CAS Talent Agency

GDPR Privacy Policy

This data protection and privacy notice provides information on how CAS Talent Agency (also referred to in this notice as "we" or "us") uses personal data relating to users of its websites and services (referred to in this notice as "you"). Our websites and services are referred to in this notice as the "Sites" and the "Services".

It also contains information on marketing activities and the use of cookies on our Sites.

This policy was last updated on 25/05/2018, in response to the European Union's General Data Protection Regulation – referred to, throughout, as GDPR.

Introduction

In order to conduct its business activities, it is necessary for us to act as a data processor with respect to gathering and using the personal data of individuals. These can include clients, suppliers, employees, models, actors, dancers, choreographers and other people the company has a relationship with or may need to contact. This policy sets out how we collect, use and protect any information you give us when you use this website and/or our services.

We are committed to safeguarding your privacy. Should we ask you to provide certain information, you can be assured that it will only be used in accordance with this policy. We may be required to update this policy from time to time in order to remain legal and compliant. You should check this page periodically to ensure that you are happy with any changes.

Why this policy exists

This GDPR Privacy Policy ensures we:

  • Comply with GDPR and follows good practice;
  • Protects the rights of employees, talent and clients;
  • Is open about how we store and process individuals’ data;
  • Protects itself from the risks of a data breach.

What we collect

We may collect the following information:

Clients

  • Name, company name and job title;
  • Contact information including telephone number and email address;
  • Business address and postcode;
  • Other information relevant to your enquiry.

Talent

  • Name;
  • Contact information including telephone number and email address;
  • Demographic information including address and postcode;
  • Statistics and work experience, skills;
  • Images and videos;
  • National Insurance Number;
  • UTR Tax number;
  • Copies of Identification – may include a passport, drivers licence, nationality card, ID Card.

Employees and Freelancers

  • Name;
  • Contact information including address, telephone number and email address;
  • Details of previous work and/or employment;
  • Other information to enable us to fulfil a contract or terms & conditions.

Personal Information

For as long as is necessary after your involvement with us, we will need to process data about you. The kind of data that the Company will process includes:

  • contact names and addresses
  • correspondence with the Company and other information that you have given the Company through applications, contracts, consent forms, medical information and feedback sheets.

We believe that those records used are consistent with the relationship between the Company and yourself and with the data protection principles. The data the Company holds will be for management and administrative use only but the Company may, from time to time, need to disclose some data it holds about you to relevant third parties (e.g. where legally obliged to do so by HM Revenue & Customs, where requested to do so by yourself for the purpose of giving a reference or in relation to maintenance support and/or the hosting of data in relation to the provision of insurance).

In some cases the Company may hold sensitive data, which is defined by the legislation as special categories of personal data, about you. For example, this could be information about health, racial or ethnic origin, criminal convictions, trade union membership, or religious beliefs. This information may be processed not only to meet the Company's legal responsibilities but, for example, for purposes of personnel management and administration, suitability for employment, and to comply with equal opportunity legislation. Since this information is considered sensitive, the processing of which may cause concern or distress, you will be asked to give express consent for this information to be processed, unless the Company has a specific legal requirement to process such data.

Lawful Reasons for Processing

Our lawful reason for processing your personal information will usually in the first instance be “legitimate interests”. Under this we can process your information if we have a genuine and legitimate business reason and we are not harming any of your rights and interests.

What we do with the information we collect

Clients

We require this information to understand your needs and provide you with a better service and in particular, for the following reasons:

  • To provide on-going customer service and maintain internal record keeping including for accounting purposes;
  • To enable contact by email or phone in relation to the enquiry you have made with us;
  • To periodically send update emails or other information relevant to your enquiry. You may unsubscribe from receiving these emails at any time by clicking the unsubscribe link which is included at the bottom of all our update emails.

Talent (including: models, dancers, actors etc).

We require this information to understand the areas of work we can put you forward for and in particular, for the following reasons:

  • Internal record keeping
  • We may contact you by email or phone in relation to work enquiries;
  • We may periodically send update emails using the email address which you have provided. You may unsubscribe from receiving these emails at any time by clicking the unsubscribe link which is included at the bottom of all our promotional emails.

Retention

Any personal data held by us for marketing updates will be kept by us until such time that you notify us you no longer wish to receive this information.

Security

We are committed to ensuring that your information is secure and protected against unauthorised or unlawful processing, accidental loss, destruction and damage. In order to prevent unauthorised access or disclosure, we use the following software Google Drive / Dropbox and Syngency which are all GDPR compliant.

Paperwork

Personal data collected in paper form is stored in locked filing cabinets and shredded when no longer required.

Security Breaches

Despite all the controls we have put in place to address all the key GDPR principles, there is still always a risk a data breach may happen. In the unlikely event of this, the breach will be notified to all data subjects affected without undue delay. If appropriate, this will also be reported to the ICO within 72 hours of us becoming aware. The person who should be informed of any breaches Christian Ihekweme (Director of CAS Talent Agency) and is contactable by email at all times [email protected].

Third party processing

Our work for you may occasionally require us to pass your information to our clients for the purpose of possible work. Where we are entering into an engagement with a third party, we will seek to be satisfied that they have secure measures in place so your privacy rights continue to be protected as outlined in this policy.

We only disclose information that is necessary to deliver our services and we never allow your personal data to be used by any third party for any market research, marketing or other commercial purposes. Under GDPR law, we may be required to disclose your data for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Your rights under GDPR

Your principle rights under GDPR are:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and

This means you have the right to know what data we are holding for you at any time, the right to access this data, change it and/or have it removed from any further processing activity.

Subject access request

If you would like to contact us with a subject access request, please use the email address [email protected] with ‘GDPR Subject Access Request’ in the subject line. We will contact you within ten days of receiving this request.

If you are unhappy with the way your subject access request has been dealt with, you have the right to report a concern with a supervisory authority. In the UK, this is the Information Commissioner’s Office www.ico.org.uk/concerns/.