1. Who is responsible for your personal data
Hat Trick is responsible for your data, we control the data which we collect from you, and as such are registered as a data controller in the United Kingdom as required by law.
2. Obtaining your personal data
Depending on why you have come into contact with us, we might collect the following kinds of information about you:
Job applications: For jobs on our productions, you can click through to register your CV (and availability) on online talent database run by TalentBases; or for office jobs, you are invited to submit your CV to us directly.
Appearing in our productions: If you apply to, or are featured in one of our shows, it will be necessary for us to be provided with your name, contact details and possibly other personal information relevant to the particular show (e.g. a photograph). If you are being paid for appearing in one of our programmes, it will be necessary for us to have your bank details. If you have been in a public place and observed a “Filming Notice” for the recording of one of our shows, we may have film of you in the background of the public place.
3. Sensitive personal data
Certain types of personal data, such as data about your physical or mental health, your racial origin, religious beliefs or any conviction of criminal offences, are deemed “sensitive personal data” – special categories of personal data which by law require additional protection. We will only collect sensitive personal data when it is absolutely necessary, for example, for a programme we may be making on sensitive subject matters (e.g. prisons or mental health). Often it is necessary for us to make background checks on any criminal convictions you may have to ensure a safe working environment for our contributors and crew.
We will never collect sensitive personal data about you without your knowledge and consent. By providing any sensitive personal data, you explicitly agree that we may collect it and use it for the purposes which we have explained to you at the time.
4. Using your personal data
We can only use your personal data if we have a lawful reason for doing so. Under data protection law, we can only use your personal information for one or more of the following reasons:
1. When you consent to us using your data;
2. To fulfil a contract we have with you;
3. If we have a legal obligation to use your data for a specific reason;
4. When it is in our legitimate interests to do so.
Legitimate interests are our business reasons for using your data, but if we do use your personal data for our legitimate interests, we will not unlawfully put our interests above yours.
It is likely that we will have more than one lawful basis for using your personal information for a particular purpose. For example:
If we send you an email about one of our shows you are appearing in or working on, we shall be fulfilling our contract, it will be in our legitimate interests and we will also have your consent to do so; or
If we are contacting you in follow up to a business card you have given us, it will be in our legitimate interests, and we shall have your consent.
5. Tickets to Hat Trick Shows
We use a trusted third party, SRO Audiences (https://www.sroaudiences.com/) to provide you with audience tickets to our shows. If you have signed up to receive tickets or news about live audience shows via SRO Audiences, SRO Audiences may use your information to provide you with details of upcoming shows or to send you tickets to a show.
SRO Audiences will not pass your information on to third parties. If you decide to withdraw your consent at any stage to SRO Audiences processing your information, you can “unsubscribe” by contacting SRO Audiences, details at https://www.sroaudiences.com/privacy-policy.asp.
6. How long will we keep your personal information?
We keep your personal data only for as long as we need it. How long this is depends on what we are using it for, whether that is for our own legitimate interests (examples given above), or so that we can comply with the law. We will actively review the information we hold and when there is no longer legal or business need for us to hold it, we will delete it securely.
7. How we protect your personal data
We use technical measures (such as encryption and password protection) to protect our systems and safeguard your personal data. We also use operational measures to protect the data, for example by limiting access to personal data to those persons in the Company on a strictly “need-to-know” basis only.
We are committed to keep these security measures under review to ensure we keep up to date with current best practice.
8. Sharing your personal data
In the business of making and selling content for television and radio it is necessary to share your personal data to limited categories of third parties, such as broadcasters, third party licensees of our content, or suppliers working on our shows. We will not share your personal information with any third parties without your consent (unless law or any court order requires us to do so). If we seek to use your data in a manner different to the purpose for which it was collected, then we will ask for your consent prior to such use.
We promise never to sell your personal data to a third party.
There are many different types of cookies each performing a different function, for example, by letting you navigate between pages efficiently for the duration of your visit only (a so-called ‘session cookie’); or, storing your preferences for a repeat visit (a so-called ‘persistent cookie’). Session Cookies are deleted from the user’s computer or mobile device when the user closes the browser. Persistent cookies are saved for a fixed period (usually a year or longer) and are not deleted with the closure of the browser.
Cookies may be dropped by the website you are visiting (‘first party cookies’) or by another website(s) which runs content on the page you are viewing (‘third party cookies’). For example, the website might use a third party analytics company who will set their own cookie to perform this service.
What cookies do we use? We use both session and persistent cookies to improve on your user-experience. In general, the cookies dropped by our website(s) perform the following functions:
2. Functionality cookies: We use functionality cookies to allow us to remember your preferences. For example, such cookies act to remember your username from your computer or mobile device so that you need not enter it every time you access our website. Other functionality cookies will permit and enable users to watch samples of our content online.
3. Performance cookies: Primarily we only use first party cookies, but from time-to-time we may use an analytic tool (such as Google Analytics) which enables us to build basic statistics. For example, statistics on how many people visit our website, and in what country users are based, page views, the technology people use to access the website, or, to ascertain functionality problems.
How to change your cookie settings: If you wish to alter your cookie settings, it is possible to block or disable some or all cookies that have already been set. Please be aware that in doing so, you might lose some of the functionality of the website. If you wish to limit or block web browser cookies which are set on your computer or mobile device then you can do this through your browser settings; the ‘Help’ function within your browser should tell you how.
Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers.
10. Sending data outside of the European Economic Area
We will only send data outside of the EEA if we are producing content in a country outside the EEA to which your personal data relates; or, we have licensed a programme in which your personal data appears; or, to comply with a legal duty.
If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA either by transferring the data to a country outside the EEA which has privacy laws at least as protective as those within the EEA; or, contracting the recipient of the data to protect the data to the same standards as required within the EEA.
11. Your Rights
You are entitled to copies of your personal data held by us and to request that we correct or delete such data. You can also restrict or object to the processing of your information.
If you gave us your consent to use your personal data, e.g. so that we can contact you about appearing in a programme, you can withdraw your consent. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can also object to our use of your personal data where we rely on our legitimate interests to do so.
When you get in touch, we will respond without undue delay and within one month. We may also ask you to verify your identity before we provide any information to you.
The information provided to you will be in a commonly used and easily readable format. There is no charge for most requests, but if you ask us to undertake an excessive task to identify your personal data we may ask you to pay a reasonable admin fee, taking into account the administrative costs of providing the information.
To exercise any of your rights, you can send an email to us at firstname.lastname@example.org or you can write to us at Chief Privacy Officer, 33 Oval Road, London NW1 7EA.