Icon Films Privacy Notice and Cookies Statement
Our cookies policy can now be found here.
In preparation for GDPR, Icon Films has performed a full data audit and amended its data policies.
KEY DETAILS OF THIS POLICY:
- Policy prepared by: GDPR Committee
- Approved by board / management on: TBC
- Policy became operational on: 25/5/2018
- Next Review date: 25/5/2019
Icon Films needs to gather and use certain information about individuals.
These can include employees, freelancers, suppliers, business contacts, partners, customers and other people / organisations the company has a relationship with or may need to contact.
This policy describes how personal data will be collected, handled, stored and destroyed to meet the company’s data protection standard and to comply with the law.
WHY THIS POLICY EXISTS:
This data protection policy ensures that Icon Films:
- Complies with data protection and GDPR laws and follows good practice
- Protects the rights of staff, customers and partners
- Offers transparency about how individuals’ data is processed and stored
- Mitigates the risk of a data breach
DATA PROTECTION ACT:
The Data Protection Act 1998 (DPA) and subsequent GDPR legislation describes how organisations – including Icon Films – must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
The DPA and GDPR legislation are underpinned by important principles, on which this policy is based. These are that personal data must:
1: Be processed reasonably and lawfully
2: Be obtained only for specific, lawful purposes
3: Be adequate, relevant and not excessive
4: Be accurate and kept up to date
5: Not be held for any longer than necessary
6: Processed in accordance with the rights of data subjects
7: Be protected in appropriate ways
8: Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensure an adequate level of protection
What We Need
Icon Films is the ‘Controller’ of the personal data and information provided to us. We only collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, email etc.
Why We Need It
We need basic personal data for employment, legal, financial and business reasons. We will not collect any personal data from you we do not need.
What We Do With It
All the personal data we collect is processed by our staff in the UK, however for the purposes of IT hosting and maintenance this information is located on servers within the EU. No 3rd parties have access to your personal data unless the law allows them to do so.
We have a Data Protection protocol in place to oversee the effective and secure processing of your personal data.
How Long Will We Keep Data?
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. The information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive communication from us.
What Are Your Rights?
If at any point you believe the information we process on you is incorrect you can request information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our GDPR Committee who will investigate the matter. We will reply to any request within 30 days.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can contact Icon Films directly at: firstname.lastname@example.org, or complain to the Information Commissioner’s Office (ICO).
The policy will be reviewed on an annual basis. Our full Data Protection Policy wording can be found here (link to full external doc).
Icon Films will not pass on your personal data to third party companies without first obtaining your consent.