The law relating to data protection changed on 25th May 2018 when the General Data Protection Regulation (GDPR) came into force. It is a new piece of EU legislation (Regulation (EU) 2016/679) that will replace the Data Protection Act 1998 and will be in force in the UK until the UK leaves the EU. A new Data Protection Act (DPA), currently going through Parliament, will apply post Brexit. Under the GDPR, organisations are required to provide individuals with information about the use and processing of their personal data. Aitken Alexander Associates Ltd want the way we deal with your data to be transparent. This note is intended to help you understand how you can maintain control of your information and to explain our role.
YOUR PERSONAL DATA
As you know, we collect and handle some of your personal data in order to negotiate deals and generally conduct business on your behalf internationally. You will have been asked by us to supply this information and this includes your name, email address, other contact information such as residential addresses or social media identifiers, phone numbers, bank details, date of birth, nationality and photographs. In other words, it covers any and all information about you that is capable of identifying you. Under the GDPR we are ‘data controllers’ of your information. We are called ‘controllers’ because we make decisions about how your data is used – for example sharing your biography and author photo with publishers or other companies we approach on your behalf to sell your copyright works or services (or to whom we have already sold the same). We also pass on contact details in appropriate circumstances – and we ‘process’ your data when we carry out basic activities like storing, deleting and changing the information that we hold.
Some of the data we might hold is classed as special category information, and this requires more protection. This comprises details relating to an individual’s health, ethnic origin, political, religious or philosophical beliefs, genetic or biometric data, sexual life or orientation or any criminal record. Where you provide such information that is not in the public domain, we will ensure we have your clear consent before using it.
COLLECTING AND USING YOUR DATA
We collect data from you when we enter into a client agreement with you or a contract with a third party that we handle on your behalf, and at other times to help us conduct business on your behalf (primarily) in the sale of your copyright works or services and to enable us to pay over any sums received by us on your behalf.
Your information is used in pursuance of our legitimate business interests in relation to the rights and/or services you permit us to sell on your behalf and you will normally authorise us to receive information about you from your publishers or production entities or other third parties who contract your rights or services, such as information about your contracts, performance, royalties or fees.
SECURITY AND DATA PROCESSING
We take our obligation to protect the information you give us very seriously, and we always take care when using and processing it. For example, only Aitken Alexander employees who are contractually bound to confidentiality have access to your financial information. We hold your data on our servers (currently in the EU) and take all reasonable precautions to ensure that your personal data remains secure. We assure you that we have adequate procedures to avoid data security breaches and to protect your data from accidental or unlawful disclosure, damage, destruction or loss.
DATA SHARING AND RETENTION
We will keep your personal data in accordance with our legal obligations and share it only where applicable in a professional capacity. We will retain your information for as long as it is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes. For clarity, we will share your personal information when appropriate with third parties such as:
- Our service providers: third parties we work with to deliver our business (including, for example, hosting or operating the website and our databases and site analytics);
- Publishers, licensees, sub-agents, advisors, broadcasters, film and television financiers and distributors, production companies and service companies: if we represent you, any publishers or other licensees of your work (or prospective publishers and licensees) as well as sub- or co-agents, advisors (such as your solicitor or accountant) and editorial service providers, where applicable.
- Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
- Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, HMRC, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
GDPR is about protecting individuals and their rights in respect of their personal information. It is designed to ensure that an individual can maintain control over their information. Under GDPR you can:
- Request access to, deletion of, or correction of your personal data
- Request your personal data be transferred to another person
- Complain to a supervisory body (talk to your primary agent or any of the directors of the company)
However, please note that even if you choose to move your business to another agency and we have negotiated any business on your behalf where the revenue continues or it is possible will continue (i.e. an advance earning out) we still need to keep personal data regarding you so that we can account to you properly.