Last Updated APRIL 2023
Official Artists is committed to protecting the privacy of our users and their customers. We stay informed about developments in data protection laws to ensure you can be confident in the safety of your personal data while using our platform.
Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation (EU GDPR), aims to harmonize data protection laws across the EU.
The EU GDPR gives individuals more control over their data’s use by companies, and promotes transparent data collection and processing.
The EU GDPR was directly incorporated into UK law after the Brexit transition period, meaning UK-based businesses subject to UK law must comply with its provisions through the ‘UK GDPR.’ In this document, we’ll refer to both the EU GDPR and the UK GDPR as GDPR.
The GDPR imposes obligations based on whether one is a controller or a processor of personal data.
A controller decides to process personal data and makes decisions about processing basis and methods. Controllers have obligations you should familiarize yourself with before collecting personal data.
A processor processes data on behalf of a controller and follows controller instructions. When using the Official Artists platform, you’re a controller. You’re responsible for legal processing and data retention.
Official Artists is a data processor. We store and process data on your instructions and won’t use it for our purposes without your instruction.
Personal data may only be collected and processed with a legal basis. Official Artists relies on customers to select the correct basis and provide appropriate notices or consents. Identify available legal bases and only process data necessary for that basis.
The GDPR grants data subjects certain rights over their personal data. Official Artists has processes to handle data subject requests and inform customers about them. Understand your obligations for personal data outside of the Official Artists platform.
Personal data may not leave the EEA or the UK without GDPR compliance. We use Standard Contractual Clauses as part of our Data Processing Agreement.
We implement security measures to store personal data securely. We regularly test for vulnerabilities, have backup systems, data recovery processes, and data integrity measures to reduce risks.
We take our processor duties seriously. We have implemented procedures and steps for GDPR compliance: