Amongst other features, the Openstage platform allows Artists and Fans to communicate and for the Artist to run engagement campaigns to their Fans. Fans typically sign up to campaigns based on some incentive. This document is intended to help Artists and their management team understand:

We: OpenstageIt Ltd, registered address: 2 High Street, Chobham, Woking, England, GU24 8AA

You / The Artist: - The Artist, or Artist Representative, contracting with OpenstageIt Ltd.

The service requires that both Openstage and the Artist are joint data controllers. This means that Openstage is responsible for the platform and storage of the data as well as sharing it with you where that is required. You are responsible for how you use the data for your campaigns after it leaves the platform and if you share it with anyone else.

The UK Data Protection Act defines a controller as a party that decides how the data is used and defines a processor as a party that uses or manages the data under instruction. On the Openstage platform both the artist and Openstage are joint controllers since both parties decide how the data will be used. Openstage takes the data privacy lead on behalf of the artist.

Yes. You can download your data anytime.

Yes. You are the joint controller of the data and can export it for use on another platform. If you do this, you will become solely responsible for the data and its privacy and you must follow data privacy rules.

Yes. Our Terms & Conditions and Privacy Policy make you the joint controller of the data, which entitles you to share the data with your management team, including your label. If you do share the data, you become solely responsible for the data and its privacy and you must abide by the data privacy laws of the UK and your local jurisdiction.

All our data is stored in the UK.

Not by Openstage. Whilst the data is on the Openstage platform it will remain in the UK. Third-party services such as Spotify, Apple Music, Deezer, Shopify, SendGrid, Twilio and others may transfer data outside the EU according to their terms. You can export and transfer the data outside the EU. If you do this, you will become solely responsible for the data and its privacy and you must follow the data privacy rules of the jurisdiction that you transfer the data to.

Not unless you want to. When you are using the platform and the data remains on it, you do not need to register. Openstage is registered with the UK ICO and will manage that relationship on your behalf. If you export the data at any time then you will become the full controller of that exported copy. As a controller, you are advised to register with the UK ICO or the regulator in your jurisdiction.

Openstage utilizes all the best practice cyber security measures provided by Amazon Web Services (AWS) and others to protect the data.

Yes. We are confident that our policies conform with both the spirit and letter of applicable privacy laws and represent best practices for this use case. We indemnify Artists with regard to any breach of GDPR by Openstage and are prepared to defend our position with the UK ICO. We are always keen to receive constructive feedback, answer questions, or provide detail not already addressed here. Please email gdpr@openstage.live in the first instance.

Fans register on the platform through your Artist branded campaign pages. These pages will have your images, logos, videos, and music visible on them. The fans therefore know which Artists they have registered for.

When you login to the platform you will have access to a dashboard where you can find information about all the fans who have specifically registered with you. See more on the Dashboard here.

An Artist can run campaigns using Openstage features. These will include links to campaign pages where Fans can then register. The registration process is designed to be as simple and fan friendly as possible.

You choose what data you collect about each fan for each campaign. We support a wide range of data collection including:

No. Each artist can only access the fan data of fans who have registered with that artist. A fan may be registered to more than one artist.

In order to be GDPR compliant, you will tell your fans to register before they can upload. For example "click here to register and upload your stuff".

When the fan arrives on a campaign page they are provided with links to the Openstage Terms and Conditions and Privacy Policy and are asked to tick a single checkbox accepting them and consenting to marketing communications from you. Acceptance of the T&Cs and privacy policy are mandatory for the fan to use the service.

Yes. We need to make sure it is clear and transparent to the fan that they are accepting the T&Cs and privacy notice and they need to easily access links to the actual documents in order to read them.

To register fully as a fan they will have consented to you using the Openstage platform to send communications to them. Fans consent to email, SMS/phone, and other communication mediums separately. They must consent to at least one communication medium. We do not collect consent for Openstage to market to the fans directly, so we make clear that the consent is for the artist to market to fans via Openstage.

Communications from the Openstage platform have clear instructions that allow fans to unsubscribe, either by replying or by clicking a link.

The Openstage "service" is a fan club registration service for the artist. There is no functionality available to the fan unless they have registered and opted in to marketing. Since they must register and agree to at least one communication medium in order to use the service, we bundle the acceptance of Openstage Terms and Conditions and Artist Marketing. The result is a simplified fan registration process where the fan knows exactly what they are signing up to. This has been tested with the UK ICO who have agreed this is acceptable in the context of the Openstage platform.

Not necessarily. Often Artists have other systems containing fan data and this is imported into the Openstage platform. We categorize fans into three types depending on how they have accessed the platform and how their data has been collected.

The three categories are:

Legitimate Interest Fan - Fans for whom we have no record of permissions. These are often imported from unknown sources. They can be communicated to, but only to request marketing permission from them.

Marketing Permission Fan - Fans who the Artist believes they have Marketing Permission for, but who have not signed up on an Openstage site. Typically imported from other mailing lists.

Openstage Consent Fan - Fans who have signed up on an Artist Page hosted by Openstage. Openstage therefore has a direct, auditable record of fan consent.

You should stop contacting these fans if they have not responded and given consent within three tries.

Depending on how you run your campaign, you can issue a phone number that the public can call. Their number will be recorded and you can then use this to SMS fans and encourage them to register fully. You should not contact these fans if they have not responded and given consent within three tries.

Similarly to phoning in, you can use a fan's number to SMS them and encourage them to register fully. You should stop contacting these fans if they have not responded and given consent within a three tries.

All fan data requests will be directed to Openstage who will manage them. If you export the data then you become fully responsible for the copy removed from Openstage and you must be able to receive and process data requests. In this situation, when a data request is received, it must be processed on both the Openstage platform and any exported copy you may be responsible for.