NG PERSONAL MANAGEMENT
Privacy Policy
NG Personal Management (NGPM) is committed to a policy of protecting the rights and privacy of individuals (clients, prospective clients and others) in accordance with the General Data Protection Regulation (GDPR) 2016.
The Agency needs to process certain information about its clients and other individuals it has dealings with for administrative purposes (e.g. to promote clients, pay clients, correctly complete contracts & documentation for clients, consider prospective clients for representation, to record progress and to comply with legal obligations to funding bodies and government).
To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.
Any breach of the General Data Protection Regulation (GDPR) 2016 or the NGPM Data Protection Policy is considered to be an offence. As a matter of good practice, other individuals working with the company, and who have access to personal information, will be expected to have read and comply with this policy. It is expected that when dealing with external agencies, the Agent & Data Protection Officer at NGPM (Natalie Giacone) will take responsibility for ensuring that such agencies sign a contract agreeing to abide by this policy.
GDPR Principles
The following principles are complied with when processing personal data:
-
Data is processed fairly and lawfully
-
Data is processed only for specified and lawful purposes
-
Processed data is adequate, relevant and not excessive
-
Processed data is accurate and, where necessary, kept up to date
-
Data is not kept longer than necessary
-
Data is processed in accordance with an individual’s consent and rights
-
Data is kept secure
-
Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection
Lawful Basis of Processing Data
The lawful basis of processing of data will always be determined prior to any data being processed. The laws for processing personal data under the GDPR are as follows:
Consent – the individual has given their Consent to the processing of their personal data – i.e. an actor is searching for new representation and by emailing their CV to the agency, gives their consent for the agency to use their personal data in considering representation and contacting them afterwards.
Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party – i.e. signing of the NGPM contract when joining the agency for representation
Legal Obligation – processing of personal data is necessary for compliance with a legal obligation – i.e. When submitting clients for work that requires clients to have a driving license, DBS check or you are over 25 to advertise alcohol/gambling
Legitimate Interests – processing of personal data is necessary under the Legitimate Interests, unless these interests are overridden by the individual’s interest or fundamental rights
Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual
NGPM processes personal data under one, or more, of the following Lawful Bases:
-
Consensual
-
Contractual
-
Legal Obligation
Type of Personal Data Being Processed
The type of personal data being processed may include:
-
Name
-
Address
-
Email Address
-
Date of Birth
-
Telephone Number
-
Business Name
-
Educational establishment attended
-
Demographic information such as postcode
-
Ethnicity
-
Gender
-
Allergies
-
Special Educational Needs & Disabilities
-
National Insurance Number
-
Bank Details
How Personal Data is Collected
Personal data is obtained from one or more of the following:
-
Visits and use of the NGPM website, and associated portals (Please Note: That the NGPM Website does NOT use any tracking or analytic tools. If you use a link to go through to another website e.g. Spotlight, they will have their own GDPR Privacy Notice)
-
Use of NGPM social media
-
Parties entering into agreements with NGPM
-
Requests for information about services offered by NGPM
-
Employment/Representation enquiries
Why Personal Data is Collected
Personal data is collected to provide legitimate business services which include:
-
For Marketing purposes
-
For us to review and reply to your enquiry
-
To provide an opinion for a service you have requested
-
To properly promote clients for work
-
To properly fill in documentation in regards to clients securing work e.g. job contract
-
To improve NGPM services
How Personal Data is Used
Personal data may be used to:
-
Process a request for further information and to maintain records
-
Carry out our obligations arising from any contracts entered into by you and us
-
Comply with legal requirements
-
We may use third parties (e.g. Tagmin) to carry out certain activities, such as processing and sorting data and issuing our emails for us
-
Seek your views or comments on the services we provide
-
Notify you of changes to our services
-
Send you communications which you have requested and that may be of interest to you. These may include information about newsletters & events
-
To inform you of various promotions and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of NGPM. Please note: NGPM will never send any actors unsolicited emails
-
Process a representation request
Where Personal Data is Stored
NGPM will protect personal data and keep it safe from unauthorised or unlawful access, alteration, processing or disclosure, and against accidental or unlawful loss, destruction or damage. In particular our or organisational and technical measures include;
-
NGPM will hold no paper records. Please do not send NGPM and CV’s through the post
-
Portable electronic devices, such as laptops, tablets & mobile phones that contain personal data will be kept under lock and key when not being used.
-
All electronic devices have an 8 character or more password, consisting of letters & numbers to further secure personal data. The agent (Natalie Giacone) is the only person to have this password and the password is changed & updated at regular intervals.
-
Further encryption is made on folders holding personal data
-
Norton Security is used to protect electronic devices from viruses & cyber threats
-
As little personal data as possible is kept on portable electronic devices in order to further minimize the risk of data being unduly lost. The majority of NGPM’s data is stored on Tagmin’s server, an external web based software that is used by NGPM to store data for all clients & companies we work with. Tagmin also complies with the ICO and their privacy notice can be supplied on request.
-
By submitting your data, you consent to the transfer, storage and/or processing of your data wherever it be stored. However, if your data is transferred outside the EEA, steps will be taken to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this Policy.
-
Where we need to share personal data with a third party, we carry out due diligence and take reasonable steps to ensure it is stored securely and adequately protected. NGPM will NEVER share personal data to actors who are not contractual clients of NGPM
How long Personal Data is Stored
NGPM reviews the retention periods for personal data on a regular basis. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. It will then be disposed of securely. For example, NGPM will shred paper-based records and overwrite or delete electronic files. CV’s sent to the agency for consideration of representation will be retained for a maximum of 1 month and then deleted. We do not store CV’s on file for the future.
Who has Access to Personal Data
Only the agent (Natalie Giacone) is granted access to client & company information. This is ensured by the use of strict operational processes and procedures.
-
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
-
NGPM will not sell or rent your information to third parties.
Third-Party Service Providers working on our behalf
-
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure.
-
Please Note: If you are not a contractual client of NGPM, we will NEVER share your details with anyone
Individuals’ Rights
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:
-
The right to be informed how personal data is processed
-
The right of access to their personal data
-
The right to rectification
-
The right to erasure
-
The right to restrict processing
-
The right to data portability
-
The right to object
-
Rights in relation to automated decision making and profiling
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting info@ngpersonalmanagement.co.uk
You can request that your data is updated and/or deleted at any time, unless NGPM can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.
Links to other websites/from other websites
The NGPM website may contain links to other websites run by other organisations. The NGPM Privacy Policy only applies to the NGPM website and you are encouraged to read the Privacy Statements on the third-party websites that you visit such as Google.
NGPM is not responsible for the Privacy Policies and practices of other websites even if they were accessed via the NGPM website. Equally, if you link to a website from a third-party site, NGPM is not responsible for the Privacy Policies and practices of that third-party site.
Cookies
When visiting the NGPM website, cookies have been implemented when building the website via Wix.Com. Please see the table below for the cookies that may be implemented by Wix.Com. For full explanations for what these cookies do, please visit Wix.com.
Cookie name Life span Purpose
svSession Permanent Creates activities and BI
Hs Session Security
incap_ses_${Proxy-ID}_${Site-ID} Session Security
incap_visid_${Proxy-ID}_${Site-ID} Session Security
nlbi_{ID} Persistent cookie Security
XSRF-TOKEN Session Security
smSession Two weeks Identify logged in site members (N/A as
NGPM does not have a log in section)
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.