This version is effective from: [August 2021]
This Privacy Notice (“Privacy Notice”) sets out how Phoenix Talent Management Limited processes your personal data in connection with the provision of our website at Phoenix Model Management – (“Site”) and the talent agency services we provide to our clients (“Services”).
We will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Notice, but we encourage you to review this Privacy Notice periodically to keep up to date on how we use your personal data. If we update this Privacy Notice, we will update the effective date at the top of the page.
[Your access to and use of our Site is subject at all times to our Website .]
1.Purpose of this privacy notice
This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data.
When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.
This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).
2.About Us
The Site is made available by Phoenix Talent Management Limited (“Phoenix Talent”, “we”, “us, “our”). Phoenix Talent is the data controller responsible for your personal data. Phoenix Talent is an English company (No: 12021521) with its registered office at 41 Ability Plaza Arbutus Street, London, England, E8 4DT.
3.How to contact us
If you have any questions about this Privacy Notice or want to exercise set out in this Privacy Notice, you can contact us using the following methods:
| On Site | Contact us using the details on our Contact Us page. |
| Send us an email at: [EMAIL ADDRESS]. |
4.What personal data we collect
In providing our Site we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Site and includes the following:
| Identity Data | First name; last name |
| Contact Data | Email address; telephone number; social media handle |
| Financial Data | Bank account details. |
| Transaction Data | Details about payments made between you and us (or payments that we make to the organisation that we engage you through); details of Services provided by us to our clients. |
5.How we collect and receive personal data
We collect and receive personal data using different methods:
| Personal data you provide to us | You may give us your personal data directly, for example, when you contact us with enquiries. |
| Personal data received from third parties | We may receive personal data about you from third parties. Such third parties may include third parties that provide technical services to us so that we can provide our Site. |
| Publicly available personal data | From time to time, we may collect personal data about you (Identity Data or Contact Data) that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through news stories or posts on social media platforms). |
6.Who we collect personal data about
We collect and process personal data from the following people:
| People who contact us with enquiries | If you contact us with an enquiry or submit a complaint we will collect and process your personal data in connection with your interaction with us. |
| People who work for our clients and suppliers | If you work for one of our clients or suppliers and have responsibility for placing orders with us, administering your organisation’s account with us, or handling our orders or our account with your organisation, we will process your personal data in connection with your organisation’s relationship with us. |
| Visitors to our office and other locations that we use |
7.How we use your personal data
We use your personal data for the purposes set out in this section. If we wish to make any changes to these purposes, or if we wish to use your personal data for any purpose that is not listed in this section, we will notify you using the contact details we hold for you.
Fulfilment of our Services
| Fulfilment of our Services |
Where you are personnel of or otherwise represent one of our clients, we collect and maintain personal data that you provide to us or that we otherwise receive in connection with the Services that we provide. We will use this for the purpose of supplying our Services. The personal data we process may include your Contact Data, Financial Data and Transaction Data (where applicable and to the extent that this constitutes your personal data). We process this information so that we can fulfil the supply of Services and for record-keeping purposes. If you attend one of our offices, we will process personal data about you that we receive in connection with your visit or any enquiries that you have. This will usually include your Contact Data, and any other personal data you volunteer. Note, our Services are also subject to separate terms and conditions between us and our clients. Our legal basis for processing It is in our legitimate interest to use personal data in such a way to ensure that we provide the Services and manage your visit to our office in an effective, safe and efficient way. |
Enquiries via the Contact Us page
Receipt of products and services from our suppliers.
| If we have engaged you or the organisation you represent to provide us with products or services |
If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others. The personal data we collect from you may include your Identity Data and Contact Data and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent. Our legal basis for processing It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or the organisation you represent, or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the products and services that you or your organisation provides, and provide our Services to others, in an effective way. |
Security
| If we need to use your personal data in connection with the administration of our security measures |
We have security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We may require visitors to our premises to sign in on arrival and, where that is the case, we will keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident). Our legal basis for processing It is in our legitimate interests to process your personal data so that we can keep our premises secure and provide a safe environment for our personnel and visitors to our premises. |
Business administration and legal compliance.
| If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business |
We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; (iii) to protect the rights of third parties; and (iv) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets. Our legal basis for processing Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent. |
8.If you fail to provide your personal data
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to process an application for a job role. In these circumstances, we may have to cancel your application in which case we will notify you.
9.How we obtain your consent
Where our use of your personal data requires consent, you can provide such consent at the time we collect your personal data following the instructions provided, or by informing us using the contact details set out in the “ ” section above.
10.Third-party links
This Privacy Notice only applies to personal data processed by us through your use of our Site and/or in connection with our business operations. However, from time to time, our Site may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.
When you use a link to go from our Site to another website (even if you don’t leave our Site) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. For example, our Site invites you to connect with us on social media platforms such as Instagram. When you click on the links we provide to such third-party platforms, you will be transferred from our Site to the relevant third-party platform and the privacy notice (and other terms and conditions) of that platform will apply to you.
We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.
11.Sharing personal data
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), as set out in the table below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.
| Third-party suppliers who provide applications/ functionality, data processing or IT services | We share personal data with third parties who support us in providing our Site and help provide, run and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service providers, identity management, website design, hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. |
| Payment providers and banks | We share personal data with third parties who assist us with the processing of payments and refunds. |
| Delivery and courier companies | We share personal data with suppliers who assist us in the delivery of our Services to our customers. |
| Event partners and suppliers | When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event. |
| Auditors, lawyers, accountants and other professional advisers | We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in. |
| Law enforcement or other government and regulatory agencies and bodies | We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation. |
| Other third parties | Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation. |
12.Transfers outside the UK and the European Economic Area (“EEA”)
Where necessary in order to provide our Site, we will transfer personal data to countries outside the UK and the EEA.
Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.
When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.
| Adequacy decisions | We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. |
| Model clauses | Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. |
13.How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see the “Your rights as a data subject” section below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for example for statistical purposes in which case we may use this information indefinitely without further notice to you.
14.Confidentiality and security of your personal data
We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Site.
15.Personal data of minors
Our Site is not intended for use by, or targeted at, minors (individuals under the age of 18) and we do not knowingly collect personal data of minors. However, this does not prevent minors from providing personal data to us. If we do collect personal data of minors, we will comply with all applicable laws and regulations relating to the processing of personal data of minors.
If you are under the age of 18, you must not use our Site and you must not provide us with any personal information. If we discover that we are holding the personal data of a minor, we will delete that information as soon as possible. Please contact us if you have reason to believe that a minor may have submitted personal data to us (see the “ ” section above).
16.Your rights as a data subject
You have certain rights in relation to the personal data we hold about you. These rights include the right: (i) to obtain copies of your personal data; (ii) to have your personal data corrected or deleted; (iii) to limit the way in which your personal data is used; (iv) to object to our use of your personal data; (v) to transfer your personal data; (vi) not to be subject to decisions based on automated processing (including profiling); and (vii) to complain to a supervisory authority. If you would like to exercise any of these rights, please contact us using the details set out in the “ ” section above.
| Your right of access | If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies. |
| Your right to rectification | If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them. |
| Your right to erasure | You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly. |
| Your right to restrict processing | You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly. |
| Your right to data portability | You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party. |
| Your right to object | You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes. |
| Your rights in relation to automated decision-making and profiling | You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us. |
| Your right to withdraw consent | If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “ ” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email. |
| Your right to lodge a complaint with the supervisory authority |
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “ ” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk. |