PRIVACY INFORMATION NOTICE ACCORDING TO ART. 13 (EU) REGULATION 2016/679
In compliance with the UK Data Protection Laws (Data Protection Act 2018 and UK GDPR), this information notice describes the means and purposes of processing of personal data of users who navigate in the webpage of Elite Model Management London hosted on the website elitemodelmanagement.com (hereinafter “Webpage”).
The information here provided do not concern other websites, webpages or online services which could be accessed through links from this Webpage.
The Controller of personal data processing is Elite Model Management London, with its registered offices located in Burleigh House, 355 Strand, London (hereinafter referred to as the “Company” o “Data Controller”).
TYPOLOGY OF DATA PROCESSED AND PURPOSES OF PROCESSING
IT systems and the software installed for the functioning of this Webpage collect, in the course of their normal use, some personal data which transmission is implicit in the usage of Internet communication protocols.
In this category of data are comprised the IP addresses, domain name system, Uniform Resource Identifier/Locator of the requested resources, the hour of the request, the method used to submit the request to the server, the size of file obtained as reply, the numbering code which indicates the status of the reply given by the server (success, error, etc.) and other information relating to the operating system and the IT environment of the user.
Such data are processed to ensure the navigation on the Webpage and the usage of services possibly provided through the Webpage.
Data provided by the user
The optional and voluntary sending of messages to the contact addresses of the Company and the filling of online forms and their subsequent submission entail the processing of contact data of the sender and all data contained in the message, which are essential in order for the Controller to reply.
Cookies and other tracking systems
LEGAL BASE OF THE PROCESSING
Navigation data collected through the Webpage is processed by the Controller to enable the navigation on the Webpage.
Data provided on a voluntary basis by sending messages to the contact addresses of the Company will be processed by the Controller to reply to the request of the user.
Furthermore, the Controller processes the personal data collected from the Webpage to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems: this constitutes a legitimate interest of the Controller.
For all cases in which the Controller intends to process personal data for marketing purposes or to create profiles based on the interests expressed by the user in the course of browsing the Webpage, we will ask the user's prior free and specific consent, which the user is free to revoke at any time by sending an email to:
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data will be processed by the individuals expressly authorized by the Controller, who pertain to the business units: information technology, business development, and any other Company unit which acts on the basis of the Controller’s instructions regarding purposes and means of processing strictly connected to the information presented in the Webpage.
Finally, if necessary for the mentioned purposes, personal data could be communicated to and/or shared with third parties such as providers of goods and services, including technical services, hosting providers, information technology companies, commercial partners, and public authorities.
TRANSFER OF PERSONAL DATA TOWARDS THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Controller does not intend to transfer personal data towards international organizations and/or countries not members of the European Union where an adequate level of protection is not ensured, according to the European laws; if a transfer is made, it shall be made for the implementation of contractual or pre-contractual measures taken following a users’ request, or as long as the transfer is necessary to ascertain, exercise or defend a right before judiciary authorities or if you have explicitly provided your consent to the transfer.
In case of possible further transfers of your personal data, the Controller will carry out such transfers only:
- towards Third Countries, one or more specific sectors within a Third Country or international organisations for which the European Commission deems that an adequate level of protection of personal data is in place; or
- if the recipient of the data obtained an appropriate certification or adhered to a specific code of conduct ensuring that the processing of personal data is carried out with safeguards which are appropriate and equal to those provided under EU law; or
- if the Company implemented appropriate safeguards to protect your personal data, by concluding contracts including the so-called Model Clauses, as prepared by the European Commission or prepared by the national Data Protection Authority and approved by the European Commission.
Further information about the safeguards adopted by the Company for such transfers can be requested by email at email@example.com.
DATA RETENTION PERIOD
The Controller will process personal data collected to allow navigation on the Webpage until the end of the connection session, and for the time necessary to comply with the legal obligation and/or to defend or exercise a right in court. Personal data provided on a voluntary basis by the user through sending messages to the contract addresses of the Company shall be retained by the Controller for the time necessary to reply to such messages and for the additional time to comply with legal obligations and/or to defend a right in court.
NATURE OF THE COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF THE FAILURE TO COMMUNICATE DATA
RIGHTS OF THE USERS
The Controller makes sure that the user can exercise at any time his/her rights provided by the GDPR by writing to the Data Protection Officer at firstname.lastname@example.org.
More in detail, the user has the right, at any time, to:
- Know if the Controller stores/processes personal data relating to him/her, and if so, have access to them and obtain a copy of such data (right of access);
- Obtain the rectification of data, if they are incorrect, or supplement them (right of rectification);
- Obtain the erasure of such data under the conditions set forth by the UK GDPR (right of erasure);
- Request to the Controller to restrict the processing only to certain categories of personal data, if any of the conditions set forth by the UK GDPR is met (right of restriction of the processing);
- Request and receive personal data concerning him/her in a structured format, or to have such data transmitted to another controller (right to data portability) in the conditions set out by the applicable law;
- Object at any time to the processing of his/her personal data (right to object);
Notwithstanding any other administrative and judicial right of action, after having contacted the Controller, the user has the right to lodge a complaint to the competent administrative authority if (s)he considers that the processing of personal data regarding him/her is in contrast with the provisions of the UK GDPR. The British Data Protection Authority can be contacted through the website ico.org.uk.
Last revised: December 7, 2022