The Sound Agency takes seriously its responsibilities regarding the data protection and rights of its customers, business contacts, suppliers and employees. We follow the principles laid out under EU Regulations 2016/679 General Data Protection Regulation (GDPR).
The Sound Agency is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals. This policy aims to give you information on how The Sound Agency collects, processes and stores your personal data.
- Contacting Us
- The Data Protection Principles
The Sound Agency adheres to the following principles when processing your personal data:
- Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
- The Personal Data we Collect
The Sound Agency will only use your data as the law allows and ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric data). The Sound Agency’s website is not intended for children and we do not knowingly collect data relating to children.
The Sound Agency collects information when you may choose to provide us with personal data when: you are introduced to us, we meet you in person or we are in contact by phone, email, via our website or otherwise. We also collect personal data during recruitment and employment processes.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may directly collect, use, store and transfer different kinds of personal data about you as follows:
- first name and last name
- job title and company name
- email address
- phone number
- postal address
- date of birth and gender (where required by law)
- billing address, delivery address, bank account and payment card details (as required)
- transaction data including details about payments to and from you and other details of products and services you have purchased from us.
In addition, we may collect information about you that is publicly accessible, eg Companies House, or which you have made public on websites associated with you or your company or social media platforms such as LinkedIn.
- How we Use Your Data
We use your data:
- To provide you with information and services that you request from us.
- To send you communications regarding The Sound Agency which we believe may be of interest to you.
- To invite you to seminars or events that we believe may be of interest to you.
- To enforce the terms and conditions of any contracts entered into with you.
- To comply with legal obligations to ensure you are paid.
- To share your data with third parties, professional providers e.g. accountants, payroll, storage/back-up services.
- Data Security
The Sound Agency shall ensure that the highest security measures are taken with respect to all communications and other transfers involving personal data; secure storage of data, disposal, use of personal data and IT security. Security guidelines are adhered to and staff are trained to be aware of both their individual and The Sound Agency’s responsibilities under the GDPR.
Where data processing is carried out on our behalf by a third party, we will ensure that appropriate security measure are in place and that they handle personal data securely and are bound to do so in accordance with the principles of the GDPR.
Despite these precautions, The Sound Agency cannot guarantee the security of information transmitted over the internet or that unauthorised persons will not obtain access to personal data. In the event of a data breach you and any applicable regulator will be notified as required.
- Data Retention
The Sound Agency shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We may need to retain personal data for up to 7 years after we cease providing services and products to you where it is necessary to comply with legal obligations.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
- Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as “data subject access request – SARs”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we many not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy (b) where our use of the data is unlawful but you do not want us to erase it (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise of defend legal claims or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Exercising your rights
If you wish to make a SAR you should contact The Sound Agency’s Privacy Manager at firstname.lastname@example.org. You should expect a response within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made (we will inform you if any additional time is required). You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
In the event that any affected personal data has been disclosed to a third party those parties will be informed of any rectifications that have to be made.
- Assignment Clause
In the event that the company is sold, the new business owner will hold the personal data only to use it for the same purposes as originally acquired.
- Data Protection Impact Assessment
The Sound Agency has carried out a Risk Assessment and will regularly review all methods and processing; particularly for any and all new projects and/or new uses of personal data [which involve the use of new technologies and the processing involved is likely to result in a high risk to the rights and freedoms of data subjects under the GDPR].