Data Protection Policy

1. Introduction

This Data Protection Policy outlines how The Actors Forge Ltd. (referred to as "the Organization") collects, uses, stores, and protects personal data in compliance with relevant data protection laws, including the General Data Protection Regulation (GDPR).

2. Purpose

The purpose of this policy is to ensure that all personal data handled by the Organization is managed in a way that is compliant with legal requirements, respects individuals' privacy, and protects against data breaches.

3. Scope

This policy applies to all employees, contractors, and third parties who process personal data on behalf of the Organization. It covers all personal data, whether stored electronically or in hard copy.

4. Data Protection Principles

The Organization is committed to processing personal data in accordance with the following principles:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

  2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  3. Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date.

  5. Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than necessary.

  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

5. Data Collection

The Organization will collect personal data only for legitimate purposes, including but not limited to:

  • Student enrollment and administration

  • Employment and contract management

  • Audition and casting processes

  • Marketing and promotional activities

  • Financial and billing purposes

6. Data Subject Rights

Individuals have the following rights regarding their personal data:

  1. Right to Access: Individuals can request access to their personal data.

  2. Right to Rectification: Individuals can request correction of inaccurate or incomplete data.

  3. Right to Erasure: Individuals can request deletion of their personal data under certain conditions.

  4. Right to Restriction of Processing: Individuals can request restriction of processing under certain conditions.

  5. Right to Data Portability: Individuals can request to receive their data in a structured, commonly used, and machine-readable format.

  6. Right to Object: Individuals can object to the processing of their personal data under certain conditions.

  7. Rights Related to Automated Decision-Making: Individuals have the right not to be subject to decisions based solely on automated processing.

7. Data Security

The Organization implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Access controls to personal data

  • Secure storage of physical and digital records

  • Regular data protection training for employees

  • Encryption and anonymization where appropriate

  • Regular security assessments and audits

8. Data Breach Notification

In the event of a data breach, the Organization will promptly assess the risk to individuals and report any significant breach to the relevant supervisory authority within 72 hours, if required by law. Affected individuals will also be notified if the breach is likely to result in a high risk to their rights and freedoms.

9. Data Retention

The Organization will retain personal data only as long as necessary for the purposes for which it was collected or as required by law. A data retention schedule will be maintained to ensure compliance with this principle.

10. Third-Party Processors

Where the Organization engages third-party processors, it will ensure that they provide sufficient guarantees to implement appropriate technical and organizational measures to comply with data protection laws.

11. Responsibilities

All employees and contractors of the Organization are responsible for adhering to this policy. Specific responsibilities include:

  • Data Protection Officer (DPO): Overseeing compliance with data protection laws and this policy.

  • IT Department: Implementing and maintaining data security measures.

  • HR Department: Managing employee data in accordance with this policy.

  • Marketing Department: Ensuring marketing activities comply with data protection requirements.

12. Policy Review

This policy will be reviewed annually or more frequently if necessary to ensure continued compliance with data protection laws and best practices.

14. Contact Information

For any questions or concerns regarding this policy or the Organization's data protection practices, please contact:

Daniel Lemon
Dan@theactorsforge.com
07716936100