PRIVACY POLICY & DATA PROTECTION

1. Introduction

We are Paulo Ribeiro Management Ltd (“we” or “us”), a company registered in England and Wales. Our company registraIon number is 07923053 and our registered office is at Winterton House, First Floor West, Market Square, Westerham, TN16 1AQ. Our registered VAT number is GB133 2439 39.

This privacy policy sets out the basis on which we collect, use and disclose your personal data. Please read this policy carefully alongside any applicable Terms & Conditions to understand our views and pracIces regarding your personal data and how we will treat it.

1. Our responsibilities

For the purpose of the applicable Data Protection Legislation on Act 2018, we control of any personal data we process. We are responsible for ensuring our systems, processes, suppliers and people comply with Data Protection Legislation in relaIon to the personal data we handle.

We require our people to comply with this privacy policy and our Data Protection Policy when dealing with personal data. We have a Data Protection Manager who is responsible for overseeing and enforcing the compliance of our business and people with the Data Protection Legislation, and for ensuring our people receive regular compliance training.

We take personal data breaches very seriously, and are required to noIfy the information Commissioner’s Office in the event of such a breach.

When using, collecIng and disclosing personal data, we follow the key data protection principles.

We have policies, procedures and records to demonstrate compliance with the principles, as further detailed in our Data Protection Policy.

1. How we collect, use and disclose your personal data
   1. 3.1.Models & Talents (including potential models & talents): we collect your name, address, email address, DOB, body measurements, tel number, next of kin, naIonality, employment, images/photographs and any other information that you might share in our model applicaIon form online or written at the agency. Your data will be destroyed if you are unsuccessful in your applicaIon. If you are successful, please refer to our Model Contract.
   2. Clients: Your name, business information, identification documentation and payment details will be collected for relaIonship management and file opening is collected from you directly and further information (e.g. to verify your idenIty) may be collected from third parIes, such as publicly available sources. When you contact us via email or telephone, we may collect any personal data you provide to us. All addiIonal personal data is collected when supplied to us, or created by us in connection with a parIcular matter on which we are engaged. We shall only transfer personal data to third party which is limited to the relevant purpose and it is adequate protected.
   3. People: Your name, address, contact details, educaIon and employment history, background checks (financial and criminal), identification documentation, right to work status, information relaIng to next of kin/ dependants, and financial information including bank details and idenIfiers (e.g. NaIonal Insurance numbers). We may also process sensiIve personal data such as health details, racial origin, religious beliefs and information about offences/ alleged offences. Your personal data will be collected from various sources including, your applicaIon form/CV, providers of background checks, notes and records kept for the duraIon of your employment (including absences, appraisals, disciplinary acIon), providers of occupaIon health services. Your personal data will be used for the following purposes of human resources administraIon, assessing suitability/eligibility and/or fitness to work, security; and training.
2. Transfer of Data between Jurisdictions

Personal data may be transferred to one of our Mother Agents for the purposes of fulfilling our obligaIons to our Models, Talent and Clients. We also use a number of suppliers in connection with the operation of our business and they may have access to the personal data we process. For example, an IT supplier may see  our  personal  data  when  providing  soaware  support,  or  a  company  which  we  use  for  a  markeIng campaign may process contacts’ personal data for us. When contracIng with suppliers and/or transferring personal data to a different jurisdiction, the firm takes appropriate steps to ensure that there is adequate protection in place and that the principles are adhered to. Our Booking System is operated by CDS Global.

1. Your rights

Personal data must be processed in line with an individual’s rights, including the right to: 5.1- Request a copy of their personal data;

1. 1. 5.2.- Request that their inaccurate personal data is corrected;
   2. 5.3.- Request that their personal data is deleted and destroyed when causing damage or distress; and
   3. 5.4.- Opt out of receiving electronic communications from us.

Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Manager using the contact details provided at the end of this privacy policy.

Our  People  must  noIfy  or  inform  the  Data  Protection  Manager  immediately  if  they  receive  a  request  in relaIon to personal data which the firm processes.

The  Data  Protec)on  Legisla)on  gives  you  the  right  to  access  information  held  about  you.  Your  right  of access can be exercised in accordance with the Data Protection Legislation (as applicable).

1. Security

Information security is a key element of data protection.  We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. Our policy and approach to information security is contained within our Data Protection Policy.

1. Cookies

Our website uses cookies to disInguish you from other users of our Website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our Website.

1. Changes to our privacy policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, noIfied to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

1. Contacts and complaints

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed by wriIng to us at info@prm-agency.com.

You  should  direct  all  complaints  relaIng  to  how  the  firm  has  processed  your  personal  data  to  the  Data Protection Manager.

Our People must inform the Data Protection Manager immediately if they receive a complaint relaIng to how we have processed personal data so our complaints procedure can be followed.

APPENDIX

Affiliate Talent Agencies: model and/or talent agencies in jurisdictions outside of the UK who have either:

1. engaged us to provide modelling and/or talent agency services on their behalf in the UK.; or
2. been engaged by us to provide modelling and/or talent agency services on our behalf in a jurisdiction outside of the UK.

Clients: any person, business or other organisaIon who engages, or is looking to engage, the services of our Talent.

Controller:  a  personal/organisaIon  who  determines  the  purpose  for  which,  and  the  way,  any  personal  data  is processed.

Data Protection Policy:  our  internal  data  protection  policy  which  sets  out  how  we  keep  personal  data  secure, including technical measures (e.g. encrypIon of personal data, restricted access to personal data, monitoring and tesIng systems for unauthorised access, backups   of personal data), roles and responsibiliIes of individuals and the scope of protection.

People: all people providing services to or working for us, including but not limited to our employees, directors, members, and contractors.

Personal  data:  information  (including  opinions)  which  relates  to  an  individual  and  from  which  he  or  she  can  be identified  either  directly  or  indirectly  through  other  data  which  we  have  or  are  likely  to  have  in  our  possession. These individuals are sometimes referred to as data subjects.

Personal  Data  Breach:  a  breach  of  security  leading  to  the  accidental  or  not lawful  destruction,  loss,  alteraIon, unauthorised disclosure of, or access to, personal data transmi\ed, stored or otherwise processed by an organisaIon electronically. A personal data breach may mean someone outside the organisaIon gets unauthorised access  to  personal  data,  but  a  breach  can  occur  if  there  is  unauthorised  access  within  the  organisaIon  or  if  an employee accidentally alters or deletes personal data.

Principles:  the core data protection principles underlying the Data Protection Legislation, which specify personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legiImate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including protection against unauthorised or not lawful processing and against accidental loss, destruction or damage, using appropriate  technical  or  organisational  measures.  Additionally,  organisations  must  adhere  to  the  principal  of accountability.

Process: the ‘processing’ of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing any operation of the personal data (including erasure/destruction).

Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Purpose: the purposes identified in the “Purpose” column of the tables in secIon 3 of this privacy policy (How we collect, use and disclose your personal data), as applicable.

Talent: models and/or other talent who have engaged, or are looking to engage, our modelling and/or talent agency services and are or are considering being, represented by us.

Terms and Conditions: https://www.prm-agency.com/terms-and-conditions

Third party: a person, organisaIon or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.