Last Updated 16.02.2018

 

This Privacy Notice sets out the basis on which we will process the personally identifying information (‘Personal Data’) that we collect and receive from and about our suppliers and casual workers.

Our privacy commitments

  • We will only collect, keep, use and share Personal Data for legitimate business purposes that we explain here below, or if we’re legally required to do so.

  • We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed.

  • For as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safety measures.

 

Data Collection

We collect and process the following data about you if you are a Secret Group supplier or casual worker:

  • Contact information (such as your name, email address, phone number, postal address). Our legal basis for the collection and processing of this data is the administration of a contract you have entered or are looking to enter into with Secret Group.

  • Information about your work and  contract history with SGL. Our legal basis for the collection and processing of this data is our legitimate interest in keeping accurate records of all of our suppliers and their services.

  • Contract information (such as start dates, hours worked, post, roles and rates)

  • Financial information (such as your bank account details)

  • Qualifications and references (such as previous project details, qualifications, and licences)

 

Our legal basis for the collection and processing of this data is:

  • The administration of a contract you have entered or are looking to enter into with Secret Group.

  • Our legitimate interest in keeping accurate records of all of our suppliers, casual workers and their services

  • The performance by Secret Group of our obligations under our contract(s) with you; and

  • Our legitimate interest in verifying the identities and qualifications of our suppliers and casual workers .

 

Data Uses

We use your Personal Data:

  • For the administration of your contract with Secret Group and to contact you about your contract (for example to set up a credit account);

  • To contact you about past and future work opportunities (for example to request a quote for a service);

  • To make payments in relation to your work for Secret Group (for example to pay your invoice);

  • To verify your qualifications and proficiency (for example to follow up references) .

 

Data Sharing

Secret Group will not sell your information. Secret Group will not share your information without consent unless our contract with you,  the law and/or our policies allow or require us to do so. As at the date of this Privacy Notice, we share relevant Personal Data with the following third parties;

  • HMRC, located in the EEA. https://www.gov.uk/help/privacy-policy

 

Data Processors

We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following:

  1. Processors

    1. Cloud Storage

      1. Google Drive, Privacy Shield Certified. https://cloud.google.com/security/compliance/eu-data-protection/

      2. Microsoft Exchange, Privacy Shield Certified https://privacy.microsoft.com/en-GB/privacystatement

    2. Communications

      1. Slack, located in the U.S. Privacy Shield Certified. https://slack.com/privacy-shield-notice

      2. Whatsapp (part of Facebook, Inc.), located in the U.S. Privacy Shield Certified. https://www.whatsapp.com/legal/#privacy-policy

      3. Facebook Messenger, located in the U.S. Privacy Shield Certified. https://www.facebook.com/privacy/explanation

    3. Operations

      1. DocuSign, located in the U.S. Standard Contractual Clauses have been signed

      2. Event Safety Plan, located in the EEA. https://eventsafetyplan.com/support/terms-of-use/data-protection-policy

    4. Accounting Tools

      1. Xero, located in the EEA https://www.xero.com/uk/about/terms/privacy/

      2. Rubberstamp, located in the EEA https://www.rubberstamp.io/privacy.html

    5. Banking Tools: Barclays.net, located in the EEA https://www.barclayscorporate.com/digitalchannels/privacy.html

    6. HR Tool: BambooHR, located in the U.S. Privacy Shield Certified https://www.bamboohr.com/privacy.php

 

International Data Transfers

We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

 

Data Security

  • We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.

  • We regularly review our security systems to ensure that your Data remains safe and secure.

 

Duration of Storage

We retain your personal data during the period of your contract and for 24 months after you cease to work for us. After that time, unless there is a need to retain that data for purposes connected with protecting our interests or those of third parties we will erase all data other than that needed to comply with our statutory obligations and maintain necessary basic personnel and financial records.

 

Your Rights in Relation to Personal Data

You have the right to update and correct the personal information we hold about you. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data or object to continued processing where it is excessive or no longer required for the purpose for which it was collected.  Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner www.ico.gov.uk.

 

Changes to our Privacy Notice

We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be noted on www.secretcinema.org/supplier-and-casual-workers-privacy-notice and if we consider it to be appropriate we will notify you  of any material changes by e-mail.

 

Contacting us

Secret Group Limited is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. We are a limited company registered in England and Wales (registered no. 05071764) with registered offices at The Laundry Unit 22, 2-18 Warburton Road, London, E8 3FN.

If you would like to know what information we hold about you or if you have any other queries or complaints in relation to this Privacy Notice, or our Sites, our contact details are as follows:

  • Secret Group Limited, 2-18 Warburton Road, London, E8 3FN
  • info@secretcinema.org
  • 0207 739 6055