Last updated: 19/05/2018
Starbrite Studios Limited treats the privacy of its customers, prospective customers and website users very seriously and we take appropriate security measures to safeguard your privacy.
Personal data is any information relating to an identifiable living person. Starbrite Studios processes personal data for numerous purposes. For each purpose the means of collection, lawful basis of processing, disclosure, and retention periods may differ.
If you have any questions, please write to the Data Protection Officer at Starbrite Studios Limited, Units 13-15 Brookfield Business Park, Clay Lane, Shiptonthorpe, York, YO43 3PU or email firstname.lastname@example.org.
In accordance with the Data Protection Act 1998 we are registered with the Information Commissioner’s Office (ICO) and our registration number is ZA183835.
You provide us with personal data via completion of paper-based and electronic forms or over the telephone. This may also include sensitive information received directly from you in relation to the performance of services we have been engaged to, or may be engaged to carry out on your behalf.
We may also keep information contained in any correspondence you may have with us by post or by email.
The provision of this personal data is essential for us to be able to provide those services for which we have been engaged, or may be engaged. This means that our lawful basis for holding this personal data is one or more of the following:
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity. This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR).
We use your personal data to provide, manage and fulfill those services that we have been engaged, or may be engaged to provide to you. At all times we undertake to protect your personal data, in a manner which is consistent with Starbrite Studio’s duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will always take all reasonable security measures to protect your personal data in storage and in transit. As applicable, the information you provide may be used to (this list is not exhaustive):
We monitor the services provided to customers for quality purposes, which may involve processing personal data stored on the relevant customer file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to customer engagements.
Providing our customers and potential customers with information about us and our range of services – We use contact details to provide information that we think will be of interest about us and our services. For example, other services that may be relevant and invites to events.
Complying with any requirement of law, regulation or a professional body of which we are a member – As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We will keep information about you confidential and secure. We will never share personal data with any third party unless it is within our lawful basis for doing so and we will never share your data outside of Starbrite Studios for marketing purposes. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security policies.
As part of the services offered to you, the information which you provide to us will be stored within the EU. Occasionally however, data may be transferred to countries outside of the EU via the use of services utilised by our IT providers. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
We keep information in line with the retention policy guidelines of Starbrite Studios. These retention periods are in line with the length of time it is considered necessary for the purpose for which it was collected. They also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next.
We take the security of all the data we hold very seriously. We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
If ownership of any part of Starbrite Studios changes, you expressly consent to Starbrite Studios transferring your information to the new owner or successor entity so that we can continue providing our services in accordance with our engagement terms.
The General Data Protection Regulation (GDPR) grants you, the data subject, the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly and certainly within one month from the point of receiving the request and all necessary information from you.
You have the right to request from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed. This may involve providing a supplementary statement to the incomplete data.
You shall have the right to request from us the erasure of personal data concerning you without undue delay, unless we are required to retain information in order to fulfill our legal obligation or the holding of the data is in accordance with our lawful basis for doing so.
Subject to exemptions, you shall have the right to restrict the processing of your data where one of the following applies:
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, unless this relates to processing that is necessary for the performance of a contract carried out in the compliance of a legal obligation, public interest or an exercise of official authority vested in us. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
If you would like to invoke any of the above data subject rights with us, please write to the Data Protection Officer at Starbrite Studios Limited, Units 13-15 Brookfield Business Park, Clay Lane, Shiptonthorpe, York, YO43 3PU or email email@example.com.
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Data Protection Officer at Starbrite Studios Limited, Units 13-15 Brookfield Business Park, Clay Lane, Shiptonthorpe, York, YO43 3PU or email firstname.lastname@example.org and we will do our best to help you.
If your complaint is not resolved to your satisfaction you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO website.