DATA AND PRIVACY POLICY

For Artists

For Arts Organization

Operabase, (Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN, ("We") are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.Operabase.com and any sub-sites and subdomains and any technical applications (including so-called apps) you are accepting and consenting to the practices described in this policy.

For the purpose of the General Data Protection Regulation (EU) 2016/679, the data processor is Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN

Our Data Protection Officer for the purpose of this Data and Privacy Policy is Jan Pilgaard Carlsen, [email protected]

The following is a general description of the principles we follow, however, in the section Data Processing below, you can dig deeper into our concrete compliance with the General Data Protection Regulation (EU) 2016/679, the so-called "Data Processor Agreement" between us.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following data about you:

  • Information you give us. You may give us information about you by filling in forms on our site www.Operabase.com and any sub-sites and sub domains and any technical applications (including so called apps (our site) or by corresponding with us by phone, e-mail or otherwise). This includes information you provide when you register to use our site (including your location and profile), search for an opportunity, upload content to our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, bank account details, personal description and photograph.
  • Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners including arts organisations, event organisations and theatre owners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

USES MADE OF THE INFORMATION

We use information held about you in the following ways:

  • Information you give to us. We will use this information:
    • to carry out our obligations arising from any contracts entered into between you and our customers and to provide you with the information, products and services that you request from us;
    • to provide you with information about other products and services we offer that are similar to those that you have already enquired about;
    • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing member, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous engagement or negotiations for such an engagement. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tell us;
    • to notify you about changes to our service;
    • to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Information we collect about you. We will use this information:
    • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
    • to allow you to participate in interactive features of our service, when you choose to do so;
    • as part of our efforts to keep our site safe and secure;
    • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
    • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them;
    • to seek engagement opportunities for you and to inform customers and potential customers about the services you offer;
    • to liaise with third party introducers or recommenders of you and your services.
  • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).

DISCLOSURE OF YOUR INFORMATION

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries as long as the necessary permission has been granted by you.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors, customers and potential customers for the negotiation, discussion, opportunity seeking of engagements and/or the performance of any contract you enter into with our customers.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 20 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in England). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Credit reference agencies for the purpose of assessing your credit rating.
  • Agencies or representatives who provide authorisation or identification services including for money laundering requirements.
    We may disclose your personal information to third parties:
  • If Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of dealing with you or other agreements; or to protect the rights, property, or safety of Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the negotiations for potential engagements, the processing of your payment details and the provision of support services. By submitting your personal data and agreeing to this policy, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Such transfer is however subject to your approval of our terms of use and transfer can only take place to the data processors mentioned below.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or the accidental deletion or corruption of your data.

YOUR RIGHTS

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

ACCESS TO INFORMATION ABOUT YOU AND YOUR RIGHT TO BE FORGOTTEN BY US

You have the right to access information held about you and request to be removed from our system(s). If you find us to hold incorrect information, please let us know and we will correct it.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

CONTACT

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN or [email protected]

DATA PROCESSOR AGREEMENT

Regarding the Data Processor's processing of personal data on behalf of the Data Controller ("You").

  1. The processed personal data
    1 This Agreement has been entered into in connection with the Parties' conclusion of agreement regarding an online recruiting platform provided by the Data Processor, designed to improve the Data Controller's casting process in the opera and classical music business (the "Main Agreement").
    1.2 The Data Processor processes the types of personal data on behalf of the Data Controller in relation to the relevant data subjects as specified in Schedule 1. The personal data relates to the data subjects listed in Schedule 1.
    1.3 The Data Processor may initiate processing of personal data on behalf of the Data Controller after the Agreement enters into force. The processing has the duration as specified in the instructions in Schedule 1 of the Agreement.
    1.4 The Agreement and the Main Agreement are interdependent and cannot be terminated separately. However, the Agreement may be replaced with another valid Data Processor Agreement without terminating the Main Agreement.
  2. Purpose
    1 The Data Processor must only process personal data for purposes which are necessary in order to provide an online recruiting platform and in doing so providing the services set out in the Main Agreement.
  3. Obligations of the Data Controller
    1 The Data Controller warrants that the personal data is processed for legitimate and objective purposes and that the Data Processor is not processing more personal data than required for fulfilling such purposes.
    3.2 The Data Controller is responsible for ensuring that a valid legal basis for processing exists at the time of transferring the personal data to the Data Processor. Upon the Data Processor's request, the Data Controller undertakes, in writing, to account for and/or provide documentation of the basis for processing.
    3.3 In addition, the Data Controller warrants that the data subjects to which the personal data pertains have been provided with sufficient information on the processing of their personal data.
    3.4 Any instructions regarding the processing of personal data carried out under this Agreement must primarily be submitted to the Data Processor. In case the Data Controller instructs a sub-data processor, appointed in accordance with clause 5.1 directly, the Data Controller must immediately inform the Data Processor hereof. The Data Processor shall not in any way be liable for any processing carried out by the sub-data processor in accordance with such instructions.
  4. Obligations of the Data Processor
    1 All processing by the Data Processor of the personal data provided by the Data Controller must be in accordance with instructions prepared by the Data Controller, and the Data Processor is, furthermore, obliged to comply with any and all data protection legislation in force from time to time.
    If Union law or law of a Member State to which the Data Processor is subject to stipulates that the Data Processor is required to process the personal data listed in clause 1.2, the Data Processor must inform the Data Controller of that legal requirement before processing. However, this does not apply if this legislation prohibits such information on important grounds of public interests.
    The Data Processor must immediately inform the Data Controller if, in the Data Processor's opinion, an instruction infringes the EU General Data Protection Regulation or the data protection provisions of a Member State.
    4.2 The Data Processor must take all necessary technical and organisational security measures, including any additional measures, required to ensure that the personal data specified in clause 1.2 is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorised third parties, abused or otherwise processed in a manner which is contrary to Danish data protection legislation in force at any time.
    4.3 The Data Processor must ensure that employees authorized to process the personal data have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality.
    4.4 If so requested by the Data Controller, the Data Processor must state and/or document that the Data Processor complies with the requirements of the applicable data protection legislation, including documentation regarding the data flows of the Data Processor as well as procedures/policies for processing of personal data.
    4.5 Taking into account the nature of the processing, the Data Processor must, as far as possible, assist the controller by appropriate technical and organisational measures, for the fulfilment of the Data Controller's obligation to respond to requests for exercising the data subject's rights as laid down in chapter 3 in the General Data Protection Regulation.
    4.6 The Data Processor, or another data processor (sub-data processor) must send requests and objections from data subjects to the Data Controller, for the Data Controller's further processing thereof, unless the Data Processor is entitled to handle such request itself. If requested by the Data Controller, the Data Processor must assist the Data Controller in answering any such requests and/or objections.
    4.7 If the Data Processor processes personal data in another member state, the Data Processor must comply with legislation concerning security measures in that member state.
    4.8 The Data Processor must notify the Data Controller where there is an interruption in operation, a suspicion that data protection rules have been breached or other irregularities in connection with the processing of the personal data occur. The Data Processor's deadline for notifying the Data Controller of a security breach is 24 hours from the moment the Data Processor becomes aware of a security breach. If requested by the Data Controller, the Data Processor must assist the Data Controller in relation to clarifying the scope of the security breach, including preparation of any notification to the Danish Data Protection Agency and/or data subjects.
    4.9 The Data Processor must make available to the Data Controller all information necessary to demonstrate compliance with article 28 of the General Data Protection Regulation and the Agreement. In this connection the Data Processor allows for and contributes to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
    4.10 In addition to the above, the Data Processor must assist the Data Controller in ensuring compliance with the Data Controller's obligations under article 32-36 of the General Data Protection Regulation. This assistance will take into account the nature of the processing and the information available to the Data Processor.
  5. Transfer of data to sub-data processors or third parties
    1 The Data Processor must comply with the conditions laid down in article 28, paragraph 2 and 4 of the General Data Protection Regulation to engage another data processor (sub-data processor).
    This implies that the Data Processor does not engage another data processor (sub-data processor) to performance of the Agreement without prior specific or general written approval from the Data Controller.
    5.2 The Data Controller hereby grants the Data Processor a general power of attorney to enter into agreements with sub-data processors. The Data Processor must notify the Data Controller of any changes concerning the addition or replacements of sub-data processors. The Data Controller can make reasonable and relevant objections against such changes. If the Data Processor continues to wish to use a sub-data processor that the Data Controller has objected to, the Parties have the right to terminate the Agreement and, if applicable, the Main Agreement with a shorter notice, cf. 7.2. During this period the Data Controller must not require that the Data Processor do not use the sub-data processor in question.
    5.3 When the Data Controller has approved that the Data Processor can use a sub-data processor the Data Processor must impose the same obligations on the sub-data processor as set out in the Agreement. This is executed through a contract or another legal act under EU law or the law of a Member State. It must be ensured, i.e., that sufficient guarantees are provided from the sub-data processor to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the General Data Protection Regulation ("back-to-back" terms).
    5.4 If the sub-data processor fails to fulfill its data protection obligations, the Data Processor remains fully liable to the Data Controller for the performance of the sub-data processor's obligations.
    5.5 Disclosure, transfer and internal use of the Data Controller's personal data to third countries or international organisations may only take place in accordance with documented instructions from the Data Controller - unless stipulated by EU law or the law of a Member State to which the Data Processor is subject. If so, the Data Processor must notify the Data Controller of this legal requirement before processing, unless the law prohibits such notification for important grounds of public interests.
    5.6 If the personal data stipulated in clause 1.2 is transferred to foreign sub-data processors, it must, in the said data processor agreement, be stated that the data protection legislation applicable in the Data Controller's country applies to foreign sub-data processors. Furthermore, if the receiving sub-data processor is established within the EU, it must be stated in the said data processor agreement that the receiving EU country's specific statutory requirements regarding data processors, e.g. concerning demands for notification to national authorities must be complied with.
    5.7 The Data Processor must, on behalf of the Data Controller, enter into written data processor agreements with sub-data processors within the EU/EEA. As for sub-data processors outside the EU/EEA, the Data Processor must enter into standard agreements in accordance with Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries ("Standard contracts").
    5.8 The Data Controller hereby grants the Data Processor a general power of attorney to enter into standard contracts with sub-data processors outside the EU/EEA on behalf of the Data Controller, provided that the Data Controller has given prior written instructions in accordance with clause 5.1 - 5.2.
    5.9 At the time of the signature of this Agreement, the Data Processor engages the sub-data processors listed in Schedule 2.
  6. Precedence
    1 Unless otherwise expressively stated in this Agreement, the Main Agreement applies to the contractual relationship between the Parties. If there is any conflict or inconsistency between this Agreement and the Main Agreement, the Main Agreement will take precedence and apply to the extent of the conflict or inconsistency.
  7. Governing law and jurisdiction
    1 Any claim or dispute arising from or in connection with this Agreement must be settled by a competent court of the first instance in the same jurisdiction as stated in the Main Agreement.

Schedule 1:

  1. Categories of data subjects and types of personal data;
  2. Retention period and deletion procedure;
  3. Location of processing.
  4. Categories of data subjects:

Category of data subjects: Artists

Type of personal data:

Operabase processes these data:

Name

Yes

E-mail

Yes

Phone number

Yes

Address

Yes

Username (email)

Yes

Access code

Yes

Gender

No

Nationality

Yes

Description of the artist's abilities

Yes

Passport data

Yes

Pictures

Yes

 

  1. Retention period and deletion procedure:
    The personal data is stored at the Data Processor until the Data Controller requests the data to be deleted or returned or until it is deemed unnecessary to keep for the data processor's purposes.
  2. Location of processing:
    Processing of the personal data covered by the Agreement must not be done without the Data Controller's prior written consent at locations other than the following:
    Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN.
  3. Schedule 2: Sub-data processors.
    At the time this Agreement enters into force the Data Controller has approved the use of the following sub-data processors:

Name

Country

Description of processing

Amazon Web Services Ltd.

Germany

Cloud Services Provider

Operabase Operations India Pvt. Ltd.

India

Operational tasks, customer service

Mailchimp

United States

Emailing (special consent obtained individually for marketing emails)

Google LLC

United States

Cloud Services Provider

Segment

United States

Product Analysis

Stripe

United States

Payments and subscriptions

E-conomic

Denmark

Invoicing

Slack

United States

Customer Relations Management, Customer Service

Arts Organization

Operabase,   ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN ("We") are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.Operabase.com and any sub-sites and subdomains and any technical applications (including so-called apps) you are accepting and consenting to the practices described in this policy.

For the purpose of the General Data Protection Regulation (EU) 2016/679, the data processor is Operabase,   ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN.

Our Data Protection Officer for the purpose of this Data and Privacy Policy is Jan Pilgaard Carlsen, [email protected]

The following is a general description of the principles we follow, however, in the section Data Processing below, you can dig deeper into our concrete compliance with the General Data Protection Regulation (EU) 2016/679, the so-called "Data Processor Agreement" between us.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following data about you:

  • Information you give us. You may give us information about you by filling in forms on our site www.Operabase.com and any sub-sites and sub domains and any technical applications (including so called apps (our site) or by corresponding with us by phone, e-mail or otherwise). This includes information you provide when you register to use our site (including your location and profile), search for an opportunity, upload content to our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, bank account details, personal description and photograph.
  • Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners including arts organisations, event organisations and theatre owners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

USES MADE OF THE INFORMATION

We use information held about you in the following ways:

  • Information you give to us. We will use this information:
    • to carry out our obligations arising from any contracts entered into between you and our customers and to provide you with the information, products and services that you request from us;
    • to provide you with information about other products and services we offer that are similar to those that you have already enquired about;
    • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing member, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous engagement or negotiations for such an engagement. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tell us;
    • to notify you about changes to our service;
    • to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Information we collect about you. We will use this information:
    • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
    • to allow you to participate in interactive features of our service, when you choose to do so;
    • as part of our efforts to keep our site safe and secure;
    • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
    • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them;
    • to seek engagement opportunities for you and to inform customers and potential customers about the services you offer;
    • to liaise with third party introducers or recommenders of you and your services.
  • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).

DISCLOSURE OF YOUR INFORMATION

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries as long as the necessary permission has been granted by you.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors, customers and potential customers for the negotiation, discussion, opportunity seeking of engagements and/or the performance of any contract you enter into with our customers.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 20 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in England). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Credit reference agencies for the purpose of assessing your credit rating.
  • Agencies or representatives who provide authorisation or identification services including for money laundering requirements.

We may disclose your personal information to third parties:

  • If Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of dealing with you or other agreements; or to protect the rights, property, or safety of Operabase, ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the negotiations for potential engagements, the processing of your payment details and the provision of support services. By submitting your personal data and agreeing to this policy, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Such transfer is however subject to your approval of our terms of use and transfer can only take place to the data processors mentioned below.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or the accidental deletion or corruption of your data.

YOUR RIGHTS

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

ACCESS TO INFORMATION ABOUT YOU AND YOUR RIGHT TO BE FORGOTTEN BY US

You have the right to access information held about you and request to be removed from our system(s). If you find us to hold incorrect information, please let us know and we will correct it.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

CONTACT

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to Operabase,   ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN or [email protected]

DATA PROCESSOR AGREEMENT

Regarding the Data Processor's processing of personal data on behalf of the Data Controller ("You").

  1. The processed personal data
    1 This Agreement has been entered into in connection with the Parties' conclusion of agreement regarding an online recruiting platform provided by the Data Processor, designed to improve the Data Controller's casting process in the opera and classical music business (the "Main Agreement").
    1.2 The Data Processor processes the types of personal data on behalf of the Data Controller in relation to the relevant data subjects as specified in Schedule 1. The personal data relates to the data subjects listed in Schedule 1.
    1.3 The Data Processor may initiate processing of personal data on behalf of the Data Controller after the Agreement enters into force. The processing has the duration as specified in the instructions in Schedule 1 of the Agreement.
    1.4 The Agreement and the Main Agreement are interdependent and cannot be terminated separately. However, the Agreement may be replaced with another valid Data Processor Agreement without terminating the Main Agreement.
  2. Purpose
    1 The Data Processor must only process personal data for purposes which are necessary in order to provide an online recruiting platform and in doing so providing the services set out in the Main Agreement.
  3. Obligations of the Data Controller
    1 The Data Controller warrants that the personal data is processed for legitimate and objective purposes and that the Data Processor is not processing more personal data than required for fulfilling such purposes.
    3.2 The Data Controller is responsible for ensuring that a valid legal basis for processing exists at the time of transferring the personal data to the Data Processor. Upon the Data Processor's request, the Data Controller undertakes, in writing, to account for and/or provide documentation of the basis for processing.
    3.3 In addition, the Data Controller warrants that the data subjects to which the personal data pertains have been provided with sufficient information on the processing of their personal data.
    3.4 Any instructions regarding the processing of personal data carried out under this Agreement must primarily be submitted to the Data Processor. In case the Data Controller instructs a sub-data processor, appointed in accordance with clause 5.1 directly, the Data Controller must immediately inform the Data Processor hereof. The Data Processor shall not in any way be liable for any processing carried out by the sub-data processor in accordance with such instructions.
  4. Obligations of the Data Processor
    1 All processing by the Data Processor of the personal data provided by the Data Controller must be in accordance with instructions prepared by the Data Controller, and the Data Processor is, furthermore, obliged to comply with any and all data protection legislation in force from time to time.
    If Union law or law of a Member State to which the Data Processor is subject to stipulates that the Data Processor is required to process the personal data listed in clause 1.2, the Data Processor must inform the Data Controller of that legal requirement before processing. However, this does not apply if this legislation prohibits such information on important grounds of public interests.
    The Data Processor must immediately inform the Data Controller if, in the Data Processor's opinion, an instruction infringes the EU General Data Protection Regulation or the data protection provisions of a Member State.
    4.2 The Data Processor must take all necessary technical and organisational security measures, including any additional measures, required to ensure that the personal data specified in clause 1.2 is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorised third parties, abused or otherwise processed in a manner which is contrary to Danish data protection legislation in force at any time.
    4.3 The Data Processor must ensure that employees authorized to process the personal data have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality.
    4.4 If so requested by the Data Controller, the Data Processor must state and/or document that the Data Processor complies with the requirements of the applicable data protection legislation, including documentation regarding the data flows of the Data Processor as well as procedures/policies for processing of personal data.
    4.5 Taking into account the nature of the processing, the Data Processor must, as far as possible, assist the controller by appropriate technical and organisational measures, for the fulfilment of the Data Controller's obligation to respond to requests for exercising the data subject's rights as laid down in chapter 3 in the General Data Protection Regulation.
    4.6 The Data Processor, or another data processor (sub-data processor) must send requests and objections from data subjects to the Data Controller, for the Data Controller's further processing thereof, unless the Data Processor is entitled to handle such request itself. If requested by the Data Controller, the Data Processor must assist the Data Controller in answering any such requests and/or objections.
    4.7 If the Data Processor processes personal data in another member state, the Data Processor must comply with legislation concerning security measures in that member state.
    4.8 The Data Processor must notify the Data Controller where there is an interruption in operation, a suspicion that data protection rules have been breached or other irregularities in connection with the processing of the personal data occur. The Data Processor's deadline for notifying the Data Controller of a security breach is 24 hours from the moment the Data Processor becomes aware of a security breach. If requested by the Data Controller, the Data Processor must assist the Data Controller in relation to clarifying the scope of the security breach, including preparation of any notification to the Danish Data Protection Agency and/or data subjects.
    4.9 The Data Processor must make available to the Data Controller all information necessary to demonstrate compliance with article 28 of the General Data Protection Regulation and the Agreement. In this connection the Data Processor allows for and contributes to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
    4.10 In addition to the above, the Data Processor must assist the Data Controller in ensuring compliance with the Data Controller's obligations under article 32-36 of the General Data Protection Regulation. This assistance will take into account the nature of the processing and the information available to the Data Processor.
  5. Transfer of data to sub-data processors or third parties
    1 The Data Processor must comply with the conditions laid down in article 28, paragraph 2 and 4 of the General Data Protection Regulation to engage another data processor (sub-data processor).
    This implies that the Data Processor does not engage another data processor (sub-data processor) to performance of the Agreement without prior specific or general written approval from the Data Controller.
    5.2 The Data Controller hereby grants the Data Processor a general power of attorney to enter into agreements with sub-data processors. The Data Processor must notify the Data Controller of any changes concerning the addition or replacements of sub-data processors. The Data Controller can make reasonable and relevant objections against such changes. If the Data Processor continues to wish to use a sub-data processor that the Data Controller has objected to, the Parties have the right to terminate the Agreement and, if applicable, the Main Agreement with a shorter notice, cf. 7.2. During this period the Data Controller must not require that the Data Processor do not use the sub-data processor in question.
    5.3 When the Data Controller has approved that the Data Processor can use a sub-data processor the Data Processor must impose the same obligations on the sub-data processor as set out in the Agreement. This is executed through a contract or another legal act under EU law or the law of a Member State. It must be ensured, i.e., that sufficient guarantees are provided from the sub-data processor to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the General Data Protection Regulation ("back-to-back" terms).
    5.4 If the sub-data processor fails to fulfill its data protection obligations, the Data Processor remains fully liable to the Data Controller for the performance of the sub-data processor's obligations.
    5.5 Disclosure, transfer and internal use of the Data Controller's personal data to third countries or international organisations may only take place in accordance with documented instructions from the Data Controller - unless stipulated by EU law or the law of a Member State to which the Data Processor is subject. If so, the Data Processor must notify the Data Controller of this legal requirement before processing, unless the law prohibits such notification for important grounds of public interests.
    5.6 If the personal data stipulated in clause 1.2 is transferred to foreign sub-data processors, it must, in the said data processor agreement, be stated that the data protection legislation applicable in the Data Controller's country applies to foreign sub-data processors. Furthermore, if the receiving sub-data processor is established within the EU, it must be stated in the said data processor agreement that the receiving EU country's specific statutory requirements regarding data processors, e.g. concerning demands for notification to national authorities must be complied with.
    5.7 The Data Processor must, on behalf of the Data Controller, enter into written data processor agreements with sub-data processors within the EU/EEA. As for sub-data processors outside the EU/EEA, the Data Processor must enter into standard agreements in accordance with Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries ("Standard contracts").
    5.8 The Data Controller hereby grants the Data Processor a general power of attorney to enter into standard contracts with sub-data processors outside the EU/EEA on behalf of the Data Controller, provided that the Data Controller has given prior written instructions in accordance with clause 5.1 - 5.2.
    5.9 At the time of the signature of this Agreement, the Data Processor engages the sub-data processors listed in Schedule 2.
  6. Precedence
    1 Unless otherwise expressively stated in this Agreement, the Main Agreement applies to the contractual relationship between the Parties. If there is any conflict or inconsistency between this Agreement and the Main Agreement, the Main Agreement will take precedence and apply to the extent of the conflict or inconsistency.
  7. Governing law and jurisdiction
  8. Any claim or dispute arising from or in connection with this Agreement must be settled by a competent court of the first instance in the same jurisdiction as stated in the Main Agreement.
    Schedule 1:
  9. Categories of data subjects and types of personal data;
  10. Retention period and deletion procedure;
  11. Location of processing.
  12. Categories of data subjects:

Category of data subjects: Artists

Type of personal data:

Operabase processes these data:

Name

Yes

E-mail

Yes

Phone number

Yes

Address

Yes

Username (email)

Yes

Access code

Yes

Gender

No

Nationality

Yes

Description of the artist's abilities

Yes

Price regarding the services of the artist

Yes

Passport data

Yes

Pictures

Yes

 

  1. Retention period and deletion procedure:

The personal data is stored at the Data Processor until the Data Controller requests the data to be deleted or returned or until it is deemed unnecessary to keep for the data processor's purposes.

  1. Location of processing:

Processing of the personal data covered by the Agreement must not be done without the Data Controller's prior written consent at locations other than the following:

Operabase,   ( Operabase Truelinked Ltd. UK company number: 11411346) C/O Gordon Dadds Corporate Services Limited, Aldgate Tower, 2 Leman Street, London, United Kingdom, E1 8QN

Schedule 2: Sub-data processors.

At the time this Agreement enters into force the Data Controller has approved the use of the following sub-data processors:

Name

Country

Description of processing

Amazon Web Services Ltd.

United States

Cloud Services Provider

Truelinked Operations India Pvt. Ltd.

India

Operational tasks, customer service

Zendesk

United States

Cloud Customer Service

Mailchimp

United States

Emailing (special consent obtained individually for marketing emails)

Google LLC

United States

Cloud Services Provider

Mixpanel

United States

Product Analysis

Segment

United States

Product Analysis

Pipedrive

United States

Customer Relations Management

Stripe

United States

Payments and subscriptions

E-conomic

Denmark

Invoicing

Hellosign (JN Projects Inc.)

United States

Contract handling

Contractbook

Denmark

Contract handling

Slack

United States

Customer Relations Management, Customer Service

Vizteck

Pakistan

Software Development and Maintenance

Terms & Conditions

Cookie Policy