a) explicit consent; (b) necessity to protect your or someone else’s vital interests where you are incapable of giving consent; or (c) necessity to establish, exercise or defend legal claims.

The table below sets out the purposes for which we use the various categories of your personal data and the legal basis we rely on. Where Legitimate Interest applies, the table also describes the nature of the likely interest.

Purpose / Use	Type of Data	Legal Basis
To register you as a new customer	Identity Contact	Contract
Providing products and/or services to or purchasing them from your business or that of your employer, including (a) managing payments, fees and charges; and (b) collecting and recovering money owed to us	Identity, Contact, Financial, Transaction, Marketing and Communications	Contract; Legitimate Interest (to recover debts due to us)
To manage our relationship with you, including (a) notifying you about changes to our terms or policies; and (b) dealing with your requests, complaints and queries	Identity, Contact, Profile, Marketing and Communications	Contract; Legal Obligation; Legitimate Interest (to keep our records updated and manage our relationship with you)
Handling data protection complaints made directly to us under section 164A of the Data Protection Act 2018	Identity, Contact, Profile	Legal Obligation; Legitimate Interest (resolving complaints)
To enable you to partake in a promotional activity or complete a survey	Identity, Contact, Profile, Usage, Marketing and Communications	Contract; Legitimate Interest (to study how customers use our services to develop them and grow our business)
Preventing and detecting fraud against you or us	Identity, Contact, Technical	Legitimate Interest (to minimise fraud that could be damaging for you and/or us)
Conducting checks to identify and verify customers, suppliers, partners or intermediaries (together, Business Partners); screening for sanctions or embargoes; and other activities necessary to comply with professional, legal and regulatory obligations	Identity, Contact	Legal Obligation.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies	As relevant	Legal Obligation.
Ensuring our business policies are adhered to, e.g. policies covering security and internet use	As relevant	Legitimate Interest (to follow our own internal procedures so we can deliver the best service)
To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Identity, Contact, Technical	Legitimate Interest (to be efficient and deliver the best service); Legal Obligation
Ensuring the confidentiality of commercially sensitive information	As relevant	Legitimate Interest (to protect trade secrets and other commercially valuable information); Legal Obligation
Statistical analysis to help us manage our business, e.g. financial performance, customer base or product range	Technical, Usage	Legitimate Interest (business efficiency)
Preventing unauthorised access and modifications to systems	Technical	Legitimate Interest (to prevent and detect criminal activity); Legal Obligation
Updating and enhancing Business Partner records	Identity, Contact	Contract; Legal Obligation; Legitimate Interest (to keep in touch with Business Partners about existing orders and new products)
Statutory returns	As required	Legal Obligation.
Marketing our services and those of selected third parties to existing and former Business Partners and others	Identity, Contact, Profile, Usage, Marketing and Communications, Technical	Legitimate Interest (to promote and grow our business and inform our marketing strategy)
Credit reference checks via external credit reference agencies	Identity, Financial	Legitimate Interest (to ensure actual and prospective Business Partners and suppliers are solvent)
External audits and quality checks, e.g. for ISO accreditation and the audit of our accounts	As relevant	Legitimate Interest (to maintain our accreditations and demonstrate high standards); Legal Obligation

Marketing

Direct Marketing

As part of the customer onboarding process, or when you subscribe to communications (including via the Site), your personal data is collected. At this point you will be asked to indicate your preferences for receiving direct marketing communications from FMTS by email.

Third Party Marketing

We will obtain your express consent before we share your personal data with any third party for their own direct marketing purposes.

Opting out of Marketing

You can ask us to stop sending you marketing communications at any time by using the Unsubscribe function in FMTS marketing emails, or by emailing marketing@friendmts.com. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

Cookies

We use a consent management platform to manage your cookie preferences. For more information about the cookies we use and how to change your preferences at any time, please see our Cookie Policy.

Automated decision-making and profiling

We do not generally make significant decisions about you that are based solely on automated processing, including profiling. A decision is "significant" if it produces a legal effect concerning you or similarly significantly affects you, and it is "solely automated" where there is no meaningful human involvement in making it.

Where we do carry out solely automated significant decision-making, we will do so only in accordance with Articles 22A to 22D UK GDPR. We will tell you about the decision, and we will put safeguards in place that allow you to make representations about the decision, to obtain human intervention, and to contest the decision. Where any such decision is based on special category data, we will only carry it out with your explicit consent or where another condition permitted by law applies.

Our monitoring, watermarking and content identification technologies primarily process data relating to content on behalf of our customers. Where that processing involves any personal data, we ensure that an appropriate lawful basis and appropriate safeguards are in place.

How long your personal data will be kept

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Where a minimum retention period is required by law, we comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so).

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Broadly, we keep your personal data only for as long as is necessary for the purposes of our processing or for any legally required period, e.g. for as long as we have an active relationship with you or your employer, and for as long as necessary afterwards:

to respond to any questions, complaints or claims made by you or on your behalf;
to keep records required by law; and
to enforce or defend our rights against any possible legal action for the applicable limitation period, typically six years after the cause of action arose.

The tables below set out a non-exhaustive list of maximum retention periods for different categories of records. FMTS maintains a comprehensive Data Retention Schedule available upon request.

Business Partner Records
Record	Retention Period
Business Partner relationship management records (former, current and potential)	7 years from end of relationship, i.e. end of contractual relationship or date of last contact (whichever is later)
Sales/purchase analysis records	5 years from the date of the earliest record being analysed
Business Partner advice and opinions	7 years from end of relationship with Business Partner
Business Partner complaints	7 years from end of relationship with Business Partner (including any extension while dealing with the complaint)
Details of products/services not taken up	5 years from end of relationship with Business Partner
Direct marketing information	2 years from last active engagement or data collection
Management of data subject requests and complaints made directly to us	6 years from closure of request
Compliance records	7 years from the date the document is no longer active or has been superseded
Previous versions of policies, including IT policy, privacy policy, retention policy etc.	6 years from being superseded

How and with whom we share your personal data

We may share your personal data where necessary with the parties set out below for the purposes set out in the table above:

companies within our group, such as Friend MTS (US) Inc.;
third parties we use to help deliver our products or services, e.g. sub-contractors, payment service providers, mailing houses and delivery companies;
other third parties we use to help us run our business, e.g. cloud hosting and storage providers, marketing agencies, website hosts and IT support providers;
third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers;
credit reference agencies;
our insurers and brokers;
external auditors, e.g. in relation to accreditations and the audit of our accounts; and
our bankers.

A current list of our key processors and sub-processors is available on request. Where service providers and other third parties act as data processors on our behalf, we only appoint them if we are satisfied that they take appropriate measures to protect your personal data, and we impose contractual obligations (including data processing terms) to ensure they can only use your personal data to provide services on our instructions and in accordance with applicable data protection law.

We may also need to share personal data with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, and with other parties such as potential buyers of some or all of our business or during a restructuring. Usually information will be anonymised, but where this is not possible the recipient will be bound by confidentiality obligations.

International transfers of your personal data

To deliver services to you, it is sometimes necessary for us to transfer your personal data outside the UK and EEA, including to our offices or other companies within our group, to your and our service providers, and where there is an international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country outside the UK and EEA where (a) the UK government or EU Commission has decided the country ensures an adequate level of protection (an adequacy decision); (b) appropriate safeguards are in place, together with enforceable rights and effective legal remedies for data subjects; or (c) a specific exception applies under data protection law.

We will always seek to rely on an adequacy decision where one exists. Where there is no adequacy decision, we put in place appropriate safeguards, usually the UK International Data Transfer Agreement (IDTA) or the Addendum to the EU Standard Contractual Clauses. For transfers to the United States, we may rely on the UK Extension to the EU-US Data Privacy Framework where the recipient is certified under it; otherwise we rely on the IDTA or Addendum as a safeguard.

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data where (a) you have explicitly consented after being informed of the possible risks; (b) the transfer is necessary for the performance of a contract between us, or to take pre-contract measures at your request; (c) the transfer is necessary for a contract in your interests between us and another person; or (d) the transfer is necessary to establish, exercise or defend legal claims.

Your right to complain to us

From 19 June 2026, under section 164A of the Data Protection Act 2018 (as inserted by the Data (Use and Access) Act 2025), you have the right to complain directly to us as controller if you consider that we have infringed data protection law in how we process your personal data. You can complain to us before, or instead of, complaining to the Information Commissioner’s Office (ICO).

How to submit a complaint

You can submit a data protection complaint to us through any of the following channels. We will accept your complaint however you submit it, and you do not need to use any particular form of words or label it as a “data protection complaint”:

by email to legal@friendmts.com;
by post to Friend MTS Limited, 177 Shaftesbury Avenue, London WC2H 8JR (marked “Data Protection Complaint”); or
by telephone on (+44) (0)203 588 2111.

Where a complaint is submitted on your behalf by a third party (for example a solicitor or advocacy organisation), we will verify that the third party is authorised to act for you before we begin our investigation.

What happens after you complain

Once we receive your complaint, we will:

acknowledge your complaint within 30 days of receipt;
take appropriate steps to investigate your complaint without undue delay, proportionate to the nature and complexity of the issues raised and the impact on you;
keep you informed of the progress of our investigation and of any anticipated delays; and
provide you with the outcome of our investigation without undue delay.

We keep records of all complaints received, how and when they were acknowledged, the steps taken during the investigation and the final outcome. These records may be requested by the ICO.

Complaints to the ICO or another supervisory authority

If you are not satisfied with our response, or if you prefer to complain directly to a supervisory authority, you have the right to lodge a complaint with the ICO at https://ico.org.uk/make-a-complaint or by telephone on 0303 123 1113. If you are located in the EU or another jurisdiction, you may also complain to your local data protection authority.

Your legal rights

You have the following rights in relation to your personal data. These rights may be subject to limitations under applicable law.

Access
The right to be provided with a copy of your personal data and to check that we are lawfully processing it.

Rectification
The right to require us to correct any mistakes in your personal data. We may need to verify the accuracy of any new data you provide to us.

Erasure (the right to be forgotten)
The right to require us to delete your personal data where there is no good reason for us to continue processing it. Where a legal reason requires us to retain it, we will notify you at the time of your request.

Restriction of processing
The right to require us to restrict processing of your personal data in certain circumstances, for example while we verify its accuracy or consider an objection you have raised.

Data portability
In respect of any automated information you initially consented for us to use, or where we used the information to perform a contract with you, the right to request transfer of that personal data to you or a third party in a structured, commonly used and machine-readable format.

Right to object
The right to object at any time to processing of your personal data for direct marketing (including profiling). You also have the right to object where we rely on legitimate interest as our legal basis and we cannot demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

Withdraw consent
Where we rely on your consent to process your personal data, the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we carried out before you withdrew it. If you withdraw your consent, we may not be able to provide certain products or services to you, and we will tell you if this is the case at the time.

Rights relating to automated decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you, except where permitted by law. Where we make a significant decision about you based solely on automated processing, including profiling, you have the right to be given information about the decision, to make representations about it, to obtain human intervention, and to contest the decision, in accordance with Articles 22A to 22D UK GDPR.

To exercise any of these rights, please contact us at legal@friendmts.com and (a) provide enough information to identify yourself (for example your full name, address, employer and any customer, supplier or product reference number) and any additional identity information we may reasonably request; and (b) let us know which right you want to exercise and the information to which your request relates.

When you exercise these rights, and if we decide not to take action on your request, we will also tell you about your right to complain to us and your right to complain to the ICO.

You will not have to pay a fee to access your personal data or to exercise any other rights. However, we may charge a reasonable fee, or decline to comply with your request, if it is clearly unfounded, repetitive or excessive.

We try to respond to all legitimate requests within one month, calculated in accordance with data protection law. Where we reasonably need to confirm your identity before we respond, or where we need further information to clarify your request, the time we have to respond may not start, or may be paused, until we have received what we need. Occasionally it may take longer if your request is particularly complex or you have made a number of requests, in which case we will notify you and keep you updated.

Keeping your personal data secure

We have appropriate technical and organisational measures in place to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. These measures include access controls limiting access to those with a genuine business need, an ISO 27001-aligned information security management system, encryption of personal data in transit and at rest, regular testing of our systems, and staff training on data protection and information security. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach. Where legally required, we will notify the ICO without undue delay upon becoming aware of a notifiable breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Changes to this privacy notice and your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new email address.

We may update this privacy notice from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. Please check back regularly to see any updates.

This privacy notice was last updated in June 2026, when it replaced any previous privacy notice published on our Site.

Privacy Policy