Catsnake Film Ltd – Privacy Notice
When you share your personal data with us, we treat it with care and take our responsibility to protect it seriously.
We’ve written this document to be:
• clear, easy to read and simple to understand
• open about how we collect, store, use and secure personal data
• transparent about how we communicate with individuals
• in line with Europe’s new General Data Protection Regulation (GDPR).
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we use your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with our Data Protection officer ([email protected]).
Who we are?
Catsnake Film Ltd is a story agency and film production company with a registered office in Somerset House, South Wing, Strand, London, UK, WC2R 1LA. We make films, train people and provide advice to help other organisations get their messages across and achieve their goals.
For simplicity throughout this notice, ‘we’ and ‘us’ means Catsnake Film Ltd.
How we collect your data
When you use our services, we collect personal data. We will collect information from you which we consider necessary in order for us to provide and administer the contract.
The ways we collect it can be broadly categorised into the following:
• Information you provide to us directly: When you use our services we might ask you to provide personal data to us. For example, we ask for your contact information when you ask for a quotation, respond to a job application or an email, join us on social media, take part in training and events, contact us with questions. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our services.
•Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like marketing and research companies. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we’ll only process it:
• to perform a contract with you, or
• where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
• in accordance with a legal obligation, or
• where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services.
How we use your data
First and foremost, we use your personal data to provide you with any services you’ve requested and to manage our relationship with you. We will use only use the information we have collected about you where we have a legal basis for doing so.
We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
• providing you with information you’ve requested from us (e.g. a quotation) or information we are required to send to you
• marketing communications in accordance with your marketing preferences
• asking you for feedback
• Consent is not required in advance for business-to-business marketing but we will provide clear unsubscribe facilities.
To support you: This may include assisting with the resolution of issues relating to the websites or services, whether by email, or otherwise.
If you are a Client: By signing a contract, you are entering into a contract. We will process your data as we consider necessary to fulfil our contractual obligations. We may share your information with accountants to demonstrate our HMRC compliance and other legal obligations.
If you are an Employee/ Crew Member: we will process your data as we consider necessary to fulfil our respective contractual obligations. We will also process your data as necessary to meet our respective legal obligations in respect of payroll processing and HMRC compliance.
How we share your personal information
We will not share any of your personal information with any other third parties without your permission unless:
• We suspect any form of illegal behaviour.
• It is necessary by law, regulation or legal proceedings.
• It is required to comply with our contractual obligations and enforce our Terms and Conditions.
• The third party is acting in a professional capacity, for example as a regulator, auditor, accountant or appointed data processor and has suitable confidentiality and privacy measures in place.
For example, if you contract with us we’ll collect your address details and pass them to our courier in case we need to deliver something to you.
How we protect your personal data
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
If we become aware that there has been a security breach and that your personal data may have been compromised, we will take appropriate steps to rectify the breach and we will contact you as soon as reasonably practical.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
|Purpose||Type of personal data||Time to store|
|Marketing and Communication||Contact Information and history for marketing purposes. Different types of personal information in marketing material||One year for contact information. Five years for marketing material|
|Sales and Customer Care||Contact Information and sales and support history||Up to seven years|
|Film Production||Contact information and media||Up to seven years|
|Procurement||Contact information and purchase history||Up to seven years|
|Legal||Contact information and different types of contracts and reports||While contracts are valid but at least seven years. Legal reports at least seven years|
|Financials||Contact information and financial history||Seven years of accounting history|
|HR||Contact information and sensitive personal information – not only for employees/ crew members but also job applicants and former employees.
That information may be held on systems within an organisation or processed by third parties, for example third party payroll processing and cloud hosted HR systems.
|Up to lifetime according to contracts and laws|
|IT||Contact information, images and IT usage||For a short time as possible for IT usage. Otherwise up to seven years, unless more due to laws|
Your right to access, correct and erase your data
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions on our website or follow the email link. Alternatively send your request to [email protected]
You also have rights to:
• know what personal data we hold about you, and to make sure it’s correct and up to date. This is called a subject access request. In order to receive such information, please send your request, including your full contact details, to our registered address.
• request a copy of your personal data, or ask us to restrict processing your personal data or delete it. This is also known as the ‘right to be forgotten’. We will anonymise or delete your data in response to this request unless there is an overriding reason for not doing so.
• object to our continued processing of your personal data.
You can exercise these rights at any time by sending an email to [email protected]
You have the right to request erasure of your personal data. Requests to be ‘forgotten’ will be fulfilled once any overriding reason for delay has ceased to apply. Copies of your data may also be retained to satisfy legal, regulatory and accounting requirements.
For example, as some crew members have an employed status and we have to put them on payroll to make appropriate NI/ PAYE adjustment to salary, we have a statutory duty to retain personal information for six full tax years after they have been employed by us.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to [email protected] We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch.
We prefer to communicate with you by email ([email protected])– this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
We will bring any substantial changes to your attention by email. Your continued use of the service will constitute your acceptance of any changes.