EXTERNAL PRIVACY NOTICE
The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law.
We take our data protection responsibilities seriously and this notice reflects the obligations set out in the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and any laws in England giving effect to its provisions.
WHO ARE WE
My Perfect Cousin Ltd is the Data Controller of the information we collect about you. You can contact us for general data protection queries by email to firstname.lastname@example.org . Please advise us of as much detail as possible to comply with your request.
PRINCIPALS OF DATA PROTECTION
The GDPR requires that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
HOW WE COLLECT INFORMATION ABOUT YOU
- Information you have given to us during the course of your bookings with us.
- Forms you have completed and given to us.
- Information that you have given us over the telephone.
- Emails that you have sent to us.
- Information that you provide by filling in forms on our website.
- Information that we have obtained from publicly available sources.
- Website Cookies and similar technologies
We track your use of our website through cookies and other similar technologies so that we can provide important features and functionality on our website, monitor its usage, and provide you with a more personalised experienced. However, we do not hold your IP address as part of this data (meaning that the data-set we hold in this regard is anonymized)
THE PERSONAL DATA WE COLLECT
Personal data is defined as any data, which relates to a living individual who can be identified from the information held. In order to carry out our business, we hold data personal data such as:
- Your Name, Job Title, Business Address
- Telephone number
- Email address
WHY THE DATA IS HELD
- To assess and provide the products or services that you have requested.
- To communicate with you.
- In case of Emergency (when you are on location with during production, or located at our offices)
- To market our products or services.
For the purposes of our legitimate interests as a business, we may collect and use your personal data for direct marketing (with appropriate options to opt-out at any time)
RECIPIENTS OF PERSONAL DATA
We choose our service providers carefully and require them to take appropriate security measures to protect your personal data. We will share your personal data with the following recipients:
- Wetransfer (for the use of their file transfer product)
- Dropbox (for the use of their file sharing and syncing product)
- Google Drive (for the use of their file sharing and syncing product)
- Basecamp (for the use of their project management product)
- Whatsapp (for the use of their encrypted messaging product)
- Paypal (to process credit card payments – where you request an email receipt)
* We may be instructed by production company management to use any number of services that require your personal data. In these circumstances it is the responsibility of the production company requesting these actions to ensure these companies adhere to GDPR principals.
TRANSFER OF DATA OVERSEAS
Personal data we collect from you in certain circumstances will be transferred, stored and/or processed outside the European Economic Area (“EEA”). Specifically we may transfer your personal data to the USA, Australia or Singapore.
This would occur in the following cases:
- We use our Wetransfer service to send you a file transfer you have requested
- We use our Dropbox service to send you a file transfer you have requested
- We use our Google Drive service to send you a file transfer you have requested
The above services store your data in Google Server’s, or Amazon AWS
RETENTION AND DELETION
We will hold your personal data only for so long as is necessary for us to do so.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we no longer need to process your personal data for the purposes set out in this notice then we will delete your personal data from our systems.
You have the right to ask us not to process your personal data for marketing purposes. You can unsubscribe from our direct marketing at any time by clicking the “Unsubscribe” link in any of our emails or by contacting us at email@example.com
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request the correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Lodge a complaint regarding the processing of your data with the Information Commissioner’s Office.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact firstname.lastname@example.org
Reviewed: June 2018