Sign In
Sign In
Get Password
Create account
Join Now

Data Processing Addendum (DPA)

Data Processing Addendum (DPA)

Last Updated: 11/21/2025

This Data Processing Addendum (“Addendum”) supplements the Artsoundz Terms & Conditions and Privacy Policy, and applies when Artsoundz processes personal data on behalf of a business user (the “Client”) under applicable privacy laws (including GDPR, CCPA, and UK GDPR).

1. Definitions

  • Controller: The entity that determines purposes and means of processing personal data (typically the Client).
  • Processor: Artsoundz International LLC, acting on behalf of the Client.
  • Data Subject: An identified or identifiable person whose personal data is processed.
  • Applicable Laws: GDPR, UK GDPR, CCPA, PIPEDA, and other privacy laws.

2. Scope

This Addendum applies only to data processed by Artsoundz when providing Services to Clients or handling their customers’ personal data.

3. Roles and Responsibilities

  • The Client acts as the Controller.
  • Artsoundz acts as Processor.
  • Each party shall comply with applicable data protection laws.

4. Processing Details

Purpose: Deliver and improve Artsoundz Services
Nature: Hosting, storage, analytics, communication, payment management
Duration: For the duration of the contract or until deletion requested
Categories of Data: Contact info, account details, billing info, project data, communications
Categories of Data Subjects: Users, clients, collaborators, artists, contractors

5. Artsoundz Obligations

Artsoundz shall:

  1. Process personal data only as instructed by the Client

  2. Maintain confidentiality of all data

  3. Implement appropriate technical and organizational security measures

  4. Notify Client promptly of any data breach

  5. Assist with data subject rights (access, deletion, etc.)

  6. Engage subprocessors only with appropriate contracts and safeguards

6. Subprocessors

Artsoundz may use trusted subprocessors such as:

  • AWS/Namecheap (hosting)
  • Stripe (payments)
  • Google (analytics, authentication)
  • SendGrid / Mailchimp (communications)
    A full list can be provided upon request.

7. International Transfers

Artsoundz may transfer data globally, ensuring compliance through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding corporate rules (where applicable)

8. Security Measures

Artsoundz maintains:

  • Data encryption (in transit and at rest)
  • Role-based access controls
  • Regular penetration testing
  • Backup and recovery procedures

9. Breach Notification

In the event of a data breach, Artsoundz will:

  • Notify the Client without undue delay
  • Provide relevant details and remediation steps
  • Cooperate with regulatory authorities as required

10. Deletion or Return of Data

Upon contract termination or written request, Artsoundz will delete or return all personal data within 30 days, unless retention is required by law.

11. Audits

Upon reasonable notice, the Client may request documentation or audit confirmation of Artsoundz’s compliance with this Addendum.

12. Governing Law

This Addendum is governed by the laws of Delaware, USA, unless superseded by applicable data protection law.

13. Contact

Artsoundz International LLC
Email: Jrosado@artsoundz.com

Website: https://artsoundz.com