Privacy Policy

1. Introduction and Terms

GigRealm International Ltd (“We” or “us”) are committed to protecting and respecting your personal data and privacy.


This privacy policy relates to how we use and collect personal data from you through your use of this website www.gigrealm.com, our GigRealm platform and subscription services as a user acting on behalf of an account holder or a user who is also an account holder with GigRealm (Users). It also relates to our use of any personal information you provide to us whether in written correspondence (including letter and email), by SMS, through social media, or in person.


Please note that this website, our platform and our services are not intended for children under the age of 18 and we do not knowingly collect data relating to children. If you believe that we are processing the information relating to a child under the age of 18, please contact us using the details set out below.
Whenever you provide personal data, we are legally obliged to use your information in line with all applicable laws concerning the protection of such information; including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”) and the Privacy of Electronic Communications Regulations (“PECR”) together with other subsequent laws (“Data Protection Laws”).


This privacy policy also forms part of our terms of business and is not intended to override them. This policy may be amended or updated from time to time and any revisions will be posted to this page. You should check back regularly to ensure you are aware of changes to it.

 

2. Who we are and how to contact us

2.1 For the purpose of the Data Protection Laws, the data controller is GigRealm, a limited company registered in England and Wales under number 14278489 unless otherwise stated. If you want to request more information about our privacy policy or information regarding data protection you should contact us using the following details:

FAO: Privacy Officer
GigRealm
Lowin House
Tregolls Road
Truro
TR1 2NA

Email: privacyoffice@gigrealm.com

This Policy was last updated on 17/02/2022.

 

3. The data we collect about you

We collect and process personal data. Typically, the personal data we collect and process will include:

Data we collect direct from you directly as a User or (as indicated by *) from other Users about you:

Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender and images.

Contact Data: includes billing address, delivery address, email address and telephone numbers.

Financial Data: includes bank account and payment card details.

User Data: includes your username and password, any GigContract™ you are a party to, your messaging facility history, your interests, preferences, feedback and survey responses.

Marketing and Communications: data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Profile Data: includes any information you make visible to other Users via your GigRealm Profile and any associated User rating or reviews given to you by other Users*. Not all of the information that you provide when setting up your Profile is necessary for the use of GigRealm. For example, whilst you will need to give us your first and last names in order to set up your user account, you do not need to tell us your gender or provide a picture of yourself. It is up to you to decide how much additional information you wish to share with us and other Users.

Special Category Data: We do not routinely request the following special categories of personal data about you: details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric data. Nor do we collect any information about criminal convictions and offences. We may inadvertently process special category data in the event that you share Special Category Data with us or other Users, for example in the course of arranging accessibility provisions at a venue. By providing this data to another user within our messaging facility, or anywhere else on the site, you are consenting to our processing that data and acknowledge that we may not be able to erase this sensitive information from our systems once provided. Such data will not be disclosed by us to third parties in any circumstances unless you make it available on your Profile.

Data we collect through monitoring your use of our website, platform and services:

Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Usage Data: includes information about how you use our website, products and services.

Please note that we may collect and/or process other personal data from time to time.

We may also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered to be personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate a percentage of Users accessing a specific feature of our services. However, if we combine or connect your aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used solely in accordance with this policy.

We only collect data from you directly or via third parties (see the section Third Parties). As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

 

4. If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

5. How your data will be used

We shall use information held about you for the purposes outlined below.

We have set out below in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

All Users

To process and deliver the Gig Realm platform and services including:

Manage payments, fees and charges;

Collect and recover money owed to us.

Identity

Contact

Financial

Transaction

Marketing and Communications

Performance of a contract with you or the Account Holder.

Necessary for our legitimate interests (to recover debts due to us).

To manage our relationship with you which will include:

Notifying you about changes to any of our terms, including our privacy policy;

Asking you to leave a review or take a survey.

Identity

Contact

Profile

User (excluding your password)

Marketing and Communications

Performance of a contract with you or the Account Holder.

Necessary to comply with a legal obligation.

Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).

To enable you to partake in a competition or complete a survey.

Identity

Contact

User (excluding your password)

Usage

Marketing and Communications

Performance of a contract with you or the Account Holder.

Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business).

To administer and protect our business, this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Identity

Contact

Technical

User

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

Necessary to comply with a legal obligation.

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Identity

Contact

Profile

User (excluding your password)

Usage

Marketing and Communications

Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

Technical

Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

To make suggestions and recommendations to you about goods or services that may be of interest to you

Identity

Contact

Technical

Usage

Profile

User (excluding your password)

Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business). You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.

To manage disputes between Users/Account Holders.

Identity

Contact

Profile

User (excluding your password) 

between disputing parties.

Performance of a contract with you or the Account Holder.

 

Artist Accounts and One-Off Event Accounts

To register you as a new Artist (or representative) or One-Off Event Manager.

Identity

Contact

Performance of a contract with you.

To share your Profile with Music Labels Account Users at your request. 

Identity

Contact

Profile

Consent 

To add you as a User linked to an Artist or One-Off Event Account.

Identity

Contact

User

Marketing and Communications

Consent

 

Necessary for our legitimate interests (where consent is withdrawn, but historic records contain your Identity and Contact data such as messaging facility records forming part of the GigRealm Contract)  

Venue and Corporate Accounts

To register a Venue or Corporate Account with a free trial.

We act as the Venue Account or Corporate Account Holder’s processor.

To register you as a User under a Venue or Corporate Account.

We act as the Venue Account or Corporate Account Holder’s processor.

To merge a Venue Account with a Corporate Account. 

We act as the Venue Account or Corporate Account Holder’s processor.

To process payments on behalf of a Venue under a Corporate Account or under its own Venue Account.  

We act as the Venue Account or Corporate Account Holder’s processor.

Music Label Accounts

To register you as a User under a Music Label Account.

 We act as the Music Label Account Holder’s processor.

To promote Artists to Music Labels and facilitate communication between Music Labels and Artists/Venues.

We act as the Music Label Account Holder’s processor.

 

6. Lawful basis for processing

We only process your data (which may include providing it to a third party) where we have identified a valid lawful basis to do so. These are as follows:

Contractual obligation – Where processing is necessary to comply with our obligations arising out of a contract, for example, where you have bought products from us we will use the personal data you provide to fulfil our contractual obligations e.g. taking payment /shipping.

Legitimate Interest – Where we use legitimate interests we will record our decision on making this decision. We rely on legitimate interest where processing of the data we hold on you does not, in our opinion, affect your rights or freedoms and is proportionate to our interests e.g. keeping you up to date with our latest products or obtaining your feedback on our service.

Consent – We will seek to obtain your consent to process your data outside our contractual obligations (see above) unless we have identified a Legitimate Interest (see above).

We may also process personal data where we are under a legal obligation to do so; or where it is in someone’s vital interests to do so.

 

7. Third parties and sharing information

We never sell your data to third parties or allow third parties to contact you without your permission. We will however share your data with third parties to process on our behalf and in accordance with our instruction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Please see below the list which sets out routine third-party recipients of personal data.

Service providers who may receive your personal data:

Integrated location services

Google Maps

Google Maps

IT support and web development service provider

This Is Crowd

Their standard terms of engagement.

IT Hosting Services

Rackspace (based in the US)

Rackspace Privacy Policy

Third-party software providers

Member Mouse (based in the US)

Privacy Policy (NEW) | MemberMouse

Hubspot (based in the US)

HubSpot Privacy Policy

Email Provider

MailChimp (Intuit) (Based in the US)

MailChimp Privacy Policy

Send Grid (based in the US)

Send Grid Privacy Policy

Data Protection Addendum (twilio.com)

SMS Provider

Twilio (based in the US)

Twilio Privacy Policy

Data Protection Addendum (twilio.com)

Online payment providers

Stripe (based in the US with data being transferred globally). Please see terms below.

Stripe Services Agreement

Stripe Connected Account Agreement

Stripe Connect Platform Agreement

Marketing service providers

Mailchimp (based in the US)

Mailchimp Data Processing Addendum Preview | Mailchimp

Influence Digital Limited (based in the UK but transfers outside of UK/EEA)

Influence Digital Privacy Policy 

Professional service providers and financial institutions.

Banks, accountants and solicitors (based in the UK)

Their standard terms of engagement.

We may also disclose your personal data to third parties (1) where you give your consent to the disclosure; (2) where a competent law enforcement body, regulator, government agency, court or other third-party requires the disclosure as a matter of applicable law or regulation; or to exercise, establish or defend our legal rights. This may be without your knowledge or consent; (3) to protect the vital interests of an individual; or (4) to an actual or potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only in accordance with this Privacy Policy.

 

8. Payments

Please refer to our Platform Terms of Service for the terms and conditions on which we take payment from you.

We use a third-party payment provider to take service subscription payments and to distribute Artists’ fees for an event. The following additional terms apply:

https://stripe.com/en-de/connect-account/legal

https://stripe.com/en-de/privacy

 

9. Sharing information with other Users

The nature of our service and platforms means that your personal data will be shared with other Users. In particular, we share information with other Users in the following circumstances:

Artist data (or their representative’s): Artist Profiles will be visible by all Venue, Corporate and One-Off Event Users. Additional information such as your full name(s), your location, contact details, preferred payment methods, etc. will be shared with the venue at which you will be performing (or their representative) once the performance has been confirmed. Music Labels will not have access an Artist’s Profiles and associated ratings unless the Artist indicates their preference to share with Music Labels under account settings.  Artists may grant permissions to edit and manage their Artist Profile to bandmates or representatives, such individuals shall hold their own User account linked to the Artist Profile.  

Venue data (or their representative’s): Venue Profiles will be shared with Artists. Additional information such as the full name of the Venue point of contact, their contact number, etc. will be shared with an Artist (or their representative) once their performance has been confirmed.

One-Off Event Users data (or their representative’s): One-Off Event Profiles and associated ratings will be shared with Artists. Additional information such as the full name of the point of contact, their contact number, etc. will be shared with the artist (or their representative) once their performance has been confirmed.

Corporate account data: Corporate accounts are purely administrative, and do not have a visible profile. All User interaction will be conducted between the respective Venue and Artist’s Profiles. In the event that a venue agrees to have their existing account moved over to join a larger corporate account covering several venues (for example if they are part of a pub chain who joins the platform as a corporate account) then we will share the venue’s name and the main account holders name with the corporate account you are joining. We will only make this change and share this information with your agreement. Once your account is moved over to the corporate account your entire profile and account history, including Financial Data, for that account will be migrated over and accessible by the corporate account from the date of migration.

Music Label data: Music Label Profiles will not be visible to any Users. However, a ‘connection’ and messaging facility between the Music Label and an Artist will be activated entirely at the Music Label’s discretion. Additional information will be shared between the Music Label and respective Artist by consent via the messaging facility. Music Labels will not have access to an Artists Profile unless that Artist consents to their profile being made available to Music Labels under their account settings.  

For the avoidance of doubt, we do not share your payment or billing information with other Users. All payments processed via the GigRealm site are processed via Stripe. Users may agree an alternative payment method, and we have no responsibility for the transfer of data where Users choose an alternative method of payment.

 

10. Using your data when promoting the GigRealm platform

Please refer to our Platform Terms of Service. We have a legitimate interest to use your Profile data in our advertisements and other promotional materials. Such materials may contain personal data, such as images of Users. We shall give you advance notice of our intention to use your personal data via your GigRealm account and you will have the opportunity to opt-out of such use.

 

11. Where your data is held

Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
  •  

12. Applications to work for us

If you apply to work for us (directly or indirectly) in any role we may receive data about you from third parties. In addition, we will keep the details of your application and any additional information provided to us by you or others during your application so that we can keep you informed of future opportunities that you may be interested in. If you do not wish for us to keep your details for this reason, please let us know by contacting us using the details provided in this policy.

 

13. Data retention

Our data retention policy is dictated by the Data Protection Laws and is available for inspection by submitting a written request using the contact details provided in this policy.

 

14. Your rights

Under the Data Protection Laws your rights are:

To be informed – We must make this privacy policy (sometimes referred to as a privacy notice) available with the emphasis on transparency over how we process your data.

Access – You are entitled to find out what details we may hold about you and why. We strive to be as open as we can be in terms of giving people access to their personal data. Individuals can find out if we hold any of their Personal Data by making a formal request under the Data Protection Laws. Such requests should be in writing to the contact details provided in this policy. If we do not hold information about you we will confirm this in writing at the earliest opportunity. If we do hold your personal data we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy). The information we supply will:

(a) confirm that your data is being processed;
(b) verify the lawfulness and the purpose of the processing;
(c) confirm the categories of personal data being processed;
(d) confirm the type of recipient to whom the personal data have been or will be disclosed; and
(e) let you have a copy of the data in format we deem suitable or as reasonably required by you.

Rectification – We are obliged to correct or update your details. We will correct or update your data without delay provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.

Erasure – This is also known as the request to be forgotten. Under Data Protection Laws you have the right to erasure. The right only applies to data held at the time the request is received. It does not apply to data that may be created in the future. The right is not absolute and only applies in certain circumstances. A request for erasure will be decided on a case-by-case basis. You can subject an erasure request under your account settings.

Restrict processing – You have the right to ‘block’ or suppress the processing by us of your personal data.

Portability – You have the right to obtain and reuse your personal data that you have provided to us.

Object – You have the right to object to us processing your data in relation to direct marketing and or profiling.

Rights in relation to automated decision making and profiling – We do not use automatic decision making or profiling.

Please note that you may need to provide identification in order to prove who you are if you wish to invoke any of your rights above. The data subject right may also be subject to certain exemptions and limitations which we shall set out in any response to you. 

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

You also have the right to complain about the processing of your personal data. Please contact us using the details provided above. If you are still unsatisfied you have the right to complain to the Information Commissioners Office.