Malou Model Management Data – January 2020
Mw. M.M. van der Tas
Contact details are available on the following website: www.maloumodelmanagement.com
In this privacy statement, we refer to ourselves as ‘us’, ‘we’ and ‘our’.
When referring to the website, we mean: www.maloumodelmanagement.com
If you are using the website, analytic cookies will be used by default to collect and analyse statistics (Google Analytics). These do not or only minimally affect website visitors’ privacy. The cookies are retained for approximately 6 months. This does not involve us processing complete IP addresses and no complete IP addresses or other data are shared with Google.
We will keep digital and/or physical files on our models, our clients/customers, and business relations. This may mean that we process personal data. We do this in order to execute the contracts with our models and our customers/clients and to obtain assignments and build our database of models.
- Which personal data are involved?
The personal data we process are the following:
- Name, Address, City;
- Telephone Number, E-mail Address, Instagram;
- Citizen Service Number;
- Date of Birth, Age;
- Body Measurements, Hair Colour, Eye Colour;
- Talents and skills;
- IBAN Number and other payment details;
- Copy of Proof of Identity;
- Client, Fee;
- VAT Number;
- Certificate of Residence;
- Copy of travel documents and work permits;
- Contract-Related Financial and Invoicing Data of Clients.
- Disclosure to Third Parties.
We will only disclose the personal data of models to:
- The tax authorities; we are obliged under applicable laws and regulations to process and share certain personal data with the tax authorities;
- (Potential) clients, in as far as necessary within the context of paragraph a) above;
- Other international modelling agencies, in as far as necessary within the context of paragraph a) above;
- Other entities which are involved in the contract such as travel agencies, airline companies, hotels, transport companies, in as far as necessary within the context of paragraph a) above;
- We may also use the services of third parties such as photographers, cosmeticians, and stylists. During these services we may also disclose personal data, but only in as far as necessary or useful within the context of paragraph a) above;
- We will not disclose personal data to (other) third parties, unless necessary within the context of paragraph a) above.
- Our suppliers or service providers.
In order to process personal data, we use software which is provided by one or more third parties and for which they offer support. We also use IT service providers. These entities may also have access to personal data (often for a limited time only).
- Time periods.
We keep personal data during the period the model is registered with us. Personal data which are necessary or useful for our legal position are kept for 6 years. In the case of fiscal data, we act in accordance with the time periods set by the tax authorities. Personal data processed on the basis of permission granted are kept for as long as that permission lasts.
- From whom we receive personal data?
We may obtain personal data in a number of ways: from our models, from clients, colleagues/competitors, from the tax authorities, from an accountant or administrator or from public sources such as social media.
- Publishing data.
We will publish personal data about models on our website and on social media such as Instagram, Facebook, and YouTube. (The personal data published are name, gender, images, and other personal characteristics.) We do this to execute the contracts with our models in order to get assignments. It is technically possible for third parties to copy these data, but this is outside our control.
Personal Data Security
Personal Data are processed within a secure environment and stored inside and outside the EU. If processing outside the EU it concerns countries with an adequate level of protection. We have implemented security measures on several levels. We will periodically assess the level of security and amend our security policy if necessary.
Data Subject Rights
The person whose personal data we process (the data subject) has a number of rights under the General Data Protection Regulation. In summary, these are as follows:
- The Data Subject has the right to access the personal data about them that are being processed;
- They have the right to have their personal data corrected;
- They have the right to request erasure of their personal data;
- They have the right to restrict processing;
- They have the right to data portability;
- They have the right to object;
The exact definition of these rights and any limitations are listed in the General Data Protection Regulation. We act in accordance with the data subject rights as stated in this regulation.
If you feel your data privacy rights have been breached, you are entitled to submit a complaint to the Data Protection Authority in the Netherlands (https://autoriteitpersoonsgegevens.nl).
If a breach in data security has taken place, we will report this to the Data Protection Authority in the Netherlands without undue delay, unless it is improbable that such a breach of data security involves a risk to the rights and freedoms of living persons.
If the breach in data security does in all probability involve a high risk to the rights and freedoms of living persons, we will immediately report such a breach in data security to the data subject.