Privacy Policy

Introduction

This privacy policy sets out the basis on which we collect, use and disclose your personal data.  Please read this policy carefully alongside any applicable Terms & Conditions to understand our views and practices regarding your personal data and how we will treat it.

More information can be provided on request. Definitions and words in bold type are defined in the Appendix at the end of this privacy policy.

For the purpose of the applicable Data Protection Legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers and People comply with Data Protection Legislation in relation to the personal data we handle.

We require our People to comply with this privacy policy and our Data Protection Policy when dealing with personal data. We have a Data Protection Manager who is responsible for overseeing and enforcing the compliance of our business and People with the Data Protection Legislation, and for ensuring our People receive regular compliance training.

We take personal data breaches very seriously and are required to notify the Information Commissioner’s Office in the event of such a breach.

When using, collecting and disclosing personal data, we follow the key data protection principles.

We have policies, procedures and records to demonstrate compliance with the principles, as further detailed in our Data Protection Policy.

The following headings in RED summarise how we collect, use and disclose your personal data

Types of personal data:

Information such as your:

Collection:

Your personal data will be collected for relationship management and file opening is collected from you directly and further information (e.g. to verify your identity) may be collected from third parties, such as publicly available sources.

When you contact us via email or telephone, we may collect any personal data you provide you provide to us.

All additional personal data is collected when supplied to us or created by us in connection with a particular matter on which we are engaged

Purpose:

Your personal data will be used for relationship management and file opening data is used for providing legal services, administration, commercial purposes (e.g. creditworthiness) and as required by law (e.g. anti-money laundering).

All other personal data will be used for the purposes of providing legal services and to comply with our statutory/ regulatory obligations.

Disclosure:

Your personal data may be disclosed to:

We shall only transfer personal data to third parties which is limited to the relevant purpose and is adequately protected.

Retention Period:

Client personal data shall be kept for   6   years OR for the period specified in our Data Protection Policy and we shall not keep your personal data for longer than is necessary.

We will ensure we keep all personal data up to date and shall immediately and permanently delete any personal data which is not necessary for the purpose.

Types of data:

Personal data such as

We may also process sensitive personal data such as health details, racial origin, religious beliefs and information about offences/ alleged offences.

Collection:

Your personal data will be collected from various sources including:

Purpose:

Your personal data will be used for the following purposes:

Photographs and images of you, your name, and information about your education and employment may be used in our marketing and promotional material including our Website and pitches to Clients.

Disclosure:

Your personal data may be transferred to

We shall only transfer personal data to third parties which has been limited to the relevant purpose.

Retention Period:

Our People ’s personal data shall be kept for   6  years OR for the period specified in our Data Protection Policy and we shall not keep your personal data for longer than is necessary.

We will ensure we keep all personal data up to date and shall immediately and permanently delete any personal data which is not necessary for the purpose.

Personal data must be processed in line with an individual’s rights, including the right to:

Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Manager using the contact details provided at the end of this privacy policy.

Our People must notify or inform the Data Protection Manager immediately if they receive a request in relation to personal data which the firm processes.

The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation (as applicable).

Information security is a key element of data protection.  We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. Our policy and approach to information security is contained within our Data Protection Policy.

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to our GDPR Compliance Team at assistant@choicemodelmanagement.co.uk

You should direct all complaints relating to how the firm has processed your personal data to the Data Protection Manager.

Appendix

Clients: any person, business or other organisation who engages, or is looking to engage, the services of our Models & Talent.

Controller: a personal/organisation who determines the purposes for which, and the manner in which, any personal data is processed.

Data Protection Manager: an individual who is responsible for ensuring compliance with data protection legislation, including training staff, conducting internal audits, implementing internal policies and being the first point of contact for the Information Commissioner’s Office.

Models & Talent: models & talent who have engaged, or are looking to engage, our modelling agency and/or management services and are, or are considering being, represented by us. 

People: all people providing services to or working for us, including but not limited to our employees, directors, members, and contractors.

Personal data: information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which we have or are likely to have in our possession. These individuals are sometimes referred to as data subjects.

Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by an organisation electronically. A personal data breach may mean someone outside the organisation gets unauthorised access to personal data, but a breach can occur if there is unauthorised access within the organisation or if an employee accidentally alters or deletes personal data.

Principles: the core data protection principles underlying the Data Protection Legislation, which specify personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Additionally, organisations must adhere to the principle of accountability.

Process: the ‘processing’ of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing any operation of the personal data (including erasure/destruction).

Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Purpose: the purposes identified in the “Purpose” column of the tables in section 3 of this privacy policy (How we collect, use and disclose your personal data), as applicable.

Third party: a person, organisation or another body other than the data subjectcontrollerprocessor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Website: www.choicemodelmanagement.co.uk