Video tour



Get your EntryThingy



For Artists

Call for entries list

General Data Protection Regulation (GDPR) compliance

What information we process and who has access to it

Purposes of the processing

Enable the call for artists entry and jurying process for art organizations and artists.

What kind of data we process
Who has access to it in our organization

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment. Hard drives and passwords are encrypted.

Third parties that have access

Art organizations hosting the calls have access to profile and application data from entrants that apply to their calls.

What we're doing to protect the data
When we delete data
Justification for our data processing activities

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Privacy Policy

Our privacy policy explains how the data is processed, who has access to it, and how we're keeping it safe at

Data protection

Data protection is something we consider whenever we do anything with other people's personal data. We make sure any processing of personal data adheres to the data protection principles outlined in GDPR Article 5. Technical measures include encryption, and organizational measures like limiting the amount of personal data we collect or deleting data we no longer need. This is something we are always aware of.


We use SSL encryption for all transfers of data between client software and our servers. Local backup drives are encrypted. Passwords are hashed in the database.

Internal security policy

We have a security policy that ensures our team members are knowledgeable about data security. It includes guidance about email security, passwords, two-factor authentication and device encryption.

Data protection impact assessments

We do not believe that this is required - see

Data breach

If there's a data breach and personal data is exposed, we will notify the supervisory authority in our jurisdiction within 72 hours.

Responsibility for ensuring GDPR compliance across organization

Our CEO is accountable for GDPR compliance. This person is empowered to evaluate data protection policies and the implementation of those policies.

GDPR of 3rd parties

We use Amazon's AWS for all of our cloud services. See

Privacy rights

about · terms of service · privacy policy · gdpr · server status
Third South Capital © 2009-2024