GDPR Policy

Effective Date: 31 May, 2023


This GDPR Policy outlines the data protection practices and procedures implemented by Taylor & Grace (“the Agency”) to comply with the General Data Protection Regulation (GDPR) and protect the personal data of individuals associated with our agency, including clients, employees, contractors, and visitors. This policy sets out our commitment to privacy and the steps we take to ensure the confidentiality, integrity, and security of personal data.

Data Controller and Data Protection Officer
The data controller responsible for the processing of personal data within the Agency is:

Craig Bulman

The Data Protection Officer (DPO) appointed by the Agency is:

Simon Taylor

Lawful Basis for Data Processing

The Agency will only process personal data when there is a lawful basis for doing so, as defined by Article 6 of the GDPR. We will ensure that at least one of the following conditions is met:

  • The data subject has given explicit consent for the processing of their personal data
  • Processing is necessary for the performance of a contract to which the data subject is a party
  • Processing is necessary for compliance with a legal obligation to which the Agency is subject
  • Processing is necessary to protect the vital interests of the data subject or another natural person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
  • Processing is necessary for legitimate interests pursued by the Agency or a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject.

Types of Personal Data Collected and Processed

The Agency may collect and process the following types of personal data, depending on the nature of the relationship with the individual:

  • Contact information (name, address, email, phone number)
  • Identity information (date of birth, ID/passport number)
  • Financial information (bank account details, payment information)
  • Employment information (CV, work history, qualifications)
  • Marketing preferences
  • Any other data required for the provision of services or compliance with legal obligations.

Purpose and Legal Basis for Processing Personal Data

The Agency will process personal data for the following purposes:

  • To provide and deliver our creative services to clients
  • To communicate with clients, employees, contractors, and other stakeholders
  • To manage and administer employee and contractor relationships
  • To comply with legal obligations, such as tax and employment laws
  • To promote our services and conduct marketing activities (with appropriate consent where required)
  • To ensure the security and integrity of our systems and protect against fraud or unauthorised access.

Data Subject Rights

Individuals whose personal data is processed by the Agency have the following rights:

  • The right to be informed about the collection and use of their personal data
  • The right of access to their personal data
  • The right to rectify any inaccurate or incomplete personal data
  • The right to erasure (right to be forgotten) under certain circumstances
  • The right to restrict or object to the processing of their personal data
  • The right to data portability, where applicable
  • The right to withdraw consent at any time (if consent is relied upon as the lawful basis for processing)
  • The right to lodge a complaint with the appropriate supervisory authority.

Data Retention

The Agency will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Once the retention period expires, personal data will be securely deleted or anonymised.

Data Security

The Agency takes appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. These measures include,