This Data Processing Addendum (this “Addendum”) is incorporated into and forms part of the Openstage Platform Terms for artists between the Artist and Openstage (the “Terms”). Except as modified below, the provisions of the Terms shall remain in full force and effect. If there is a conflict between the Terms and this Addendum, the terms of this Addendum will prevail. For the avoidance of doubt, this Addendum is effective as at the effective date of the Terms and will remain in effect until termination of the Terms; or the last Processing of Artist Data (as defined below) carried out by or on Openstage's behalf under the Terms. 

1. DEFINITIONS 

In this Addendum, the following words and expressions have the following meanings: 

“Artist’s Data” means all Personal Data processed by Openstage in the provision of the Openstage Platform to the Artist, including any Personal Data in Artist Content and Fan Content;  

“Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing”, and “Supervisory Authority” all have the meanings given to those terms in Data Protection Laws (and related terms such as “Process”, “Processes” and “Processed” shall have corresponding meanings); 

“Data Protection Laws” means all applicable laws and regulations relating to data protection and privacy as applicable to the parties and/or to the Processing of Personal Data under the Terms, including without limitation, the EU General Data Protection Regulation 2016/679 (“EU GDPR”), the EU GDPR in such form as incorporated into the laws of the United Kingdom (“UK GDPR” and together with the EU GDPR “GDPR”), the Data Protection Act 2018, and any associated implementing legislation and regulations, in each case, as in force and applicable, and as amended, supplemented or replaced from time to time; 

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorised access to Artist Data; and “Sub-Processor” means any of Openstage's vendors, suppliers or subcontractors authorised to Process Artist Data on Openstage's behalf.  

2. DATA PROCESSING DETAILS AND COMPLIANCE 
   
   

   1. The parties acknowledge that in respect of Artist Data, Openstage are a Processor Processing Personal Data on behalf of the Artist as Controller. Each party shall comply with its obligations under Data Protection Laws as relates to Artist Data . 
      
      

   2. Details of Artist Data Processed by Openstage under the Terms are as follows: 
      
      

      1. Subject Matter, Nature and Purpose of Processing. Openstage's provision of the Openstage Platform under the Terms.  
         
         

      2. Duration of Processing.  Processing of Artist Data by Openstage shall be for the term of the Terms and in accordance with Openstage's retention obligations under the Terms. 
         
         

      3. Types of Personal Data. full name, email address, phone number.  
         
         

      4. Category of Data Subjects. Fans of the Artist. 
         
         

   3. Openstage shall be an independent Controller with respect to Openstage's Processing of Personal Data in connection with the execution and administration of the Terms (including contact details of  the Artist’spersonnel/representatives); and Openstage's creation and maintenance of Artist’s Team  members’ accounts on the Openstage Platform. The parties agree that the Personal Data described under this Section 2.3 does not form part of Artist Data . 

3. PROCESSING OF ARTIST DATA 
   
   

   1. Openstage shall Process Artist Data only on the written instructions of the Artist (including as set out in the Terms) unless Openstage are required to otherwise Process Artist Data by applicable laws. Openstage are hereby instructed to Process Artist Data for the purposes of providing the Openstage Platform. Where Openstage are required by applicable laws to Process Artist Data other than in accordance with the Artist’s instructions, prior to any such Processing and to the extent permitted by applicable laws, Openstage shall notify the Artist in writing of that legal requirement prior to Processing Artist Data . 
      
      

   2. Openstage shall promptly inform the Artist if Openstage becomes aware of a written instruction given by the Artist under this Section 3 that, in Openstage's reasonable opinion, infringes Data Protection Laws. 

4. OPENSTAGE'S PERSONNEL AND SUB-PROCESSORS
   
   

   1. Openstage shall ensure that all Openstage's personnel authorised to Process Artist Data are either subject to binding written contractual obligations or statutory obligations to keep Artist Data confidential. 
      
      

   2. The  Artist authorises Openstage to engage the Sub-Processors included in the Sub-Processor list set out in Annex 1 (“Sub-Processor List”). Where Openstage intend to engage any additional Sub-Processor not already approved on the Sub-Processor List, prior to engaging the Sub-Processor, Openstage shall notify the Artist of the proposed engagement of the Sub-Processor giving the Artist the opportunity to object. The Artist shall be entitled to make a written objection to the proposed engagement (with respect to confidentiality and data protection compliance concerns) within 5 business days of Openstage providing notice to the Artist under this Section. If no objection is received within the timeframe, the Artist is deemed to have authorised the engagement of such Sub-Processor. 
      
      

   3. Where the Artist  raises a reasonable objection to the proposed engagement of a Sub-Processor in accordance with this Section, Openstage may, at Openstage's option: (a) use Openstage's reasonable endeavours to remedy the situation giving rise to the reasonable objection; or (b) propose an alternative Sub-Processor to conduct the relevant Processing in accordance with Section 4.2 of this Addendum, provided that, in the event that Openstage are unable to remedy the situation or propose an alternative Sub-Processor, Openstage shall be entitled to terminate the Terms without penalty or liability effective immediately on written notice to the Artist  and the Artistthe Artist shall pay Openstage any fees due for the Openstage Platform prior to termination. 
      
      

   4. Openstage shall ensure that prior to permitting any Sub-Processor to Process Artist Data , the Sub-Processor has entered into a binding written agreement with Openstage that imposes obligations substantially equivalent to the obligations imposed on Openstage as a Processor under this Addendum.  

5. TRANSFERS 
   
   

   1. The Artist hereby authorises Openstage to transfer Personal Data to a country not deemed adequate under Data Protection Laws provided that the transfer is performed in accordance with the requirements of the Data Protection Laws (including having in place appropriate transfer safeguards as applicable). 

6. SECURITY AND PERSONAL DATA BREACH NOTIFICATION 
   
   

   1. Openstage shall implement and maintain appropriate technical and organisational measures in relation to the Processing of Artist Data to ensure a level of security appropriate to the risks which may occur as a result of Processing Artist Data, and in particular the risks of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Artist Data.  
      
      

   2. Openstage shall notify the Artist without undue delay on becoming aware of a Personal Data Breach and provide the Artist  with details of the Personal Data Breach as required under Data Protection Laws. 

7. ASSISTANCE 
   
   

   1. To the extent related to Openstage's Processing of Artist Data (taking into account the nature of Processing and the information available to Openstage), Openstage shall promptly provide the Artist  with reasonable assistance: 
      
      

      1. using appropriate technical and organisational measures, in complying with any requests received from Data Subjects of Artist Data exercising Data Subject rights under Data Protection Laws; 
         
         

      2. to enable the Artist to conduct data protection impact assessments and consultations with (or notifications to) a relevant Supervisory Authority where the Artist is required to do so under Data Protection Laws, in connection with data protection impact assessments; 
         
         

      3. in complying with Openstage's obligation to implement and maintain appropriate technical and organisational security measures to protect Artist Data; and 
         
         

      4. in complying with Openstage's obligation to notify a Personal Data Breach to a Supervisory Authority or to a Data Subject as applicable. 

8. DELETION OR RETURN OF DATA
   
   

   1. Openstage shall delete (or, at the election of the Artist , return, in such format as Openstage may reasonably elect, provided any expenses for transferring the Artist  Personal Data to such format are agreed between the parties prior to such transfer) all Artist Data in Openstage's possession or control within thirty (30) days after Openstage cease to provide the Openstage Platform, unless otherwise required to further store Artist Data by applicable laws or agreement with the Artist . 

9. INFORMATION REQUESTS AND AUDITS 
   
   

   1. Openstage shall, on request from the Artist, make available to the Artist all information necessary to demonstrate Openstage's compliance with Openstage's obligations under this Addendum. Openstage shall allow for audits (including inspections), at the Artist’s cost, conducted by the Artist or the Artist ’s designated auditor, for the purpose of demonstrating Openstage's compliance with Openstage's obligations under this Addendum. Such audits shall be limited to once per calendar year except as required by a Supervisory Authority and the scope of any audit will be limited to Openstage's policies, procedures, systems and controls relevant to the Processing of Artist Data .
       

   2. Openstage's obligations under Section 9.1 of this Addendum are subject to the Artist: 
      
      

      1. giving Openstage reasonable prior notice of such information requests, audits and/or inspections being required by the Artist;  
         
         

      2. ensuring that all information obtained or generated by the Artist or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to a Supervisory Authority or as otherwise required by applicable laws); and 
         
         

      3. ensuring that such audit or inspection is undertaken during normal business hours, with, so far as reasonably practicable, minimal disruption to Openstage's business and the business of Openstage's other clients. 
         
         

Sub-Processor list