Triple Threat Agency is committed to processing any personal information it holds only in a way that is fair, transparent and meets the required legal obligations, in other words, in accordance with the Data Protection Act and it's successor; the General Data Protection Regulations (GDPR). Triple Threat Agency will take particular care of contact email addresses which in addition to the GDPR are subject to the Privacy and Electronic Communication Regulations (PECR).
Data Protection Principles
The legislation sets out various data protection principles, which ensure that personal information is:
used fairly and lawfully
used for limited, specifically stated purposes
used in a way that is adequate, relevant and not excessive
kept for no longer than is absolutely necessary
kept safe and secure
not transferred outside the European Economic Area without adequate protection
The legislation conveys various individual rights, including the following:
the right to access the information we hold about you and certain information about our processing of it
the right to rectification
the right to restrict processing
the right to data portability
the right to object to use of your personal data
rights in relation to automated decision making and profiling
You may read more about your rights at: https://ico.org.uk/for-the-public/.
Information processed by Triple Threat Agency
The following sections describe the information that Triple Threat Agency collects and how it is processed. The sections are split according to the type of information.
Legal basis for processing
The legislation requires that there is a clear legal basis for processing personal information.
In general, Triple Threat Agency relies on the individual’s consent in order to process their data. Exceptions such as a legal obligation, contractual agreement or Triple Threat Agency’s legitimate interest are highlighted below.
Please note that if consent is withdrawn the level of service that we can offer may be severely restricted.
Client Contact Details
We collect contact details (name, address, phone numbers, email addresses) in order to communicate any audition, casting or job information relevant to you or the parent/guardian if the client is under the age of 16.
If an email address is provided we assume consent to use it for administrative purposes. We will not use it to send you e-news and marketing items without your explicit consent.
This is collected for the safeguarding of all clients at Triple Threat Agency; so as not to submit them for inappropriate jobs that could cause harm due to an existing medical condition. In the case of an emergency at one of our agency workshops, this will also help staff to deal with the situation more efficiently.
Once a client leaves Triple Threat Agency, the client is made inactive on our system and will be removed from our mailing list. We cannot remove client payslips as these are required by HMRC for tax purposes. A client's basic contact details are kept on file indefinitely - for the purpose of future contact should we receive a booking request for them after they leave the agency. Sensitive data, such as birth certificates, bank account details and medical information will be removed and destroyed within 1 month of their termination from the agency.
Bank Details and Payments
When a person visits www.triplethreatagency.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to various parts of the website, and this information is processed in a way which does not identify an individual.
External Web Links
Suppliers/3rd Parties - Use of data processors
Data processors are third parties who provide services for us. We have contracts in place with our data processors, meaning that they cannot do anything with your personal information unless we have instructed them to do so. They will NOT share your personal information with any organisation apart from ourselves and they will hold it securely and retain it for the period we instruct.
The following is a list of our main data processors:
Website Hosting - We use a third party service, LCN.com to host our website. LCN are contractually obliged to treat any information on our private website as confidential and only use such information for the purpose of providing Triple Threat Agency with web hosting.
Social Media - We use social media as a means to promote the success and achievements of agency clients, as well as to promote upcoming events, workshops and auditions. We only post photos/first names of clients on social media, we assume consent unless told otherwise.
International Data Transfers
The GDPR applies to all EU residents, and so all personal information processed is stored in accordance with the GDPR. If we share personal information of EU residents with suppliers or 3rd parties outside of the EU, we will ensure that they meet the requirements of the GDPR. We are committed to complying with the data regulations of non-EU residents according to their jurisdiction.
Triple Threat Agency has implemented technical and organisational security measures to protect your personal data against unauthorised access, loss or misuse. This includes password protection on all devices, removal of unnecessary software, extra security at our studios and staff training.
Queries and Complaints
Triple Threat Agency aims to meet the highest standards of data protection when collecting and using personal information. For this reason, we take any complaints we receive regarding data protection very seriously. We encourage clients to bring to our attention any collection or use of information they believe is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Access to Personal Information
Triple Threat Agency aims to be as open as possible in terms of allowing clients access to their own personal information. An individual can find out if we hold any of their personal information by asking, and this is formally known as a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about an individual, we will:
describe the type of information held
explain why we are holding it
explain who it may be disclosed to
provide a copy of the information in an intelligible form
Disclosure of Personal Information
We may disclose your information to governmental agencies or entities, regulatory authorities, or other persons in line with any applicable law, regulations, court order or official request.