Parents or guardians – though legally in the UK children from the age of 13 can give valid consent to the processing of their personal data, we ask that parents or guardians sign this policy on behalf of all children up to the age of 18.
We keep this policy under regular review. It is important that the personal data we hold for you is accurate and current. Please inform us of any changes to your personal data during your time with us.
Controller: a personal/organisation who determines the purpose for which, and the manner in which, any personal data is processed.
Data Protection Policy: our internal data protection policy which sets out how we keep personal data secure.
Personal data: information which relates to an individual and from which he or she can be identified either directly or indirectly through other data which we have or are likely to have in our possession. These individuals are referred to as data subjects.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by an organisation electronically.
Principles: the core data protection principles underlying the Data Protection Legislation, which specify personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Process: the lawful basis for ‘processing’ of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing any operation of the personal data (including erasure/destruction).
Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
2. Our responsibilities
For the purpose of the applicable 2018 GDPR Data Protection Legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers comply with Data Protection Legislation in relation to the personal data we handle.
3. How we collect, use and disclose your personal data
Generally, we collect your personal data when you interact with us (for example, when entering into a relationship with us). However, from time to time we also need to collect personal data from other third parties in connection with our relationship with you.
What data do we ask for?
- your name, address, email address, phone numbers, date of birth, date of birth and gender
- images/photographs of you;
- identification documentation;
- details of relevant parents, guardians name, contact details
- details of your availability via our diary system
- reviews/feedback relating to your ability as/to become a client.
- details of education, school name, address and head teachers’ details
- details of relevant qualifications, training and experience, professional credits and any other related experience
- special data such as birth certificate, school letter, medical enquiry form, food allergies, height and weight.
We may also process special categories of personal data such as race, ethnic origin, religion, medical, health data. This data would be used to provide relevant Production Companies with a better service and to protect your safety. You should not disclose any of this information unless you are comfortable in doing so.
Where does this data come from?
Your personal data will be collected from various sources including:
- your application form/CV;
- when you contact us via email or telephone;
- background checks; notes and records kept for the duration of your engagement with us as a client (including details of any complaints, breaches of the terms of your contract with us, and meetings with us regarding our relationship and your engagement with us);
- from our employees, agents, casting directors and/or professional advisors. (including reviews/feedback, and images and photographs);
- publicly available sources such as magazines, press articles, documentaries and social media.
Purpose of this data?
Your personal data will be used for the following purposes:
- internal administration and management purposes;
- assessing suitability/eligibility and/or fitness;
- fulfilling our contractual obligations to you;
- fulfilling our contractual obligations to our Clients; and
- fulfilling our legal obligations.
Photographs and images of you, and your name, employment history, education, and reviews and feedback relating to your ability as an artist, may be used in our marketing and promotional material including our Website and pitches to Clients.
Who do we share your data with?
- our third party service providers who support the operation of our business;
- our Clients, for the purposes of fulfilling our contractual obligations;
- other third parties such as our legal and other professional advisers and government departments.
We shall only transfer personal data to third parties which is limited to the relevant purpose and is adequately protected.
How long do we keep your personal data for?:
By law, we have to keep basic information about our customers for a period of six years after they cease being customers for tax purposes. However, you can ask us to delete your data once the relationship is terminated.
What Legal basis do we use for processing this data?
When you provide us with the information we need you are entering into a contract with SD Talent Agency, this is the legal basis by which we process and manage your personal data.
4. Transfer of Data between Jurisdictions
Personal data may be transferred to Production Companies for the purposes of fulfilling our obligations to you and our Clients, we will aim to keep this limited to the minimum required. If the Production Company requests any information which may be considered special category of personal data, we will provide this by request only as this data is considered to be of higher risk than other personal data. We also use a number of suppliers in connection with the operation of our business and they may have access to the personal data we process. For example, an IT supplier may see our personal data when providing software support, or a company which we use for a marketing campaign may process contacts’ personal data for us. When contracting with suppliers and/or transferring personal data to a different jurisdiction, we take appropriate steps to ensure that there is adequate protection in place and that the principles are adhered to.
5. You have certain rights under GDPR which apply to you
|Right to be informed||You have the right to be informed about how we collect and use your personal data.|
|Rights related to automated decision making||You have rights in relation to any automated decision-making and/or profiling that has legal or similarly significant effects on you.|
|Right of access||You have the right to access your personal data and supplementary information held by us.|
|Right to data portability||In certain circumstances, you have the right to obtain and reuse your personal data for your own purposes across different services.|
|Right of rectification||You have the right to have inaccurate personal data rectified or completed if it is incomplete.|
|Right to object||You have the right to object to the processing of your personal data.|
|Right of erasure||In certain circumstances, you have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.|
Information security is a key element of data protection. We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
8. Contacts and complaints
You have the right to make a complain at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www. Ico.org.uk). However, we would appreciate the chance to deal with any concerns in the first instance before you contact the ICO.