Privacy policy
-
Introduction
We are Zen Media Agency LTD("we" or "us"), a company registered in England and Wales. Our company registration number is 13794334 and our registered office is at TBC. Our registered VAT number is TBC
We are committed to protecting you personal data. This privacy policy gives you detailed information on when and why we collect your personal data, how we use it and how we keep it secure. Please read this policy carefully alongside any applicableTerms & Conditionsto understand our views and practices regarding your personal data and how we will treat it. More information can be provided on request. Definitions, and words in bold type, are defined in theAppendixat the end of this privacy policy. -
Our responsibilities
For the purpose of the applicable Data Protection Legislation, we are the data controllerof any personal data we process. As adata controller, we are responsible for ensuring our systems, processes, suppliers and People comply with Data Protection Legislation in relation to the personal data we handle.
We require ourPeople to comply with this privacy policy and our Data Protection Policy when dealing with personal data.
We takePersonal Data Breaches very seriously, and are required to notify the Information Commissioner's Office in the event of such a breach.
When using, collecting and disclosingpersonal data, we follow the key data protection principles.
We have policies, procedures and records to demonstrate compliance with the principles,as further detailed in our Data Protection Policy. -
How we collect, use and disclose your personal data
Generally, we collect your personal data when you interact with us (for example, when entering into a relationship with us as
Talent, a Client or one of our People). However, from time to time we also need to collect personal data from other
third parties in connection with our relationship with you. We also look at how our users access and use our Website, so we
can offer the best possible experience. The following table summarises how we collect, use and disclose your personal data:
Talent (including prospective Talent)
Clients (including prospective Clients)
Subscribers to our promotional material
Users of our Website
Our People -
Transfer of Data between Jurisdictions
Personal data may be transferred to one of our Affiliate Talent Agencies for the purposes of fulfilling our obligations to our Talent and Clients. We also use a number of suppliers in connection with the operation of our business and they may have access to the personal data we process. For example, an IT supplier may see our personal data when providing software support, or a company which we use for a marketing campaign may process contacts' personal data for us. When contracting with suppliers and/or transferring personal data to a different jurisdiction, we take appropriate steps to ensure that there is adequate protection in place and that the principles are adhered to. -
Your rights
Personal data must be processed in line with an individual's rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving electronic communications from us.
Should you wish to make a request in line with your rights as an individual, please forward it to us using the contact details provided at the end of this privacy policy.
Our Peoplemust notify or inform Jamie Horridge immediately if they receive a request in relation topersonal datawhich the firm processes.
The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation (as applicable). -
Security
Information security is a key element of data protection. We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. Our policy and approach to information security is contained within our Data Protection Policy. -
Changes to our privacy policy
Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. -
Contacts and complaints
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to our customer service team by writing to us at TBC
You should direct all complaints relating to how the firm has processed your personal data to TBC
Our People must inform TBC immediately if they receive a complaint relating to how we have processed personal data so our complaints procedure can be followed.
Appendix
Affiliate Talent Agencies:
model and/or talent agencies in jurisdictions outside of the UK who have either:
(a) engaged us to provide modelling and/or talent agency services on their behalf in the UK.; or
(b) been engaged by us to provide modelling and/or talent agency services on our behalf in a jurisdiction outside of the UK.
Clients: any person, business or other organisation who engages, or is looking to engage, the services of our Talent.
Controller: a personal/organisation who determines the purpose for which, and the manner in which, any personal data is processed.
Data Protection Policy: our internal data protection policy which sets out how we keep personal data secure, including technical measures
(e.g. encryption of personal data, restricted access to personal data, monitoring and testing systems for unauthorised access , backups of personal data),
roles and responsibilities of individuals and the scope of protection.
People: all people providing services to or working for us, including but not limited to our employees, directors, members, and contractors.
Personal data: information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly
through other data which we have or are likely to have in our possession. These individuals are sometimes referred to as data subjects.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to,
personal data transmitted, stored or otherwise processed by an organisation electronically. A personal data breach may mean someone outside the organisation
gets unauthorised access topersonal data, but a breach can occur if there is unauthorised access within the organisation or if an employee accidentally
alters or deletes personal data.
Principles: the core data protection principles underlying the Data Protection Legislation, which specify personal data should be: processed lawfully,
fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary;
accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including
protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational
measures. Additionally, organisations must adhere to the principal of accountability.
Process: the 'processing' of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing
any operation of the personal data (including erasure/destruction).
Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Purpose: the purposes identified in the "Purpose" column of the tables in section 3 of this privacy policy (How we collect, use and disclose your personal data), as applicable.
Talent: models and/or other talent who have engaged, or are looking to engage, our modelling and/or talent agency services and are or are considering being,
represented by us.
Terms and Conditions: the 'Terms and Conditions' and the 'Talent Representation Agreements'
Third party: a person, organisation or other body other than the data subject, controller, processor and persons who, under the direct authority of the
controller or processor, are authorised to process personal data.