EntryThingy Logo
EntryThingy

GDPR Compliance

Introduction

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. This document outlines how EntryThingy complies with GDPR requirements when processing personal data.

Data Controller and Data Processor

EntryThingy acts as both a Data Controller for user accounts and a Data Processor for art organizations that use our platform. Art organizations that use EntryThingy to collect submissions are the Data Controllers for the submissions they receive.

Personal Data We Collect

We collect the following types of personal data:

  • Account Information: Name, email address, password (encrypted), and contact details.
  • Profile Information: Artist statements, biography, CV, and other professional information.
  • Technical Data: IP address, browser information, device information, and cookies.
  • Usage Data: How you interact with our services, features you use, and time spent on the platform.
  • Communications: Information from your communications with us and other users on the platform.

Legal Basis for Processing

We process personal data on the following legal grounds:

  • Contractual Necessity: To provide our services and fulfill our contractual obligations to you.
  • Legitimate Interests: To improve our services, maintain security, prevent fraud, and for analytics.
  • Consent: For specific processing activities where we ask for your consent.
  • Legal Obligation: To comply with legal requirements.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

  1. Right to Access: You can request a copy of your personal data.
  2. Right to Rectification: You can request that we correct inaccurate or incomplete data.
  3. Right to Erasure: You can request that we delete your personal data.
  4. Right to Restrict Processing: You can request that we restrict the processing of your personal data.
  5. Right to Data Portability: You can request a copy of your data in a machine-readable format.
  6. Right to Object: You can object to our processing of your personal data.
  7. Rights Related to Automated Decision Making: You can request human intervention in automated decisions.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of personal data during transmission and at rest.
  • Regular testing and evaluation of the effectiveness of security measures.
  • Procedures to address potential data breaches.
  • Access controls and authentication mechanisms.

International Data Transfers

EntryThingy primarily stores and processes data within the United States. For users in the EU, we ensure appropriate safeguards are in place when transferring data outside the EU, such as Standard Contractual Clauses or participation in the Privacy Shield framework.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • As required to provide our services.
  • To comply with legal obligations.
  • To resolve disputes.
  • To enforce our agreements.

User accounts that have been inactive for an extended period will be automatically deleted.

How to Exercise Your Rights

To exercise your GDPR rights, please contact us at privacy@entrythingy.com. We will respond to your request within one month. You may also contact your local data protection authority if you have concerns about our data processing.

Changes to This Policy

We may update this GDPR policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date. We encourage you to review this policy periodically to stay informed about how we are complying with the GDPR.

Contact Information

If you have any questions about our GDPR compliance, please contact us at:

EntryThingy
Data Protection Officer
privacy@entrythingy.com

Last Updated: May 20, an_test