PART A : PRIVACY POLICY
Who we are
We are Crumb Agency Ltd (“we” or “us”), a company registered in England and Wales. Our company registration number is 08772914 and our registered address is 3rd Floor, 86-90 Paul Street, London, EC2A 4NE.
We are committed to protecting your personal data. This privacy policy gives you detailed information on when we collect your personal data, how we use it and how we keep it secure.
Contact Us
If you have any questions about this privacy policy or would like to exercise your right as a data subject under this privacy policy, you can contact us via the following methods:
EMAIL:
HELLO@CRUMBAGENCY.COM
TELEPHONE: +44 20 7253 0066
POST: 3RD FLOOR, 86-90 PAUL STREET, LONDON, EC2A 4NE
Our responsibilities
For the purpose of the applicable Data Protection Legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers and People comply with Data Protection Legislation in relation to the personal data we handle.
We require our People to comply with this privacy policy and our Data Protection Policy when dealing with personal data.
We take Personal Data Breaches very seriously and are required to notify the Information Commissioner’s Office in the event of such a breach.
When using, collecting and disclosing personal data, we follow the key data protection principles.
We have policies, procedures and records to demonstrate compliance with the principles as further detailed in our DATA PROTECTION POLICY.
How we collect, use and disclose your personal data?
Generally, we collect your personal data when you interact with us (for example, when entering into a relationship with us as Model, or Client or as one of our People). However, from time to time we also need to collect personal data from other third parties in connection to our relationship with you or from publicly availAble sources.
we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and your relationship with us.
Examples are set here:
Talent (including prospective Talent)
Data Types: NAME, CONTACT DETAILS (e.g. email address, telephone number, home address and social media handle), FINANCIAL INFORMATION (e.g. bank account details), NATIONAL INSURANCE NUMBERS, IMAGES/PHOTOGRAPHS, voice,or avatar, cv and other biographical information or any other personal data about you that you may provide when you make an application to us, contact us with enquiries or make complaint or that we or a third party might provide or infer about you in connection with the provison of our services
Collection: we may collect and receive personal data in the following ways
- you may give us your personal data directly, if say we approach you or when you make an APPLICATION or if you otherwise reach out to us.
- we may receive personal data about you from third parties via emails from clients or through industry contacts
- we may collect personal data about you that is contained in PUBLICLY AVAILABLE SOURCES SUCH AS MAGAZINES AND via SOCIAL MEDIA or that a third party may otherwise make publicly available.
Purpose:we may use your personal data for the following purposes
-
FOR SIGN UP PURPOSES. for example, when we first interact with you we may collect your first name, last name and any data you provide us to enable us to contact you. If you submit any other content to us, including photographs, we may process any personal data within that content. FURTHER we will process your contact data, CV and other biographical data when signing you up. We amy also process your personal data for the purpose of carring out background checks.
it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide OUR MANAGEMENT Services in an effective, safe and efficient way. to the extent we process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences in connection with the above purpose we will only do so with your explicit consent or on the basis such processing is necessary for us to comply with our legal obligations in the context of your employment.
-
FOR MANAGEMENT PURPOSES. for example, we may process your image data, voice or avatar in order to help you create and maintain your portfolio OF WORK. we may share your contact data, dietary requirements, cvs and portfolio with clients to enable you to find and carry out work. we will process your address and financial information and national insurance number in order to pay you.
It is necessary for us to use your personal data in these ways to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the management Services in an effective, safe and efficient way. to the extent we process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences in connection with the above purpose we will only do so with your explicit consent or on the basis such processing is necessary for us to comply with our legal obligations in the context of your employment.
-
DEALING WITH QUERIES AND COMPLAINTS FROM OR ABOUT YOU. for example, if you have a question about our services or we are dealing with a complaint made by or about you, we will collect and process your first name and last name, as well as any other personal data you OR A THIRD PARTY volunteer that is relevant to deal with enquiries and complaints.
IT IS IN OUR LEGITIMATE INTEREST TO PROCESS YOUR DATA IN THIS WAY TO ENSURE WE DEAL WITH COMPLAINTS, ISSUES OR QUERIES QUICKLY AND EFFECTIVELY.
-
COMPLYING with our legal obligations. FOR EXAMPLE, We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; and (iii) to protect the rights of third parties.
Where we use your personal data to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. WHERE we have to use your personal data TO COMPLY WITH ANY LEGAL obligations imposed upon us, such as a court order, WE WILL RELY ON THE COMPLIACNE WITH THAT LEGAL OBLIATION AS OUR LAWFUL BASIS FOR PROCESSING YOUR DATA.
-
FOR MARKETING purposes. FOR EXAMPLE, we may use the images you share with us or that have been made available to us via third parties for our own marketing purposes.
It is in our legitimate inetersts to use your personal data for this purpose although we will of course obtain your consent to use your image rights.
Client (including prospective Client)
Data Types: Information such as name, business, payment details
Collection: When you contact us via email or telephone, via a particular assignment, via third parties such as publicly available sources.
Purpose: For relationship managing and as required by the law.
Our People
Data Types: Personal data such as name, employment history, background, financial information, identification.
Collection: From CVs, background checks, notes and records kept.
Purpose: Human resources admin, training and potentially marketing.
if we wish to make any changes to these purposes, or if we wish to use your personal data for the any purpose that is not listed above, we will notify you using the contact details we hold for you.
WHO DO WE SHARE YOUR DATA WITH?
WE ONLY TRANSFER PERSONAL DATA TO THIRD PARTIES WHERE NECESSARY TO ACHIEVE A PARTICULAR PURPOSE. When we share personal data with others, WHERE LEGALLY REQUIRED, WE will put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
WE SET OUT BELOW EXAMPLES OF WHEN we may need to share YOUR PERSONAL DATA WITH THIRD PARTIES. PLEASE NOTE, This is a non-exhaustive LIST and there may be circumstances where we need to share personal data with other third parties.
-
TO THIRD PARTY SERVICE PROVIDERS WHO SUPPORT THE OPERATION OF THE BUSINESS. Such third parties may include, providers of information technology, cloud-based software-as-a-service providers, hosting and management, data analysis, data back-up, and security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. therefore, data may be transferred to third parties with data centres outside of the uk or the eea. for further information, please see the section on ‘transfers outside the uk and the european economic area’ below.
-
TO our CLIENTS or other third parties. we may share your personal data with OUR CLIENTS OR other third parties FOR THE PURPOSES OF FULFILLING CONTRACTUAL OBLIGATION. WE SHALL ONLY TRANSFER PERSONAL DATA TO THIRD PARTIES WHICH IS LIMITED TO THE RELEVANT PURPOSE AND IS ADEQUATELY PROTECTED.
-
TO OUR TALENT. IF YOU ARE A CLIENT OR AN EMPLOYEE WE MAY DISCLOSE YOUR DETAILS TO THE TALENT FOR THE PURPOSES OF FULFILLING OUR CONTRACTUAL OBLIGATIONS.
-
law enforcement or other government and regulatory agencies and bodies. We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.
Transfers outside the uk and the European economic area (“eea”)
Where necessary in connection with our services, we may transfer personal data to countries outside the UK and the EEA. When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.
Adequacy decisions |
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Government (as applicable). |
Model clauses |
we may use specific standard contractual clauses approved by the European Commission and/or the UK Government which give personal data the same protection it has in Europe and/or the UK. |
How long we keep your personal data
In respect of personal data that we process in connection with the supply of Services (e.g. talent data or client data), we may retain your personal data for up to 6 years FRom the date of supply of the Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.
where we process our people data for employment purposes, we may retain your personal data for up to 6 years From the date on which you left the business
Where we process any of your personal data for any other reason, we will not process it for longer than necessary and typically will only retain it for up to 6 years FROm last interaction (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.
If you have opted out of receiving marketing communications from us, we may need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.
Failure to provide personal data
if you fail to provide your personal data: Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Products and Services you have requested from us or to process an application. In these circumstances, we may have to cancel your application or the provision of the relevant Products and Services to you, in which case we will notify you.
consent
Where our use of your personal data requires consent, we shall obtain such consent at the point of collection or otherwise prior the use of your data.
Your Rights
* obtain copies of your personal data;
* have your personal data corrected or deleted;
* limit the way in which your personal data is used;
* object to our use of your personal data;
* transfer your personal data;
* not to be subject to decisions based on automated processing (including profiling); and
* complain to a supervisory authority;
* OPT OUT OF RECEIVING ELECTRONIC COMMUNICATIONS FROM US.
Your right of access |
If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies. |
Your right to rectification |
If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them. |
Your right to erasure |
You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly. |
Your right to restrict processing |
You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we’ve shared your personal data with so that you can contact them directly. |
Your right to data portability |
You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party. |
Your right to object |
You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes. |
Your rights in relation to automated decision-making and profiling |
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us. |
Your right to withdraw consent |
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email. |
Your right to lodge a complaint with the supervisory authority |
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “Contact Us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk. |
SHOULD YOU WISH TO EXERCISE YOUR RIGHTS AS SET OUT ABOVE, PLEASE USE THE CONTACT DETAILS PROVIDED ABOVE.
Security
We are committed to keeping the personal data you provide to us secure and we have put in place appropriate security measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Changes to our Privacy Policy
Any changes we make to this privacy policy in the future will be posted on this page and where appropriate sent to you via e-mail. Please check back frequently.
PART B : DATA PROTECTION POLICY
Crumb Agency Ltd needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection and comply with the law.
Policy Scope
This policy applies to:
*The office of Crumb Agency Ltd
*All staff and volunteers of Crumb Agency Ltd
*All contractors, suppliers and other people working on behalf of Crumb Agency Ltd
It applies to all data that the company holds relating to identifiable individuals even if that information technically falls outside of the Data Protection Act 1998 and can include; names of individuals, postal addresses, email addresses, telephone numbers and any other information relating to individuals.
Data protection risks
This policy helps to protect Crumb Agency Ltd from data security risks including; Breaches of confidentiality . For instance, information being given out inappropriately. Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them. Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
Responsibilities
Everyone who works for or with Crumb Agency Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
The directors are ultimately responsible for ensuring that Crumb Agency meets its legal obligations.
The directors will deal with any subject access requests.
Crumb Agency Ltd alongside their software provider ensure all systems and equipment used for storing data meet acceptable security standards.
General Staff Guidelines
*The only people able to access data covered by this policy should be those who need it for their work
*Data should not be shared informally. When access to confidential information is required, employees can request it from the directors.
*Crumb Agency will provide training to employees to help them understand their responsibilities when handling data.
*Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
*In particular, strong passwords must be used and they should never be shared.
*Personal data should not be disclosed to unauthorised people either within the company or externally.
*Data should be reviewed and updated if it is found to be out of date. If no longer required it should be deleted and disposed of.
*Employees should request the help of the directors if they are unsure about any aspect of data protection.
Data Storage
These rules describe how and where data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically
*When not required, the paper or files should be kept in a locked drawer or filing cabinet.
*Employees should make sure paper and printouts are not left any where unauthorised people could see them, like on a printer.
*Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts
*Data should be protected with strong passwords that are changed regularly and never shared between employees.
*If data is stored on removable media (like an external hard drive) this should be kept locked away when not being used.
*Data should only be stored on designated drivers and servers.
*Servers containing personal data should be sited in a secure location, away from general office space.
*Data should be backed up frequently. Those back-ups should be tested regularly.
*Data should never be saved directly on to laptops, smart phones or other portable devices.
*All servers and computers containing data should be protected by approved security software and a firewall.
Data use
Personal data is of no value to Crumb Agency unless the business can make use of it. However, it is when personal data is accessed and used that it can be the greatest risk of loss, corruption or theft.
*When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
*Personal data should not be shared informally. In particular, it should never be sent by email as this form of communication is not secure.
*Data must be encrypted before being transferred electronically.
*Personal data should never be transferred outside the European Economic Area.
*Employees should not save copies of personal data to their own computers.
Data Accuracy
The law require Crumb Agency to take reasonable steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is accurate, the greater the effort Crumb Agency should put in to ensuring its accuracy.
It is the responsibilities of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
*Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
*Staff should take every opportunity to ensure data is updated. For instance, by confirming a customers details when they call.
*Crumb Agency will make it easy for data subjects to update the information Crumb Agency holds about them. For instance, via the company website.
*Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number it should be removed from the database,
*All marketing databases should be checked against industry suppression files every 6 months.
Subject Access Requests
All individuals who are the subject of personal data held by Crumb are entitled to:
*Ask what information the company holds about them and why
*Ask how to gain access to it
*Be informed how to keep it up to date
*Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information this is called a subject access request. These should be made by email to the directors.
Individuals will be charged £10 per subject access request. The information will be provided within 14 days.
The identity of anyone making a subject access request will always be verified before handing over any information.
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, Crumb Agency will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.
Providing Information
Crumb Agency aims to ensure that indviduals are aware that their data is being processed and that they understand:
*How the data is being used
*How to exercise their rights
To these ends, the company has a PRIVACY POLICY available above and also on request.
PART C : WEBSITE TERMS
Introduction
*The Website is owned by Crumb Agency Ltd (the “Company”). The company registration number is 08772914 and our registered address is 3rd Floor, 86-90 Paul Street, London, EC2A 4NE.
Crumb Agency Ltd (“we or us”) place great importance on visitor privacy and the security of all guests visiting
www.crumbagency.com ("the website").
We are dedicated to protecting your personal information under the data Protection Act 1998 and this Privacy Policy describes how we work to maintain your trust.
By accessing or using the Website you agree to the terms of this Policy. If you do not agree to any of these terms please do not use this Website.
This Policy only applies to data collected on the Website and does not apply to websites of affiliated companies.
We reserve the right to modify the Policy at any time. Any future changes will be posted on the Website and, where appropriate, notified by e-mail.
You are responsible for regularly reviewing the Policy or any updates and/or changes to out Policy.
Information we collect
We collect personal information provided to us directly by you such as when you apply to become a model, place a booking, e-mail us, authenticate an order or request information from us.
By providing us with your details you agree that we may send you marketing and promotional material, or other information about our products and services.
You may choose to stop receiving communications from us at any time either via email or via the unsubscribe option.
We do not use cookies.
The information you provide us will be held on our computers and may be accessed by or given to our staff.
We endeavour to protect personal information under our control in order to prevent the loss, misuse, unauthorised access, disclosure or alteration of your information. Unfortunately, the transmission of information via the internet is not completely secure.
Although we will take reasonable steps to protect your personal data we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. See our DATA PROTECTION POLICY.
Links to Other Websites
The Website may contain links to other websites that are owned and operated by third parties.
Even if the third party is affiliated with us we have no control over these linked websites, all of which have separate privacy and data collection practices.
Please be aware that we cannot guarantee or be responsible for the data collection practices of such other websites.
We encourage you to read the privacy statements for those linked websites.
Privacy of Children
Privacy of Children The Website is not designed for or directed to children.
As such, we do not intend to collect and will not knowingly collect any personal information from children below the age of 16 without parental consent.
If you are under 16 you must ask your parent or guardian before you send any information to us or ask us to e-mail anything to you.
By sending us any information or asking us to send you information you are confirming that you have received the informed consent of your parent or guardian.
Parents are encouraged to review their children’s e-mail and internet activities to ensure that the Website is being used by their child in accordance with parental consent and this Policy.
Terms
*Information on this Website does not constitute an offer or solicitation to conduct modelling business in any jurisdiction. It is your responsibility to inform yourself about and observe any applicable laws relating to modelling.
*Information on the Website has been obtained from sources which we believe to be reliable and accurate.
*The Company is not responsible for the accuracy of the information contained within the Website provided by third parties. *While the Company endeavours to ensure that the information on the Website is correct, the Company does not warrant the accuracy and completeness of the material on the Website. The Company may make changes to the material on the Website, at any time without notice. The material on the Website may be out of date, and the Company makes no commitment to update such material.
*The material on the Website is provided “as is” without any conditions, warranties or other terms of any kind. Accordingly, to the maximum extent permitted by law, the Company provides you with the Website on the basis that the Company excludes all representations, warranties, conditions and other terms including purpose and the use of reasonable care and skill which, but for these terms, might have effect in relation to the Website.
Liability
*The Company, any other party (whether or not involved in creating, producing, maintaining or delivering the Website),
and any of the Company’s group Companies and the officers, directors, employees, shareholders or agents of any of them, exclude all liability and responsibility for any amount or any kind of loss or damage that may result to you or a third party in connection with the Website in any way
or in connection with the use, inability to use or the results of use of the Website,
any websites linked to the Website or the material on such websites, including but not limited to loss or damage due to viruses that may infect your computer equipment, software, data or other property on account of your access to, use of,
or browsing the Website or your downloading of any material from the Website or any websites linked to the Website (including without limitation, any direct loss or damages of income, profits, goodwill, data, contracts, use of money, or loss or damages arising from or connected in any way to business interruption, and whether in tort
(including consequential loss or damages).
*The Company does not warrant that functions contained in the Website content will be uninterrupted or error free, that defects will be corrected or that the Website’s server is free of viruses, worms, Trojans or bugs.