Effective Date: 1 December 2025
This Data Processing Agreement forms part of the Terms of Service between Gigevate B.V. and the counterparty using the Gigevate platform or services. This Agreement regulates the processing of personal data in compliance with the General Data Protection Regulation, the United Kingdom GDPR and the Protection of Personal Information Act.
Data Controller – means the party which determines the purposes and means of processing personal data.
Data Processor – means the party that processes personal data on behalf of the Controller.
Data Subject – means the individual to whom the personal data relates.
Personal Data – means any information relating to an identified or identifiable natural person.
Processing – means any operation performed on personal data including collection, storage, analysis and deletion.
Sub Processor – means any third party engaged by the Processor to assist with processing personal data.
Applicable Law – means all applicable privacy and data protection laws including GDPR, UK GDPR and POPIA.
The Client is the Data Controller. Gigevate acts as the Data Processor when processing personal data on behalf of the Controller. Where Gigevate determines its own purposes for processing, it acts as an independent Controller.
Purpose
To provide the Gigevate platform and associated services including booking, payments, profile management and discovery features.
Nature of Processing
Collection, recording, organisation, storage, transmission, analysis, retrieval, pseudonymisation and deletion of personal data.
Categories of Data Subjects
Artists, event organisers, public users and individuals interacting with the Gigevate platform.
Types of Personal Data
Names, email addresses, phone numbers, profile information, location data, payment information, booking history and event interaction data.
Duration
For the duration of the Client’s use of the platform and longer where retention is required by Applicable Law.
4.1 Processing on Documented Instructions
Gigevate will process personal data only on documented instructions from the Controller unless required to do so by Applicable Law.
4.2 Confidentiality
Gigevate ensures that staff and contractors authorised to process personal data are subject to confidentiality obligations.
4.3 Security
Gigevate implements appropriate technical and organisational measures to protect personal data including encryption, access controls, secure key management, role based permissions, monitoring and regular security assessments.
4.4 Sub Processors
Gigevate may appoint Sub Processors to support the provision of services. Sub Processors are bound by equivalent data protection obligations. A current list of Sub Processors is available upon request.
4.5 Assistance to the Controller
Gigevate will assist the Controller in fulfilling its obligations toward Data Subjects including access, rectification, objection, deletion and portability requests.
4.6 Personal Data Breaches
Gigevate will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s personal data. Notifications will include information required by Applicable Law as this becomes available.
4.7 Data Protection Impact Assessments
Gigevate will provide reasonable assistance where a data protection impact assessment is required.
4.8 Return or Deletion
Upon termination of services, Gigevate will delete or return personal data in accordance with the Controller’s documented instructions unless retention is required by Applicable Law.
If personal data is transferred outside the EEA, the UK or South Africa, Gigevate ensures that such transfers comply with lawful transfer mechanisms which may include Standard Contractual Clauses, the UK Addendum, adequacy regulations or applicable exemptions.
The Controller may request information necessary to demonstrate compliance with this Agreement. Gigevate will cooperate with audits carried out by the Controller or its appointed auditor subject to reasonable notice and provided that audits do not disrupt platform operations or compromise the security of other clients.
Each party is responsible for its own compliance with Applicable Law. Gigevate is not liable for processing conducted under the Controller’s instructions unless such instructions violate Applicable Law.
This Agreement will terminate automatically upon termination of the underlying service agreement unless Applicable Law requires certain terms to remain in effect.
For users in the European Union, this DPA is governed by the laws of your country of residence.
For users in the United Kingdom, this DPA is governed by the laws of England and Wales.
For users in South Africa, this DPA is governed by the laws of South Africa.
Mandatory consumer protections and statutory rights remain unaffected.
For questions regarding this DPA, contact
Gigevate B.V.
Waldorpstraat 5
2521 CA ’s Gravenhage
The Netherlands
Email: info@gigevate.com
Thank you for entrusting Gigevate with your information. We are dedicated to maintaining the privacy and security of your data as we continue to provide innovative marketing solutions for the electronic music industry.
