Why do we collect and process your personal data?
We need to collect and process some of your personal data to carry out job seeking on your behalf and fulfil our obligation as an agent.
Who do we share your personal data with?
We share the professional identities of our managed talent with potential hirers (casting directors, production companies, ad agencies etc). This also occurs in reverse. We may also share some of your data with service providers such as hosting and technology suppliers. However we will never use your data for profiling purposes.
Do we need a lawful basis to collect and process your personal data?
Yes. All companies must have a legitimate reason for collecting and processing your data. GDPR refers to this as the “lawful basis for processing” and sets out six different types of lawful basis. In our case, the main lawful bases allowing us to collect and process your data are ‘contractual’ and ‘legitimate interest.’
Who has access to the personal data that we hold?
Only authorised staff and IT system administrators have access to your data. Other parties, such as production companies, may have different procedure and safeguards in place when handling your data.
What staff training are we providing on data protection?
All our staff receive training to help them understand and implement the latest data protection rules and guidelines. They also take refresher training on data protection and other important topics as part of our ongoing development and competency procedures.
Do we back up our clients personal data? If so, then how often?
Yes, we back up our core data systems daily and store backed-up data both on and off site. We send the offsite backups to the Amazon S3 EU data centre. The transmission and storage of this data is encrypted.
What IT security do we have in place to protect our clients’ personal data while it’s being stored, transferred, or used by us?
Our computer network is password protected and secured using role based permissions, which means only staff with the correct authorisation can view and process client data. Remote access to our computer network is solely permitted through a system of multi-factor authentication.
How do we dispose of hardware and the storage media containing personal data?
We treat the disposal of all hardware and storage media with the utmost care, ensuring it is dealt with securely and responsibly. All printed documentation is cross shredded on site or destroyed by a trusted contractor at a BS1517-accredited facility.
What procedure are in place to detect data security breaches?
We have 24/7 hardware and software monitoring, login and auditing for all core systems. Users are subject to policies which cover computing equipment use, acceptable use, remote working and travel, email use and password use.
How long do we keep your data?
We retain your personal data while your management contract is still in place with us and then contact information only, for 5 years after contract termination. This is to ensure you can receive residual payments from past jobs.
Rights to access and control your personal data.
- Delete Data: You can ask us to erase or delete all or some of your personal data.
- Change or Correct Data: You can ask us to change, update or fix your data, particularly if it’s inaccurate.
- Right to Access: You can ask us for a copy of your personal data that will be provided in machine readable format.
How to contact us
If you have any questions regarding this Privacy Notice or wish to make a request regarding your personal information, please contact:
The Data Protection Manager
Simon & How Associates
70-72 Clifton Street
You may also email us at firstname.lastname@example.org
You have the right to file a complaint with the respective supervisory authority:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire
Cookies are files sent by web servers to web browsers, and stored by the web browsers.
The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
Cookies on our website
SHA uses the following cookies on this website, for the following purposes:
Your user name
A double-hashed copy of your password
Most browsers allow you to refuse to accept cookies.
In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.
This document was created using a Contractology template available at http://www.freenetlaw.com.