General Data Protection Policy (including Staff Records)

 

Scope of the Policy

 

At Seven Studios UK Limited we hold information protected by the General Data Protection Regulations (GDPR) and the Data Protection Bill 2018, including personal data about our employees and staff, clients, suppliers, customers and other individuals, for a variety of business purposes.

 

Everyone working for us has a legal obligation to ensure that we comply with the requirements of the GDPR and follow the safeguards we have implemented in order to best protect all the Personal Data we hold.

 

This policy sets out how Seven Studios UK Limited will seek to protect personal data and individuals’ rights and obligations in relation to their personal data.  This policy should be read in addition to our Policies relating to staff use of the internet and e-mail.

 

The person(s) responsible for this policy and Data Protection compliance in the Company is Claire Browne.

 

This Policy should be regarded as a living document that may be amended by us at any time, to ensure our ongoing compliance with The General Data Protection Regulations (effective 25th May 2018) and the UKs Data Protection Act 2018.

 

 

In this policy Seven Studios UK Limited with registered office at Henry Wood House, 2 Riding House Street, London, W1W 7FA, (Company or we) informs you about how we collect, use and disclose personal data from and about you, through this website www.seventstudiosuk.com and our associated web sites.
You can find a brief summary of this Privacy Policy below. For further details with regard to the data processing carried out by the Company please go to the corresponding paragraphs.

Effective Date – January 2020

 

 

Definitions

 

Personal Data is data we gather which relates to a living individual who can be identified from that data, or from that data in conjunction with other readily available information, e.g. their name, address, images, telephone numbers, personal email addresses, date of birth, bank and payroll details, next of kin, passport particulars etc. It can also include data such as IP addresses and data automatically collected when using computers and the internet, as well as educational background (certificates, diplomas, education, skills, CV), skills, marital status, nationality, job title, contact details, references, attendance records, performance records and so on.

 

This data may be collected from the individual themselves or provided by other parties, and may be in paper or electronic format.

 

Special Category Data is data that relates to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), physical or mental health matters, sexual orientation/life, genetic and biometric data.

 

Criminal Records data means information about an individuals criminal convictions and offences, and information relating to criminal allegations and proceedings.

 

Processing is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.

 

Our Data Protection Principles

 

The GDPR protects individuals’ rights concerning information about them that is held on computer.  Anyone processing personal data must comply with the eight principles of good practice, which are that data must be:

 

  • fairly and lawfully processed (in accordance with individuals’ rights)
  • adequate, relevant and not excessive (limited to what is necessary for the purpose of processing)
  • collected only for specified, explicit and legitimate purposes (including for business purposes to comply with legal, regulatory, corporate governance obligations and good practice)
  • accurate and kept up to date (we take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay; and Individuals can ask that we correct their inaccurate personal data).
  • not kept longer than necessary for its original purpose
  • processed in accordance with the data subject’s rights and its specified purposes
  • secure (i.e. appropriate measures have been taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or, or damage to, personal data)
  • not transferred to countries or territories outside the EEA unless that area ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

 

We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this, or would otherwise reasonably expect this.

 

Summary:

  1. What and who this Privacy Policy covers?

Seven Studios UK Limited with registered office at Henry Wood House, 2 Riding House Street, London, W1W 7FA, (Company or we) is the data controller of the personal data we collect from and about you through the Company Services. This Privacy Policy applies to all users, including both those who use the Company Services without being registered or having subscribed and those who have registered with or subscribed to a Company Service. For further information, please go to paragraph 1.

  1. What kind of personal data do we collect about you?

We might collect data from and about you. In particular, the Company may collect;
Name, Address, Email address, Telephone Contact numbers, Age range, a Profile Picture and Personal information relating to our TV production.
However, we do not collect either financial information from a payment service provider or sensitive data relating to you. For further information, please go to paragraph 2.

  1. How do we use your personal data?

The main reason why we collect data about you is to provide you with Company Services and to allow you to interact with those services.
For further information, please go to paragraph 3.

  1. On what basis do we use your personal data?

Your personal data is mainly collected in order to provide you with Company Services.
Your personal data is also necessarily collected to comply with legal obligations or to pursue the legitimate interests of the Company.
If you don’t provide the data we won’t be able to offer you the Company Services.
For further information, please go to paragraph 4.

  1. How do we process your personal data?

The security of your data is a priority for us. We have implemented adequate administrative, technical and physical measures designed to safeguard your personal data against loss, theft and unauthorised use, disclosure or modification.
For further information, please go to paragraph 5.

  1. Who can access to your personal data?

We might share your personal data with: (i) service providers; (ii) our affiliated companies; and (iii) national authorities, when allowed by the applicable laws.
For further information, please go to paragraph 6.

  1. Is your personal data transferred abroad?

Your personal data might be transferred to other countries within or outside the European Economic Area. We always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data.
For further information, please go to paragraph 7.

  1. What are your rights with regard to your personal data?

You have a number of rights with regard to your personal data and these include the right to access, complete, update, amend and delete your personal data.
For further information, please go to paragraph 8.

  1. Retention period applying to your personal data

The personal data we collect is retained for only for the period necessary to fulfil the purposes for which that data is collected.
For further information, please go to paragraph 9.

  1. Updates to this Privacy Policy

We may modify or update this Privacy Policy at any time in order to comply with applicable law. We will notify you of any changes.
Please look at the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised.

  1. How can I contact you with regard to the processing of my personal data?

You can contact us at the following email address info@sevenstudiosuk.com.

 

 

 

 

Further details:

  1. What and who this Privacy Policy Covers

The Company is the data controller of the personal data (e.g. information that identifies a specific person, such as full name or email address) we collect from and about you through the Company Services that is processed in compliance with the terms of this Privacy Policy.
This Privacy Policy applies to all users, including both those who use the Company Services without being registered with or subscribing to a Company Service and those who have registered with or subscribed to a Company Service.
The Company Services are for a general audience, are not targeted at children, and do not knowingly collect personal data from children under 16 years of age, unless in exceptional circumstance.

  1. What kind of personal data do we collect about you? 

The Company collects the following types of data from and about you:

  1. Registration data is the information you submit to register for a Company Service (if made available by the Company), for example to enter a contest. This data may include, for example, name, surname, email address, gender, country, postcode and age.
  2. Public data and posts are comments or content that you post on the Company Services and the personal data about you that accompanies those posts or content, which may include a name, user name, comments, likes, status, profile information and picture. Public information and posts are always public, which means they are available to everyone and may be displayed in search results on external search engines.
  3. Data from social media. If you access or log-in to a Company Service through a social media service or connect a Company Service to a social media service, the data we collect may also include your user ID and/or user name associated with that social media service, any information or content you have permitted the social media service to share with us, such as your profile picture, email address or friends lists, and any personal data you have made public in connection with that social media service. When you access the Company Services through social media services or when you connect a Company Service to social media services, you are authorizing the Company to collect, store, and use such personal data and content in accordance with this Privacy Policy.
  4. Activity data. When you access and interact with the Company Services, we may collect certain information about those visits. For example, in order to permit your connection to the Company Services, our servers receive and record information about your computer, device and browser, including potentially your IP address, browser type, and other software or hardware information. If you access the Company Services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information for that device. Cookies and other tracking technologies (such as browser cookies, pixels, beacons, and Adobe Flash technology commonly called Flash cookies) may also be collected.
  5. Information from Other Sources. We may supplement the information we collect with information from other sources, such as publicly available information about your online and offline activity from social media services and commercially available sources.
  6. Information from you. If you supply us with your contact information or any other information as part of any customer support we provide you with or if you make a complaint or enquiry or provide other feedback to the Company we will collect that too.

We do not collect:

  1. Financial information from a payment service provider
  2. Sensitive Information: We ask that you do not send us, and you do not disclose, any sensitive personal data (such as national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, trade union membership) on or through the Company Services or otherwise, with the exception of documentation required to carry out a DBS check.
  1. How do we use your personal data? 

We use the personal data we collect from and about you to:

  1. Provide the Company Services in relation to TV programmes and series.
  2. Provide you with support and to respond to inquiries;
  3. Comply with applicable laws or legal process and/or respond to requests from public and government authorities;
  4. Complete a corporate transaction, such as a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Company business, assets or stock (including in connection with any bankruptcy or similar proceedings). For example, if the Company is involved in a merger or transfer of all or a material part of its business, the Company may disclose and transfer your personal data to the party or parties involved in the transaction as part of that transaction;
  5. Allow social sharing functionality; if you log in with or connect a social media service account with the Company Services, we may share your user name, picture, and likes, as well as your activities and comments with other Company Services users and with your friends associated with your social media service. We may also share the same personal data with the social media service provider;
  6. On what legal basis do we process your personal data? 

The processing of your personal data for the purposes of:

  • Paragraph 3, letters from a) to e) of this Privacy Policy is necessary for the provision of the requested services and therefore it is mandatory since otherwise the services could not be provided;
    • Paragraph 3, letter c) of this Privacy Policy is requested under applicable laws and therefore it is also mandatory; and
    • Paragraph 3, letter d) of this Privacy Policy is performed based on the legitimate interest of the Company to perform the relevant economic activities, which is adequately balanced with your interest since the data processing is within the limits strictly necessary for economic activities.
    This data processing activity is not mandatory and you can object at any time as described in Paragraph 11 of this Privacy Policy.
    The processing of your personal data for the other purposes of:
  • Paragraph 3, letter e), is discretionary, but, without your consent, it is impossible to connect a social media service account with the Company Service so that you will have to log to the Company Service using a different mechanism;
    You can revoke your consent to the processing of your personal data for the purposes of Paragraph 3, letter e) at any time by sending a communication to the email address described in Paragraph 11 below.
  1. How do we process your personal data? 

We process your personal data through both electronic and manual means. It is protected by adequate security measures, taking into account the state of art, the costs of implementation and the nature, scope, context and purpose of processing as well as the risk to the rights and freedoms of individuals. In particular, we use appropriate administrative, technical, personnel and physical measures to safeguard personal data of yours in the Company’s possession against loss, theft and unauthorised use, disclosure or modification.

  1. Who can have Access to your personal data? 

We may share your personal data for the purposes set out in Paragraph 3 to the following categories of recipients located within the European Union or outside of the European Union in compliance with and within the limits of the provisions of Paragraph 7:

  1. Third party service providers entrusted with processing activities and duly appointed as processors when required by applicable laws e.g. cloud service providers, other entities of the group, providers of services instrumental to or supporting the Company Service including for companies that provide IT services, experts, consultants, lawyers and companies resulting from possible mergers, demergers, or other transformations;
  2. Company Affiliates in their capacity as data controllers or data processors;
  3. Competent authorities in order to comply with applicable laws and regulations.
  4. Is your personal data transferred abroad? 

Your personal data may be transferred to other countries (including countries other than where you are based that have a different data protection regime than the one existing in the country where you are based). If you are located in the European Economic Area (EEA), this may include countries outside of the EEA and in particular the United States. You can find the list of member states by clicking on the following link: https://europa.eu/european-union/about-eu/countries/member-countries_en. We have adopted appropriate safeguards to protect your personal data regardless of where it resides. Further information can be provided by filing a request to the Company as in Paragraph 11 of this Privacy Notice.

  1. What are your rights with regard to your personal data? 

You have the right to:

  1. Obtain confirmation as to whether or not your personal data exists and to be informed of its content and source, verify its accuracy and request its rectification, update or amendment;
  2. Request the deletion, anonymization or restriction of the processing of your personal data processed in breach of applicable law;
  3. Object to or request the limiting of the processing, in all cases, of your personal data for legitimate reasons;
  4. Receive an electronic copy of your personal data, if you would like to port the personal data, which you have provided to us, to yourself or to a different provider (data portability), when the personal data is processed by automatic means and the processing is either (i) based upon your consent or (ii) necessary for the provision of the Company Service; and
  5. Lodge a complaint with the relevant data protection regulatory authority.
  6. You may send your request to the address indicated under Paragraph 11. In your request, please include your email address, name, address, and telephone number and specify clearly which information you would like to access, change, update, suppress, or delete.
  7. Remember that even after you cancel your registration (if applicable) or if you ask us to delete your personal data, copies of that information from your registration may remain viewable in some circumstances where, for example, you have shared information with social media or other services or, for example, when retention of copies is necessary to comply with legal obligation or legal defence. Because of the nature of caching technology, your registration may not be instantly inaccessible to others. We may also retain backups of your personal data on our servers for some time after cancellation or your request for deletion, to comply with applicable law.
  8. Retention Rights

We will retain your data only for the period necessary to fulfil the purposes for which the data was collected for Pooch Perfect and My Dream Lottery Home International. The following retention periods will apply to the processing of your personal data:
• Data collected for the purposes under Paragraph 3, letter from a) to e) of this Privacy Policy are retained during the provision of the Company Service, plus the duration of the statute of limitation period under applicable laws, following termination of the Company Service
At the end of the retention period your personal data will be either cancelled, anonymised or aggregated.

  1. Update to this Privacy Policy

The Company may modify or update this Privacy Policy for any reason. Please look at the Effective Date at the top of this Privacy Policy to see when it was last revised. If we make material changes to this Privacy Policy that change the nature of processing or expand our rights to use the personal data we have already collected from you, we will notify you and provide you with a choice about our future use of that personal data, as may be required by applicable law.

  1. Contact Us

If you have questions about this Privacy Policy please contact us at the following email address info@sevenstudiosuk.com.