FortyTwo Studio Limited promises to respect any personal information you share with us and to process your information securely and keep it safe. We aim to be clear when we collect your information and not do anything you wouldn't reasonably expect.
FortyTwo Studio’s data protection and security measures are governed by the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the UK Data Protection Act 2018 (“DPA 2018) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time and then any successor legislation to the GDPR or the DPA 2018 (“Data Protection Legislation”).
For the purpose of Data Protection Legislation
Where personal information is provided directly to FortyTwo Studio through use of our website, general enquiries, account management & communications, job vacancies or any other means where FortyTwo Studio is determining the way in which that personal data is processed for its own use, then we will be the Data Controller of such information.
Where FortyTwo Studio provides services to its business clients (under Performance of Contract) including making decisions on hosting, software platforms and technology for clients to use in their business operations, FortyTwo Studio will be a Data Processor. As part of our Data Processor obligations, appropriate technical and organisational measures to ensure processing meets Data Protection Legislation requirements and protect Data Subjects’ rights will be implemented at all times.
How to contact us
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us at FortyTwo Studio, 126 Crown Street, Aberdeen AB11 6HQ.
This policy includes:
- What is Personal Information
- What Personal Information we collect
- How we use your Personal Information
- Data Security
- Visitors to our Website
- Direct Marketing including Social Media
- How long will we hold your Personal Information
- Your Rights
What is Personal Information?
Personal information means data that relates to an identified or identifiable individual. For example, it can be as simple as a name or a number or could include other identifiers such as an IP address, cookie identifier, payment details, or other factors. It does not include information where a person’s identity has been removed (anonymous data).
What Personal Information we collect
Where FortyTwo Studio is acting as a Data Controller, we may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, job title and date
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Technical & Usage Data includes information about how you use our website and social media channels, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website
- Enquiry Data includes information you provided us with when you contact us
- Recruitment Data includes information you provide when you apply for a job with FortyTwo Studio. This can include your CV, work history, educational details, qualifications, skills, projects, references, proof of entitlement to work in the UK, NI number, your passport or other identity document details, your current level of remuneration (including benefits), the role you’re applying for and any other similar information that you provide to us
How we use your Personal Information
We will only use your personal information when the law allows us to, i.e., if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your information, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Where we act as the Data Controller, we have set out below a description of all the ways we use your personal information, and which of the legal bases we rely on to do so.
Type of Data
To register you or the company as a new client
Performance of a Contract
To register new contacts for networking and business development opportunities
To process and deliver the Services including:
- Manage accounts, payments, fees and charges
- Manage relationship and communications
Performance of a Contract
Performance of a Contract
Website and Social Media Channels
Where we act as a Data Processor of personal data on behalf of our clients, we will process personal data under the lawful basis of Performance of Contract, in accordance with our clients’ instructions or in order to comply with a legal or regulatory obligation. Our Sub-Processors (as outlined below) are subject to comprehensive due diligence and security checks and bound by contractual obligations in-line with the Data Protection Legislation.
We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed and have various data protection and information security policies in place to which we adhere to. In addition, we limit access to your personal information to those employees, sub-processors, agents, contractors and any other third parties who have a business need to know. They will only process your personal information under the performance of a contract, on our instructions (and those of our clients) and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and taking into account the nature of the processing and the information available, FortyTwo Studio will assist our Clients in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
Visitors to our Website
Like most websites we use ‘cookies’ to improve your experience on our website and for functionality purposes. Cookies mean that a website will remember you. They're small text files that sites transfer to your computer, phone or tablet.
For more information about Google Analytics visit the Google Analytics website.
If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings in your browser settings.
When you use a social media platform and interact with FortyTwo Studio, you do so by consenting to the terms & conditions of such platforms. This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest, and YouTube. For more information, please see their individual Terms & Conditions and Privacy Policies.
Currently, we do not store any of your personal information for direct marketing purposes.
We’d like to reassure you that we have not and will not retain your information in an unauthorised way nor share, sell or pass on your details to any other 3rd party for the purposes of marketing. We will only ever share your data in other circumstances if we have your explicit and informed consent.
How long will we hold your data?
We will only retain your personal information for as long as reasonably necessary to enable us to provide you with the services that you have requested from us, fulfil any other purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time that we need to keep it. For example:
- We try to adopt a paperless approach wherever possible and securely destroy any paper correspondence we receive on a regular basis unless we are required to retain it for evidential or legal purposes
- We carry out regular audits to ensure data is up-to-date, practice data minimisation where possible and ensure purpose limitation is practiced
- We delete or return all personal information to the Data Controller (at the Controller’s choice) at the end of the contract
Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal information. These include the right to:
The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing
The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted above for our consideration
The right to rectification – If any information that we hold about you is incomplete or inaccurate, you are able to request us to correct it
The right to erasure – if you want us to permanently delete the personal data we hold for you then you can ask us to do so. Our ability to delete such personal data is subject to exceptions in accordance with Data Protection Legislation
The right to restrict processing
– if you do not like how we are using your personal data then you can let us know and we will stop processing it in that way
The right to data portability
– You may transfer the information that we hold on you for your own purposes
The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal information, then we will stop processing your personal data at the point you withdraw your consent.
To exercise any of the above rights please email your request to: firstname.lastname@example.org, with the subject heading “Data Processing Request”.
This policy was last updated September 2020