GDPR Compliance

Last updated: April 2026

1. Our Commitment

M.A.P.S. | AGCS LIMITED t/a ARTISTEHUB Systems is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations under these regulations when you use the CORA platform.

2. Data Controller & Processor

We act as the data controller for personal data collected through the Platform (account details, usage data). For catalogue data uploaded by workspace administrators, we act as a data processor on behalf of the administrator or rights holder who controls that data.

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Platform\u2019s services as agreed with you or your workspace administrator.
  • Legitimate Interests (Art. 6(1)(f)): Maintaining platform security, preventing fraud, improving services, and ensuring operational efficiency.
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable UK laws and regulations.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing (Art. 18): Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

5. Data Protection Measures

  • All passwords are hashed using industry-standard bcrypt algorithms.
  • Data in transit is protected by TLS/HTTPS encryption.
  • Role-based access controls ensure users only access data relevant to their workspace and permissions.
  • Regular security assessments and monitoring are conducted.
  • Cloud infrastructure providers operate under appropriate data processing agreements.

6. International Data Transfers

Where data is processed outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with UK GDPR requirements.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner\u2019s Office (ICO) within 72 hours and inform affected individuals without undue delay.

8. Supervisory Authority

You have the right to lodge a complaint with the UK\u2019s Information Commissioner\u2019s Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

9. Contact

For GDPR-related enquiries, contact our data protection lead at [email protected].