This policy was last reviewed on 16 August 2018.
Your privacy is very important to Buffalo Pictures. We are committed to ensuring that when you choose work with Buffalo Pictures, you know what information we collect about you and how we use your information. This data privacy notice (“Privacy Notice”) is a statement that describes how we may use your personal data.
Buffalo Pictures Limited (“Buffalo Pictures”, “we“, “our” or “us”) is a film and television production company located at 2-8 Bloomsbury Street, London, WC1B 3ST, United Kingdom. “Data Protection Legislation” means the General Data Protection Regulation 2016/679 (the “GDPR”) applicable in the United Kingdom. Under the GDPR, Buffalo Pictures is a “data controller”, which means we are responsible for deciding how to hold and use certain personal data about you. We are required under the GDPR to notify you of the information contained in this Privacy Notice, which applies to current and former employees, workers and contractors.
This notice does not form part of any contract of employment or other contract to provide services. It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions, so you are aware of how and why we are using such information, and what your rights are under the data protection legislation.
2. THE KIND OF INFORMATION WE HOLD ABOUT YOU
“Personal data” means any information about an individual from which that person can be identified. Buffalo Pictures may collect, store, and use the following categories of personal data about you, which will vary in nature depending on Buffalo Pictures’ relationship with you, and the purpose for which Buffalo Pictures uses such data:
- Contact details such as name, title, home and work addresses, telephone numbers, email addresses, and emergency contact information.
- Identity data such as date of birth, gender, nationality and/or citizenship status.
- Financial data such as bank account details, tax status information, your National Insurance number, VAT numbers and/or unique tax number.
- Work and employment details such as your employment history, working hours, holidays, training records and professional memberships, details of your projects/engagements, including your filmography and credits, manuscripts, scripts, contracts, payment and fee details, royalty payments, merchandising, advertising, intellectual property rights, disputes, disciplinary and grievance information, and details of your professional advisers.
- Personal data relating to your relationship with Buffalo Pictures such as Terms of Business, copies of right to work documentation, references, samples of work and submissions (in any form including without limitation tapes, images and documents), and information included in a CV or cover letter or as part of the process of applying for a job).
- Sensitive personal categories of personal data such as your driving licence, passport, electronic signatures, photographs, videos, voice, body measurements, skin, hair and eye colour, and in limited situations, certain health information. For more information, please see our sensitive personal data section below.
3. HOW WE USE SENSITIVE PERSONAL INFORMATION
There are also “special categories” of more sensitive personal data which require a higher level of protection. Some of data held by Buffalo Pictures may fall into these special categories, such as:
- Information about your appearance, if it is appropriate given the nature of your role.
- Information about your health, if relevant for our insurance purposes.
- Criminal convictions, if it is appropriate given the nature of your role.
Buffalo Pictures will obtain your explicit consent to any processing of such data, unless Buffalo Pictures is not required to do so by law. Buffalo Pictures may only process special categories of personal data in one of the following circumstances:
- With your explicit consent. We will obtain your consent to collect, hold and disclose data concerning your health to third parties, for example where disclosure of your health records or a medical examination is a condition of your engagement on a project. In such instances, you have the right to withdraw your consent at any time. However, we do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations, or exercise specific rights in the field of employment law.
- Where Processing is necessary to protect your vital interests or those of another natural person. To collect, hold and disclose data concerning your health to third parties e.g. where disclosure of your health records is necessary for a medical emergency.
- Your public disclosure. Where the personal data we wish to process has manifestly been made public by you.
- Legally necessary or for the public interest. Where processing is necessary for the establishment, exercise or defence of legal claims or whenever Courts are acting in their judicial capacity, or where processing is necessary for reasons of substantial public interest.
4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. Most of the personal data Buffalo Pictures collects and uses about you will be provided directly by you (or third parties authorised on your behalf) as part of and during the process of your joining Buffalo Pictures.
Other information about you may be obtained by Buffalo Pictures from public sources or social media (e.g. IMDB, Wikipedia, LinkedIn, Spotlight), or information generated about you from third parties in fulfilling Buffalo Pictures’ contractual obligations to you.
5. WHY DOES BUFFALO PICTURES COLLECT AND USE YOUR PERSONAL DATA?
We will only use your personal information when the law allows us to. For more information on the legal reasons we rely upon to use your personal data, please see what are the legal grounds for processing your personal data? below.
We need all the categories of information in the list above (please see the kind of information we hold about you) primarily to allow us to perform our contract with you, and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue our legitimate interests or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are:
- Deciding whether Buffalo Pictures takes you on as an employee.
- Determining the terms of your employment.
- Business management and planning, including communicating with you.
- Fulfilling our obligations to you as your employer including payment obligations.
- Dealing with legal disputes involving you and/or Buffalo Pictures or our employees.
- Equal opportunities monitoring.
- Monitoring and keeping records of our communications with you and Buffalo Pictures employees.
- Making direct communications mainly to promote projects in which our clients are involved.
- Accounting and auditing of our business.
- Complying with any obligations under employment law.
Buffalo Pictures will only use your personal data for those situations unless Buffalo Pictures reasonably considers that it needs to use it for another reason, and that reason is compatible with the original purpose. If Buffalo Pictures needs to use your personal data for an unrelated purpose, you will be notified and we will explain the legal basis (please see What are the legal grounds for processing your personal data? below).
6. What are the legal grounds for processing your personal data?
Under GDPR, Buffalo Pictures must identify a lawful reason (each a “lawful basis”) for processing of your personal data. That basis may vary according to the nature of the personal data processed, the individual to whom it relates and the nature of the processing. There may be several grounds which justify Buffalo Pictures’ use of your personal data. us
Performance of a contract with you, if any. If you have a direct contractual relationship with Buffalo Pictures, Buffalo Pictures is entitled to process the personal data it requires in order to fulfil its obligations to you under such contract.
Compliance with legal obligations to which Buffalo Pictures is subject. In certain circumstances Buffalo Pictures may be obliged to process your personal data to comply with its legal obligations including accounting and tax purposes. For detailed information on these legal obligations, please see the Information Commissioner’s website (see below).
The legitimate interests of Buffalo Pictures or a third party. This will primarily apply when Buffalo Pictures provides services to its clients and/or in the effective management of its business. This may include:
- Contacting individuals and organisations relevant to our work and for business development purposes.
- Reviewing correspondence and documents that have been disclosed to Buffalo Pictures.
- Disclosing correspondence and documents in furtherance of your objectives.
- Engaging suppliers and personnel.
- Ensuring that its systems and premises are secure and running efficiently.
- For regulatory and legislative purposes.
- For insurance purposes and audits.
- For receiving payments and making payments.
- For securing and storing your personal data within our filing systems.
Please note that Buffalo Pictures may process your personal data, without your knowledge or consent, where this is required or permitted by law.
7. WHAT HAPPENS IF YOU FAIL TO PROVIDE PERSONAL INFORMATION?
If you fail to provide certain information when requested, may not be able to perform our contract with you. This may impact or prohibit our ability to pay you or put you forward for new projects.
8. SHARING YOUR DATA AND INTERNATIONAL TRANSFERS
Buffalo Pictures may have to share your personal data with third parties. We require all third-party service providers to take appropriate security measures to protect your personal information. Buffalo Pictures will not share or use your personal data in a way you would not expect under its contractual relationship with you. Buffalo Pictures may also share your personal data with third parties where required by law or where Buffalo Pictures has another legitimate interest in doing so.
When might we transfer your data outside of Europe? Buffalo Pictures is based in the United Kingdom, but sometimes it may be necessary to transfer your personal data outside the European Economic Area (“EEA”). Buffalo Pictures will seek and secure your explicit consent for transferring your personal data outside the EU if: (a) the transfer is not necessary for the fulfilment of Buffalo Pictures’ contractual obligations to you; (b) the EU Commission has not made an adequacy decision in respect of the country in which the recipient of the personal data is based; (c) the transfer of the personal data is not subject to appropriate safeguards as set out in Article 46 of the GDPR; (d) there are no binding corporate rules in place; or (e) no other derogation is applicable.
9. DATA SECURITY
We have put in place measures to protect the security of your information. Details of these measures are available upon request. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
10. DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
11. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Under certain circumstances, by law you may have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you wish to exercise any of these rights above, please contact us in writing at email@example.com .
You will not have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
12. RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
13. CHANGES TO THIS PRIVACY NOTICE
We may update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
14. QUESTIONS OR COMPLAINTS
If you have any questions about this Privacy Notice, please contact Sandy Poustie in the following ways:
Email address: email@example.com
Postal address: 2-8 Bloomsbury Street, London, WC1B 3ST, United Kingdom
Telephone number: +44 (0)20 3953 0650
You have the right to make a complaint to the supervisory authority for data protection issues. In the United Kingdom, this is the Information Commissioner’s Office (ICO). Their contact details are available at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.