1. Data Controller

AG Consultancy & Services Limited (AGCS LIMITED t/a ARTISTEHUB), Company Registration 10778479, is the data controller for personal data processed through CLARA (Compilation, Licensing, Agreements & Rights Administration), a product of MAPS.

2. Information We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, role, and password (stored securely using bcrypt hashing)
• Professional Information: Performing Rights Organisation (PRO) affiliation, IPI/CAE number, publisher details, ISWC codes
• Submission Data: Song titles, co-writer information, split percentages, genre, and related metadata
• Agreement Data: Digital signatures, agreement terms, and signing timestamps
• Product Data: Compilation details, artwork uploads, UPC codes
• Usage Data: Login timestamps, notification interactions, and platform activity logs

3. Legal Basis for Processing

We process your personal data on the following lawful bases under UK GDPR:

• Contract Performance: Processing necessary to fulfil our service obligations
• Legitimate Interests: Platform security, fraud prevention, and service improvement
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Where we rely on your consent, you may withdraw it at any time

4. How We Use Your Data

• To provide and maintain the CLARA platform
• To authenticate your identity and manage your account
• To generate and administer music agreements
• To send platform notifications and email communications
• To comply with legal and regulatory obligations
• To improve our services and user experience

5. Data Sharing

We do not sell your personal data. We may share data with:

• Collecting Organisations: As necessary to administer compilation rights
• Service Providers: Secure cloud hosting and infrastructure providers
• Legal Authorities: When required by law or to protect our legal rights

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Account data is retained for the duration of your account and a reasonable period thereafter. Agreement data may be retained for longer periods to comply with contractual and legal obligations.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, secure password hashing, access controls, and regular security assessments.

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict processing of your data
• Data portability
• Object to processing
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, contact us at [email protected].

9. Contact