News 17 October 2017
  views
Author: Rebecca Rose

GRM Daily – Cookie & Privacy Policy

17 October 2017
  views
Share
Share

Cookie Policy

Cookies

Cookies are small text files that can be stored or recorded on any of your automated devices when you decide to visit a website. Their function is to ensure that the website works efficiently.  They can be used to track your movements within the website.

Strictly Necessary Cookies

We do use ‘Strictly Necessary Cookies’ to:

  • assess how the website is used and to enhance the use and functionality of the website; and
  • customise the website and products provided to your needs and preferences. 


Security Cookies

Cookies that are used to monitor your personal data in order to prevent or deter any fraudulent activity.

Other Types of Cookies

We may at times, subject to your ‘consent’, use the following cookies that have the relevant definitions below.

 

  • Performance Cookies

 

Cookies used to collect data on how visitors use a website, which pages of a website are visited most often, or if they get error messages on web pages.

  • Targeting/Advertising Cookies

Are designed to collect information from you on your device to display advertisements to you based on relevant topics that interest you.

 

  • Social Media Cookies

 

Cookies that are used when you share information using a social media sharing button or “like” button on our sites or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter or Google+.

 

  • Third Party Cookies (Profiling)

 

Cookies (such as Google Analytics) which are used for all ad retargeting and behavioural advertising. Advertisers can track a user or their device across different websites by using tags. That helps build a profile of the user based on their habits, so messages can be better targeted to their interests.

Google Analytics

 

Provided that you consent to the use, we may also use Google Analytics cookies to assess your data.

 

Google Analytics is a web analysis service of Google Ireland Limited that analyses how users interact with the site. 

 

Google will use this information to assess your use of our website, to compile reports on website activity and to provide us with other services related to website and Internet use. 

We will use the IP the anonymisation tool offered by Google Analytics in order to ensure anonymous collection of IP addresses (so-called IP masking).

 

The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.  

Google may transfer, store and process your personal data in the United States or any other country in which Google maintains facilities under its standard contractual clauses available here The data is automatically deleted after 14 months.

Controlling your Cookies

You can control the manner by which the cookies are used on this website here.

You can also stop Google from collecting data relating to your use of the website and other websites by installing this opt-out tool: https://tools.google.com/dlpage/gaoptout?hl=en.

 

Please visit https://support.google.com/analytics/answer/6004245.

You can also delete cookies by amending the settings on your browser. 

Please visit: http://www.allaboutcookies.org/manage-cookies/.

PRIVACY NOTICE

  1. INTRODUCTION 

 

We appreciate the fact that you are parting with your personal data and that you trust our organisation with your personal data.   The security of your personal data is of fundamental importance to us. 

  1. OUR SERVICES

 

Grime Daily Ltd is a media platform involved in the promotion, advertising and marketing of musicians.

 

Grime Daily Ltd will initially process your personal data to ascertain whether they can provide you with any of their services.

It is only once your video has been successfully reviewed by Grime Daily Ltd that you will be invited to sign a service agreement with Grime Daily Ltd.

  1. PURPOSE OF THIS PRIVACY NOTICE

This is Privacy Notice is aimed at ensuring that you are aware of the categories of personal data we intend to process on your behalf; the reasons why we intend to process your personal (including sensitive data) and that we are in compliance with the General Data Protection Regulations  (GDPR) as implemented in the UK as the Data Protection Act 2018.

 

Please read and acknowledge the following Privacy Notice relating to your personal data and your sensitive data.  We want to bring this Privacy Notice to your attention at the time we are collecting your personal data from you.

  1. CONTROLLER

For the purpose of the General Data Protection Regulations (the “Regulations”), the data controller (‘Controller’) is Grime Daily Ltd, a company registered in England and Wales under company number 06992717, whose registered office is, Kemp House, 152-160 City Road, London EC1V 2NX.

Contact details for the ‘Controller’: 

[email protected]

  1. YOUR PERSONAL DATA THAT WE PROCESS

We process the following personal data.  This list is not exhaustive. 

Full Name
Short Names
Emails
Signatures
Video (moving images)
Photographs
Phone Numbers

  1. Lawful Reasons for Processing your Personal Data

We will be processing your personal data (including sensitive data) for legitimate purposes.  In order to ensure that you can:

  1. fulfil your contractual obligations with us; 
  2. for legal obligation reasons;
  3. for reasons of vital interests;
  4. for legitimate interest reasons provided that this can be justified;
  5. you have provided us with your explicit consent.

  1. Lawful Reasons for Processing Special Categories of Personal Data

 

Sensitive Data – Purpose for Processing

 

We will be processing your personal data (including sensitive data):

  1. in order that we can meet our obligations in the field of social security protection law;
  2. the processing is necessary for legitimate activities with appropriate safeguards in place;
  3. it is necessary due to substantial public interest reasons;
  4. processing is for archiving purposes;
  5. we have obtained your explicit consent.

This list is not exhaustive.

In the event that you do provide your name, your video and email in the ‘Submit a Video’ link to the website you will be required to provide express consent to Grime Daily Ltd processing your video which will include special categories of personal data. It is only once Grime Daily Ltd have reviewed your video and have agreed to provide you with their respective services further that you will enter into a contract with Grime Daily Ltd.

 

You have the right to withdraw consent at any time by contacting the Controller. 

  1. Unable to Process Personal Data

In certain circumstances if we do not have your personal or sensitive data we will not be able to fulfil our obligations with you under your contract. Therefore if you decide not to part with your personal data this may lead to the termination of your contract with our organisation.

 

  1. Disclosure of your Personal Data to Third Parties

  1. In order for us to carry out our services on your behalf we may need to disclose your personal data and sensitive data to third parties. 
  2. The reasons are would be:
  1. in order that we can fulfill our obligations towards you under our contract of services; and /or
  2. for legal or tax compliance reasons;
  3. for any other legal obligation purpose; or
  4. there is a legitimate interest present which can be justified.

The third parties are to be:

  • Tosedu Ltd
  • Batsford & Co
  • Dropbox
  • Xero Software
  • HMRC
  • Companies House (if applicable)
  • GoDaddy Outlook

 

This list is not exhaustive

 

  1. Assurances under the GDPR

 

Grime Daily Ltd is committed to getting assurances from each third party processor that they are GDPR compliant.

 

  1. Non-liability Your Disclosure to Third Parties

 

If you have provided your personal data voluntarily to the third party processors then the Controller accepts no responsibility regarding how this personal data will be processed by that third party processor.

 

  1. Our Commitment to Processing your Personal Data in compliance with the GDPR

 

12.1 Principle 1 – Lawful Purpose (Article 5 of the GDPR)

 

We will be processing your personal data for lawful reasons as outlined in clauses 6 and 7 of this Privacy Notice.

 

12.2 Principle 2 – Specific Purpose & Limited (Articles 5 & 6 of the GDPR)

 

We will ensure that any personal data (including sensitive data) that we process will be specific, legitimate and limited.

 

12.3    Principle 3 – Adequate, Relevant & Limited

 

We only want to process your personal data and sensitive data which is adequate, relevant & limited.

 

    1. 12.4.Retention

 

Any personal data we retain from you in the course of carrying out our contractual services with you will be retained by us for a period of time which ensures that we are in compliance with our legal obligations. For further information please contact the Controller and request our Retention Policy.

 

12.5   Duration – Retention of Your Personal Data


We will keep your personal data as follows:

  • for the duration of our business relationship with you; and
  • after any termination of any agreement for a period that does not exceed 6 years. The retention is required for tax and legal compliance reasons; or
  • in certain circumstances where further retention is required to comply with a legal obligation.


We will delete your personal data after the legal and tax requirement period has been fulfilled.

 

Please contact the Controllers for a copy of the ‘Retention Policy’.

 

12.6. Principle 4 & 5 – Accuracy of your Personal Data – Principle 4 & 5 (Article 5 of the GDPR)

 

We want to ensure that your personal data is kept up to date. 

 

If any of your personal data changes during the life-time of our business relationship with you, please kindly contact the Controller in order that your personal data can be amended.

 

We will not be responsible in any way for your failure to notify of us of any changes

to your personal data.

    1. 12.7.Principle 6 – Ensuring Security

We are committed to:

  • protecting the confidentiality, integrity and availability of the information we collect, stores, transfers and processes on your behalf in order that they meet the legal requirements.
  • For more information please refer to our Security Policy.
  • ensuring that actual or suspected breaches of information security are reported and investigated in accordance with our Breach Policy.

 

  1. Consent

 

One of the lawful reasons for processing your personal data, is if you provide us with consent. If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data.

 

Please also note the following:

  • we want you to provide your consent explicitly and freely; and
  • in the event that you do provide consent you have the right to withdraw your consent at any time.

 

For further information please contact any of our Appointed Person(s) for the ‘Consent Policy’.

 

  1. Your Rights

 

While we keep your personal data you have the following rights:

  • Right to request access to your personal data, know as a ‘Subject Access Request’ (SAR)
  • Right to rectification of your personal data
  • Right to request your personal data to be transferred to another organisation (right to data portability). However, we do not have this facility
  • Right to object to the processing of your personal data (see right to object notice)
  • Right to erasure of your personal data
  • Right to restrict the processing of your of personal data
  • Right not to be a subject to automated decision-making process (including profiling). However, we do not have this facility
  • Right to be informed
  • Right to make a complaint to the ICO in the event you feel your complaint has not be handled by Grime Daily Ltd correctly

Subject Access Request requirements

 

A SAR can be requested verbally by you, however in order for us to ensure that we can verify your ID we will require you to:

  1. complete a SAR Form. This form can be requested from any of the Appointed Person(s);
  2. return the SAR Form with a certified copy of your ID and also your 2 month’s utility bills. You can also attend the offices in order to verify your ID;
  3. We will not be under any obligation to provide you with any personal data unless your ID is verified.

 

  1. Subject Access Requests – Time-scale

 

We aim to process the SAR within 1 month, however it may take a further 2 months. In which case if there is a delay, we will notify you of such delay in writing.

 

  1. Subject Access Request Details

 

You can at any time request the following information from our organisation: 

  • The full name(s) and contact details of who has been processing your personal data including name of the controller and any

Appointed Persons(s) responsible for processing the personal data;

  • A list of personal data & sensitive data which has been processed by the controller
  • If the personal data was obtained by a third party; details of such third party 
  • Details of any recipients including third country details
  • The reasons why these forms of personal data have been processed (lawful reasons etc & compliance with key principles)
  • Sensitive data – consent – if not legitimate reasons for processing
  • Where the personal data has been located (third party/controller’s platform/computer system) including security 
  • Retention Periods – the length of time your personal data will be processed
  • Compliance with the key principles which are disclosed in this privacy document
  • If your personal data has been processed outside the EU, details of any representative(s)
  • Your rights (object, restrict, erasure etc) which are listed in this privacy document
  • Your right to make a complaint to the Information Commissioner’s Office