Hello Artist

GDPR Compliance

Last updated: 12/23/2025

1. Our Commitment to GDPR

ArtistFlow is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR and what rights you have under this regulation.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: You have given clear consent for us to process your data
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is in our legitimate business interests

3. Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at: gdpr@helloartist.ro

We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

5. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions, please contact our DPO at: dpo@helloartist.ro

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process your personal data
  • Applicable legal requirements

7. International Transfers

We may transfer your personal data outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your data, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding corporate rules

8. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of alleged infringement.

In Romania, the supervisory authority is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).

10. Updates to This Policy

We may update this GDPR compliance page from time to time. We will notify you of any significant changes via email or through a prominent notice on our website.