Last Updated 18.03.2019
This Privacy Notice sets out the basis on which we will process the personally identifying information (‘Personal Data’) that we collect and receive from and about our suppliers and casual workers.
Our privacy commitments
We will only collect, keep, use and share Personal Data for legitimate business purposes that we explain here below, or if we’re legally required to do so.
We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed.
For as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safety measures.
We collect and process the following data about you if you are a Secret Group supplier or casual worker:
Contact information (such as your name, email address, phone number, postal address). Our legal basis for the collection and processing of this data is the administration of a contract you have entered or are looking to enter into with Secret Group.
Information about your work and contract history with SGL. Our legal basis for the collection and processing of this data is our legitimate interest in keeping accurate records of all of our suppliers and their services.
Contract information (such as start dates, hours worked, post, roles and rates)
Financial information (such as your bank account details)
Qualifications and references (such as previous project details, qualifications, and licences)
Our legal basis for the collection and processing of this data is:
The administration of a contract you have entered or are looking to enter into with Secret Group.
Our legitimate interest in keeping accurate records of all of our suppliers, casual workers and their services
The performance by Secret Group of our obligations under our contract(s) with you; and
Our legitimate interest in verifying the identities and qualifications of our suppliers and casual workers .
We use your Personal Data:
For the administration of your contract with Secret Group and to contact you about your contract (for example to set up a credit account);
To contact you about past and future work opportunities (for example to request a quote for a service);
To make payments in relation to your work for Secret Group (for example to pay your invoice);
To verify your qualifications and proficiency (for example to follow up references) .
Secret Group will not sell your information. Secret Group will not share your information without consent unless our contract with you, the law and/or our policies allow or require us to do so. As at the date of this Privacy Notice, we share relevant Personal Data with the following third parties;
HMRC, located in the EEA. https://www.gov.uk/help/privacy-policy
We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following:
Google Drive, Privacy Shield Certified. https://cloud.google.com/security/compliance/eu-data-protection/
Microsoft Exchange, Privacy Shield Certified https://privacy.microsoft.com/en-GB/privacystatement
1and1 IONOS, https://www.ionos.co.uk/terms-gtc/terms-privacy/
Slack, located in the U.S. Privacy Shield Certified. https://slack.com/privacy-shield-notice
Whatsapp (part of Facebook, Inc.), located in the U.S. Privacy Shield Certified. https://www.whatsapp.com/legal/#privacy-policy
Facebook Messenger, located in the U.S. Privacy Shield Certified. https://www.facebook.com/privacy/explanation
DocuSign, located in the U.S. Standard Contractual Clauses have been signed. https://www.docusign.com/company/privacy-policy
Event Safety Plan, located in the EEA. https://eventsafetyplan.com/support/terms-of-use/data-protection-policy
Deputy.com, located in the EEA. https://www.deputy.com/gdpr
Zapier, located in the US. https://zapier.com/privacy/
Banking Tools: Barclays.net, located in the EEA https://www.barclayscorporate.com/digitalchannels/privacy.html
HR Tool: BambooHR, located in the U.S. Privacy Shield Certified https://www.bamboohr.com/privacy.php
International Data Transfers
We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.
For EU residents; Secret Group Limited is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. We are a limited company registered in England and Wales (registered no. 05071764) with registered offices at 7 Savoy Court, London WC2R 0EX.
For California residents; “Do Not Track” (DNT) has been promoted by US regulatory authorities for the internet industry to develop and implement a mechanism that allows internet users to control the tracking of their online activities across websites.
Secret Group currently does not respond to DNT browser signals.
We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.
We regularly review our security systems to ensure that your Data remains safe and secure.
Duration of Storage
We retain your personal data during the period of your contract and for 24 months after you cease to work for us. After that time, unless there is a need to retain that data for purposes connected with protecting our interests or those of third parties we will erase all data other than that needed to comply with our statutory obligations and maintain necessary basic personnel and financial records.
Your Rights in Relation to Personal Data
You have the right to update and correct the personal information we hold about you. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data or object to continued processing where it is excessive or no longer required for the purpose for which it was collected. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner www.ico.gov.uk.
Changes to our Privacy Notice
We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be noted on www.secretcinema.org/supplier-and-casual-workers-privacy-notice and if we consider it to be appropriate we will notify you of any material changes by e-mail.
Secret Group Limited is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. We are a limited company registered in England and Wales (registered no. 05071764) with registered offices at 7 Savoy Court, London WC2R 0EX.
If you would like to know what information we hold about you or if you have any other queries or complaints in relation to this Privacy Notice, or our Sites, our contact details are as follows:
Secret Group Limited, 7 Savoy Court, London WC2R 0EX.