GDPR Policy

GDPR Policy

Last Updated: [1st Feb 2024]

1. Introduction

Sussex Film and Media (“we”, “our”, or “us”) is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR Policy outlines our practices for the collection, processing, storage, and protection of personal data.

2. Scope

This GDPR Policy applies to all personal data collected, processed, and stored by Sussex Film and Media in the course of our business activities, including but not limited to:

  • Data collected from clients, employees, contractors, and other individuals
  • Data collected through our website, services, and communications

3. Principles of Data Processing

We adhere to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it for any other purposes.
  • Data minimisation: We collect only the personal data that is necessary for the purposes for which it is processed.
  • Accuracy: We ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage limitation: We retain personal data for no longer than is necessary for the purposes for which it is processed.
  • Integrity and confidentiality: We implement appropriate technical and organisational measures to ensure the security of personal data and protect it from unauthorised access, disclosure, alteration, or destruction.

4. Types of Personal Data Collected

We may collect the following types of personal data:

  • Contact information (e.g., names, email addresses, phone numbers)
  • Identification information (e.g., ID numbers, passport details)
  • Demographic information (e.g., age, gender, location)
  • Employment information (e.g., job titles, company names)
  • Financial information (e.g., payment details)
  • Other information provided voluntarily by individuals

5. Purposes of Data Processing

We may process personal data for the following purposes:

  • Providing services to clients
  • Communicating with individuals
  • Managing relationships with clients, employees, and contractors
  • Marketing and promotional activities
  • Compliance with legal obligations

6. Legal Basis for Processing

We rely on the following legal bases for processing personal data:

  • Consent: When individuals have given clear consent for specific processing activities.
  • Contractual necessity: When processing is necessary for the performance of a contract with individuals.
  • Legal obligations: When processing is necessary to comply with legal obligations.
  • Legitimate interests: When processing is necessary for our legitimate interests, provided that such interests are not overridden by individuals’ rights and interests.

7. Data Subject Rights

Individuals have the following rights regarding their personal data:

  • Right of access: To request access to and obtain a copy of their personal data.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of personal data under certain circumstances.
  • Right to restrict processing: To request restriction of processing of personal data under certain circumstances.
  • Right to data portability: To receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object: To object to processing of personal data under certain circumstances.
  • Rights in relation to automated decision-making and profiling: To not be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning them or similarly significantly affect them.

8. Data Security Measures

We implement appropriate technical and organisational measures to ensure the security of personal data, including but not limited to:

  • Encryption of personal data
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Employee training on data protection practices

9. Data Breach Notification

In the event of a data breach involving personal data, we will notify the relevant supervisory authority and affected individuals in accordance with GDPR requirements.

10. International Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA) when necessary for the purposes described in this GDPR Policy. We ensure that such transfers are made in compliance with applicable data protection laws and that adequate safeguards are in place to protect the personal data.

11. Updates to GDPR Policy

We may update this GDPR Policy from time to time to reflect changes in our data processing practices or legal obligations. We encourage individuals to review this GDPR Policy periodically for any updates.

12. Contact Us

If you have any questions or concerns about our GDPR compliance or this GDPR Policy, please contact us at:

Sussex Film and Media
create@sussexfilmandmedia.co.uk