Privacy Policy


We are a talent agency. People use our services to find and be found for business opportunities. Our privacy policy applies to everyone (hirer and worker) who uses our services.

Why do we collect and process your personal data?

We need to collect and process some of your personal data to carry out job seeking on your behalf and fulfil our obligation as an agent.

Who do we share your personal data with?

We share the professional identities of our managed talent with potential hirers (casting directors, production companies, ad agencies etc). This also occurs in reverse. We may also share some of your data with service providers such as hosting and technology suppliers. However we will never use your data for profiling purposes.

Do we need a lawful basis to collect and process your personal data?

Yes. All companies must have a legitimate reason for collecting and processing your data. GDPR refers to this as the “lawful basis for processing” and sets out six different types of lawful basis. In our case, the main lawful bases allowing us to collect and process your data are ‘contractual’ and ‘legitimate interest.’

Who has access to the personal data that we hold?

Only authorised staff and IT system administrators have access to your data. Other parties, such as production companies, may have different procedure and safeguards in place when handling your data.

What staff training are we providing on data protection?

All our staff receive training to help them understand and implement the latest data protection rules and guidelines. They also take refresher training on data protection and other important topics as part of our ongoing development and competency procedures.

Do we back up our clients personal data? If so, then how often?

Yes, we back up our core data systems daily and store backed-up data both on and off site. We send the offsite backups to the Amazon S3 EU data centre. The transmission and storage of this data is encrypted.

What IT security do we have in place to protect our clients’ personal data while it’s being stored, transferred, or used by us?

Our computer network is password protected and secured using role based permissions, which means only staff with the correct authorisation can view and process client data. Remote access to our computer network is solely permitted through a system of multi-factor authentication.

How do we dispose of hardware and the storage media containing personal data?

We treat the disposal of all hardware and storage media with the utmost care, ensuring it is dealt with securely and responsibly. All printed documentation is cross shredded on site or destroyed by a trusted contractor at a BS1517-accredited facility.

What procedure are in place to detect data security breaches?

We have 24/7 hardware and software monitoring, login and auditing for all core systems. Users are subject to policies which cover computing equipment use, acceptable use, remote working and travel, email use and password use.

How long do we keep your data?

We retain your personal data while your management contract is still in place with us and then contact information only, for 5 years after contract termination. This is to ensure you can receive residual payments from past jobs.

Rights to access and control your personal data.

How to contact us

If you have any questions regarding this Privacy Notice or wish to make a request regarding your personal information, please contact:

The Data Protection Manager

Simon & How Associates

29 Charlotte Road



You may also email us at

Supervisory authorities

You have the right to file a complaint with the respective supervisory authority:

Information Commissioner’s Office

Wycliffe House Water Lane Wilmslow Cheshire


About cookies

This website uses cookies. By using this website and agreeing to this policy, you consent to SHA’s use of cookies in accordance with the terms of this policy.

Cookies are files sent by web servers to web browsers, and stored by the web browsers.

The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.

Cookies on our website

SHA uses the following cookies on this website, for the following purposes:

Your user name
A double-hashed copy of your password

Google cookies

SHA uses Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google’s privacy policy is available at:]

Refusing cookies

Most browsers allow you to refuse to accept cookies.

In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.

In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.

Blocking cookies will have a negative impact upon the usability of some websites.


This document was created using a Contractology template available at