Data Protection and GDPR

Last Updated APRIL 2023

Introduction

Official Artists is committed to protecting the privacy of our users and their customers. We stay informed about developments in data protection laws to ensure you can be confident in the safety of your personal data while using our platform.

This page explains the rules, how they apply to your use of the Official Artists platform, and the steps we’ve taken to comply. This is not legal advice. Review this document with our Privacy Policy and consult a legal professional for advice or more information.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation (EU GDPR), aims to harmonize data protection laws across the EU.

The EU GDPR gives individuals more control over their data’s use by companies, and promotes transparent data collection and processing.

The EU GDPR was directly incorporated into UK law after the Brexit transition period, meaning UK-based businesses subject to UK law must comply with its provisions through the ‘UK GDPR.’ In this document, we’ll refer to both the EU GDPR and the UK GDPR as GDPR.

Basic GDPR Concepts

Controller and Processor

The GDPR imposes obligations based on whether one is a controller or a processor of personal data.

A controller decides to process personal data and makes decisions about processing basis and methods. Controllers have obligations you should familiarize yourself with before collecting personal data.

A processor processes data on behalf of a controller and follows controller instructions. When using the Official Artists platform, you’re a controller. You’re responsible for legal processing and data retention.

Official Artists is a data processor. We store and process data on your instructions and won’t use it for our purposes without your instruction.

Legal Basis for Processing

Personal data may only be collected and processed with a legal basis. Official Artists relies on customers to select the correct basis and provide appropriate notices or consents. Identify available legal bases and only process data necessary for that basis.

Data Subject Access Rights

The GDPR grants data subjects certain rights over their personal data. Official Artists has processes to handle data subject requests and inform customers about them. Understand your obligations for personal data outside of the Official Artists platform.

Transfers of Data to the USA

Personal data may not leave the EEA or the UK without GDPR compliance. We use Standard Contractual Clauses as part of our Data Processing Agreement.

Data Security

We implement security measures to store personal data securely. We regularly test for vulnerabilities, have backup systems, data recovery processes, and data integrity measures to reduce risks.

Steps for GDPR Compliance

We take our processor duties seriously. We have implemented procedures and steps for GDPR compliance:

• Our data processing agreement uses Standard Contractual Clauses for lawful data transfer to the USA.
• We have breach detection tools and notify customers promptly.
• We handle subject access and erasure requests and notify you when a request is received.
• We’ve documented the personal data processed on your behalf.
• We encrypt personal data at rest and in transit and maintain appropriate security measures.