top of page

In line with the new GDPR regulations, please find our updated privacy policy below, explaining how Triple Threat Agency collects personal information. 


Triple Threat Agency is committed to processing any personal information it holds only in a way that is fair, transparent and meets the required legal obligations, in other words, in accordance with the Data Protection Act and it's successor; the General Data Protection Regulations (GDPR). Triple Threat Agency will take particular care of contact email addresses which in addition to the GDPR are subject to the Privacy and Electronic Communication Regulations (PECR).

Data Protection Principles

The legislation sets out various data protection principles, which ensure that personal information is:

  •     used fairly and lawfully

  •     used for limited, specifically stated purposes

  •     used in a way that is adequate, relevant and not excessive

  •     accurate

  •     kept for no longer than is absolutely necessary

  •     kept safe and secure

  •     not transferred outside the European Economic Area without adequate protection

Your Rights

The legislation conveys various individual rights, including the following:​

  •     the right to access the information we hold about you and certain information about our processing of it   

  •     the right to rectification

  •     the right to restrict processing

  •     the right to data portability

  •     the right to object to use of your personal data

  •     rights in relation to automated decision making and profiling

You may read more about your rights at:

Information processed by Triple Threat Agency

The following sections describe the information that Triple Threat Agency collects and how it is processed. The sections are split according to the type of information.

Legal basis for processing

The legislation requires that there is a clear legal basis for processing personal information.

In general, Triple Threat Agency relies on the individual’s consent in order to process their data. Exceptions such as a legal obligation, contractual agreement or Triple Threat Agency’s legitimate interest are highlighted below.​

Please note that if consent is withdrawn the level of service that we can offer may be severely restricted.

Client Contact Details

We collect contact details (name, address, phone numbers, email addresses) in order to communicate any audition, casting or job information relevant to you or the parent/guardian if the client is under the age of 16.

If an email address is provided we assume consent to use it for administrative purposes. We will not use it to send you e-news and marketing items without your explicit consent.

Medical Information

This is collected for the safeguarding of all clients at Triple Threat Agency; so as not to submit them for inappropriate jobs that could cause harm due to an existing medical condition. In the case of an emergency at one of our agency workshops, this will also help staff to deal with the situation more efficiently.


Data Retention

Once a client leaves Triple Threat Agency, the client is made inactive on our system and will be removed from our mailing list. We cannot remove client payslips as these are required by HMRC for tax purposes. A client's basic contact details are kept on file indefinitely - for the purpose of future contact should we receive a booking request for them after they leave the agency. Sensitive data, such as birth certificates, bank account details and medical information will be removed and destroyed within 1 month of their termination from the agency. ​

Bank Details and Payments

Basic account details are stored in a locked file, for the sole purpose of paying a client their wages after completion of a paid job. When a client leaves the agency, these details are destroyed. We use a secure online banking system to make payment, for more information see the Suppliers/3rd Parties section of this Privacy Policy.

Website Visitors

When a person visits we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to various parts of the website, and this information is processed in a way which does not identify an individual.

External Web Links

This Privacy Policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the individual websites you may visit.

Suppliers/3rd Parties - Use of data processors 

Data processors are third parties who provide services for us. We have contracts in place with our data processors, meaning that they cannot do anything with your personal information unless we have instructed them to do so. They will NOT share your personal information with any organisation apart from ourselves and they will hold it securely and retain it for the period we instruct.

The following is a list of our main data processors:​


Website Hosting - We use a third party service, to host our website. LCN are contractually obliged to treat any information on our private website as confidential and only use such information for the purpose of providing Triple Threat Agency with web hosting.

Spotlight - Spotlight is a casting database which connects professional performers with directors and casting opportunities around the world. You must have Spotlight membership to remain a TTA client. We will send you an invitation as part of your registration material. You can refer to Spotlight's privacy policy here:

Social Media - We use social media as a means to promote the success and achievements of agency clients, as well as to promote upcoming events, workshops and auditions. We only post photos/first names of clients on social media, we assume consent unless told otherwise.

International Data Transfers

The GDPR applies to all EU residents, and so all personal information processed is stored in accordance with the GDPR. If we share personal information of EU residents with suppliers or 3rd parties outside of the EU, we will ensure that they meet the requirements of the GDPR. We are committed to complying with the data regulations of non-EU residents according to their jurisdiction.


Triple Threat Agency has implemented technical and organisational security measures to protect your personal data against unauthorised access, loss or misuse. This includes password protection on all devices, removal of unnecessary software, extra security at our studios and staff training.

Queries and Complaints

Triple Threat Agency aims to meet the highest standards of data protection when collecting and using personal information. For this reason, we take any complaints we receive regarding data protection very seriously. We encourage clients to bring to our attention any collection or use of information they believe is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Access to Personal Information

Triple Threat Agency aims to be as open as possible in terms of allowing clients access to their own personal information. An individual can find out if we hold any of their personal information by asking, and this is formally known as a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about an individual, we will:​

  • describe the type of information held

  • explain why we are holding it

  • explain who it may be disclosed to

  • provide a copy of the information in an intelligible form    

Disclosure of Personal Information

Unless for a specific reason already identified in this Privacy Policy, we will not disclose personal data without the individual's consent.


Legal Obligation

We may disclose your information to governmental agencies or entities, regulatory authorities, or other persons in line with any applicable law, regulations, court order or official request.

bottom of page