Shakehaus Data Protection Policy 2024

1. Introduction

At Shakehaus, a dynamic film, TV and audio production company led by Managing Director Margarita Veberaite, we recognize the importance of privacy and the protection of personal data in our creative and collaborative endeavours. This policy outlines our commitment to safeguarding personal data in accordance with the Data Protection Act 2018, the GDPR, and other pertinent legislation, reflecting our dedication to the principles of data protection by design and by default.

2. Scope of the Policy

This comprehensive policy applies to all aspects of operations at Shakehaus, covering employees, contractors, consultants, freelancers, and third-party partners. It encompasses all personal data processed in the course of our film and TV production activities, including but not limited to data related to cast, crew, and production partners.

3. Data Protection Principles

Shakehaus adheres to the following principles for processing personal data:

• Lawfulness, Fairness, and Transparency: Ensuring all data processing activities are lawful, fair, and transparent to the data subjects.
• Purpose Limitation: Collecting data strictly for legitimate purposes related to our production activities.
• Data Minimization: Limiting data collection to what is directly relevant and necessary.
• Accuracy: Keeping personal data accurate, complete, and up-to-date.
• Storage Limitation: Retaining personal data only for as long as necessary for its intended purpose.
• Integrity and Confidentiality: Securing personal data against unauthorized access, loss, or damage.

4. Data Subject Rights

We recognize and facilitate the rights of data subjects, including the right to access, correct, delete, or restrict the processing of their personal data, the right to data portability, and the right to object to data processing.

5. Lawful Basis for Processing

Processing of personal data at Shakehaus is based on clear lawful grounds, such as the consent of the data subject, the necessity for the performance of a contract, compliance with a legal obligation, or other legitimate interests related to our film and TV production activities.

6. Data Security

Implementing robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction is paramount. This includes physical security measures, encrypted storage solutions, and secure data transfer protocols.

7. Data Sharing and Transfers

Personal data may be shared with third parties, such as production partners and service providers, under strict contractual terms ensuring compliance with data protection laws. International data transfers will be conducted in compliance with GDPR, ensuring adequate levels of protection.

8. Training and Awareness

Shakehaus commits to regular training programs for all personnel to foster awareness and understanding of data protection principles, practices, and the importance of safeguarding personal data.

9. Data Breach Response

A structured response plan is in place to address any data breaches, including immediate containment measures, assessment of the breach’s scope and impact, notification of relevant authorities, and communication with affected individuals as required by law.

10. Data Retention Policy

In addition to the principles above, Shakehaus adheres to a Data Retention Policy. Personal data will be retained only for the duration necessary for the original purpose. After this period, data will be securely disposed of in line with legal requirements.

11. Bring Your Own Device (BYOD) Policy

Shakehaus acknowledges the potential benefits and risks associated with BYOD. Employees opting to use personal devices must be authorised by their line manager. They are required to adhere to security standards, ensuring corporate data’s safety and preventing risks such as malware. Management reserves the right to withdraw authorization if personal devices pose risks to the organization.

Schedule 1

Summary of Data Breach Notification Obligations