The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law.
We take our data protection responsibilities seriously and this notice reflects the obligations set out in the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and any laws in England giving effect to its provisions.
Who We Are
Suite Ltd is the Data Controller of the information we collect about you. You can contact us for general data protection queries by email to firstname.lastname@example.org Please advise us of as much detail as possible to comply with your request.
Principals of Data Protection
The GDPR requires that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
How We Collect Information About You
- Information you have given to us during the course of your bookings with us
- Forms you have completed and given to us
- Information that you have given us over the telephone
- Emails that you have sent to us
- Information that you provide by filling in forms on our website
- Information that we have obtained from publicly available sources
- Website / App Cookies and similar technologies
- We track your use of our website and apps through cookies and other similar technologies so that we can provide important features and functionality, monitor its usage, and provide you with a more personalised experienced
The Personal Data We Collect
Personal data is defined as any data, which relates to a living individual who can be identified from the information held. In order to carry out our business, we hold data personal data such as:
- Your Name, Job Title, Business Address
- Telephone number
- Email address
Why The Data Is Held
- To assess and provide the products or services that you have requested
- To communicate with you
- In case of Emergency (when you are physically located at Suite)
- To provide you a lunch service
- To market our products or services
- For the purposes of our legitimate interests as a business, we may collect and use your personal data for direct marketing (with appropriate options to opt-out at any time)
Recipients of Personal Data
We choose our service providers carefully and require them to take appropriate security measures to protect your personal data. We will share your personal data with the following recipients:
- Microsoft 365 (used for all email / calendars)
- Zoom (for client meetings)
- Signiant (for the use of their Media Shuttle file transfer product)
- iZettle (to process credit card payments – where you request an email receipt)
- AWS (where auto transcription or other services have been requested)
- Mail Chimp (email marketing)
- We may be instructed by production company management to use any number of services that require your personal data. In these circumstances it is the responsibility of the production company requesting these actions to ensure these companies adhere to GDPR principals.
Transfer of Data Oversees
Personal data we collect from you in certain circumstances will be transferred, stored and/or processed outside the European Economic Area (“EEA”). Specifically we may transfer your personal data to the USA.
This would occur in the following cases:
- We use our Signiant Media Shuttle service to send you a file transfer you have requested
- We use our Frame.io service to send you a Review and Approval presentation you have requested
- We use Zoom for client meetings
- We use AWS as part additional services we may offer
The above services with the exception of Survey Monkey and Zoom, are built on AWS, and rely on the “AWS GDPR Data Processing Addendum” which includes the Standard Contractual Clauses to cover the transfer of data to the USA.
For Survey Monkey (Momentive) and Zoom we rely on their “Data Processing Agreement” which includes the Standard Contractual Clauses to cover the transfer of data to the USA.
Retention and Deletion
We will hold your personal data only for so long as is necessary for us to do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we no longer need to process your personal data for the purposes set out in this notice then we will delete your personal data from our systems.
You have the right to ask us not to process your personal data for marketing purposes. You can unsubscribe from our direct marketing at any time by clicking the “Unsubscribe” link in any of our emails or by contacting us at email@example.com
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request the correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Lodge a complaint regarding the processing of your data with the Information Commissioner’s Office.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact firstname.lastname@example.org