PRIVACY POLICY
This privacy policy establishes how we, IAM Castings, collect, store and use data about you whilst interacting with our website, https://www.iamcastings.com (our website).
This privacy policy takes effect from the 25/08/2018.
Our details
The data controller in relation to our website is IAM Castings. The registered address of the data controller is Top Floor, 119 Roman road, Bethnal Green, London, E2 0QN. You can contact the data controller by writing to its registered address or by sending an email to iam@iamcastings.com.
The Data Protection officer is Kieran Jay Johnson. You can contact the data protection officer by writing to Top Floor, 119 Roman road, Bethnal Green, London, E2 0QN or by sending an email to Kieran@iamcastings.com.
If you have any questions regarding this Privacy Policy, please contact the data controller.
What is personal data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What are my rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
1. The right to be informed about how we collect and use of your personal data.
2. The right to access the personal data we hold about you.
3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
4. The right to be forgotten.
5. The right to restrict the processing of your personal data.
6. The right to object to us using your personal data for a particular purpose or purposes.
7. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
8. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Information we collect when you visit our website
Information we collect from our website visitors will be listed throughout this section.
Web server information
We use a third-party company to host our website called Squarespace, their privacy policy can be found here: https://www.squarespace.com/privacy/. When you visit our website, the server will automatically log the:
· IP address you access the website with
· pages that have been visited
· information that has been requested
· timestamps of the requests
· referring website
· your browser version and operating system
Our server is located within the USA.
Use of server log information for IT security purposes
We collect and store server logs to ensure network and IT security. This may include analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: we have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.
Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: we have a legitimate interest in using your information for the purposes of ensuring network and information security.
Cookies
Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a client and can be accessed either by the web server or the client computer.
We use cookies on our website, including necessary and analytical. For further information on how we use cookies, please see our cookies policy which is available here: https://www.iamcastings.com/cookie-policy/.
Information collected when you contact us
We collect and use information from individuals who contact us as outlined within this section.
Information collected when using our websites contact form
When you use our contact form, we collect your first and last name, email address, subject, message and IP address. There is an optional Headshot upload where potential models can upload their images.
Mandatory fields must be provided to submit a message and for us to receive your enquiry.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): It is in our interest to respond to messages we receive via our website and as well as keep a record of all correspondence.
Information collected when directly emailing us
When you send an email to us using an email address that is displayed on our website, we collect your email address and any additional information you provide. This may include, but is not limited to, your name, phone number and details within your signature.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): It is in our interest to respond to emails we receive and as well as keep a record of all correspondence.
Information collected when calling us
When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us.
We do not record phone calls.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): It is in our interest to answer phone calls and to deal with enquiries.
How long we retain your information
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. The following factors will be used to determine how long your personal data is kept for:
Server logs
Access logs are overwritten every 100 days.
Error logs are overwritten every 200 days.
Correspondence and enquiries
when you make an enquiry or correspond with us for any reason, whether by email, via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 6 further months, after which point we will delete your information.
How your information is secured
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
• only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
• using secure servers to store your information;
• verifying the identity of any individual who requests access to information prior to granting them access to information;
• using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website;
How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses listed within the section entitle Our details. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one week of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within no more than one month. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
CHANGES TO OUR PRIVACY POLICY
We reserve the right to make changes to this Privacy Policy at any time and for any reason. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site, and you waive the right to receive specific notice of each such change or modification.
You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.