Dusty Stage Limited (DSL, us, we) is committed to protecting and respecting your privacy. When you or your professional advisors supply DSL with your information, we take appropriate steps to ensure it is treated securely. This Policy is in line with the new General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.
This Policy may periodically change in keeping with the European-wide law. If and when any changes are required, you will be notified by email if we are required to do so by statute. Otherwise, we reserve the right to change this policy from time to time and you may request a copy of the then-current policy by contacting us at any point.
Any questions regarding the Policy and DSL privacy practices can be sent by email to firstname.lastname@example.org.
This Policy clarifies why we collect information and explains how we use it, the conditions under which we may disclose it to others and how it is secured. Dusty Stage Limited (DSL) is a production company, primarily involved in the production of Dusty the Musical.
DSL registered business address is 11 Garrick Street, London, WC2E 9AR.
When you agree to conduct business with DSL we collect information from you or your professional advisors via, email, telephone, written correspondence, verbal and all other methods of communication.
Information we may obtain includes the following:
- Job Title
- Date of Birth
- Passport or Visa Information
- Phone Number
- Email Address
- Bank Details
- VAT Number
- Emergency Contact Details
- Payroll Details, including Pension, UTR and NI Numbers
- Health and Medical History Details (only as required for insurance or statutory purposes), including but not limited to declaration of health forms; medical consent forms; emergency contact information and insurance claims.
Please note that we may have more information held on file, if you would like the specific details of what we hold please contact us via email@example.com.
Your information is only used for legitimate business purposes; for us to fulfil the terms of our contractual agreement with you; for us to comply with a legal or regulatory obligation; or where you have otherwise consented to our use of your personal data.
If you or your professional advisors fail to provide the data when requested, we may not be able to perform our contractual obligations and therefore it is important that the data we hold on you is accurate and current and you bear responsibility for updating us of any information we require.
DSL shall review its retention of such data on a 10 year basis and DSL shall not sell or rent your information to any third parties.
Disclosure of your personal data
DSL may pass your information to third party providers including, but not limited to: agents, creative and production team members, sub contactors and other associated organisations for the purposes of providing our services to you.
However, when we use third party service providers, we shall only disclose the information that is essential to deliver our service save as expressly set out in this policy, or as otherwise required or permitted by law.
DSL shall never release information to non-work related third parties for them to use for their own direct marketing purposes, unless you have explicitly requested DSL to do so, or unless we are required to do so by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Following the termination of any contractual obligations we may bear under our agreement with you, you are permitted to ask us or third parties to stop storing data on you, provided doing so would not be in contravention of any statutory obligation on our (or the third party’s) part.
Non-sensitive details (email addresses etc.) are usually transmitted over the internet and this can never be guaranteed to be 100% secure. Consequently, whilst DSL makes every endeavour to have the appropriate malware/virus protection installed alongside our IT department, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
DSL shall continue to make best efforts in ensuring your data is secure on our systems. We limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate business reason to access such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality
Storing your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
International Data Transfers
Under specific circumstances, you have the right to request:
- access to a copy of your data stored;
- correction to your data;
- erasure of your data where there is no legitimate business or legal reason for us or a third party keeping it;
- object to processing of your data where this is no legitimate or legal reason for us doing so;
- withdrawing consent at any times to your data being stored, though in doing so we may not be able to perform our obligations to the Principle Agreement;
- and other such rights as are permitted under GDPR
We reserve the right to charge you a reasonable fee in complying with your request to exercise your rights under this clause.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests.
As a company we are responsible for meeting the GDPR obligations and ICO requirements and have all the requisite policies and procedures in place to adopt ‘best practice’ in our commitment to implementing GDPR.
This policy was reviewed May 2018.