GDPR & Privacy Shield Notice
Effective Date: April 8th, 2019
Controller Disclosure & Details: We, along with Starpower Limited, are a data controller of personal data regarding the following categories of EEA Individuals: Prospective/current clients (“Business Contacts”), such as brands and agencies, visitors to our Site (“Site Visitors”), and talent (“Talent”), such as influencers and celebrities, for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Business Contacts using the Site are also Site Visitors).
|Data Subject Category||Purpose & Legal Basis of Processing|
|General (applies to all data subjects below)||Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Site and Platform usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs on the Site and Platform.|
|Business Contacts||Executing Contracts and other Legal Documentation: We process personal data related to Business Contacts as necessary for the performance of contracts to which Business Contacts are a party or to take requested steps to enter into such contracts. General Business Development: Our legitimate interest in furthering business relationships (such as by storing Business Contact information within a CRM or other file, including within email provider), ensuring customer satisfaction, and answering inquiries.|
|Site Visitors||Audience Measurement and Retargeting: Our legitimate interest in use of Google Analytics to understand how Site Visitors interact with the Site and where such Site Visitors are located (up to city-level only) in order to optimize the Site experience. Note that the last octets of Site Visitors’ IP Addresses have been anonymized and ‘Sharing With Google’ and ‘Demographics/Advertising’ features have been disabled within Google Analytics.|
|Talent||Executing Contracts and other Legal Documentation: We process personal data related to Talent as necessary for the performance of contracts to which Talent are a party or to take requested steps to enter into such contracts. Talent Casting: Our, our Business Contacts’, and Talent’s, legitimate interest in researching Talent profiles based primarily on information in the public domain or disclosed from their authorized agency representative, for the purposes of creating engagement opportunities for such Talent. For the former, we primarily query the databases of online market research subscriptions such as Traackr, Centaur Media, E-Score, and IMDB Pro. This includes the following categories of personal data: professional/personal background information (e.g., contact address, phone number, interests, industry involvement), data concerning health or political opinions (where made public), current and upcoming projects and brand partnerships, talent analytics (E-Score, engagement metrics on social media), and philanthropic efforts. Engagements: Our, our Business Contacts’, and Talent’s, legitimate interest in carrying out engagements with Talent (e.g., marketing campaigns on behalf of Business Contacts). This usually includes an analysis of metrics related to such campaigns, on-site Talent management, and day-to-day logistics and collaboration between the parties. General Business Development: Our legitimate interest in furthering business relationships (such as by storing Talent information within a CRM or other file, including within email provider), ensuring Talent satisfaction, and answering inquiries.|
Recipients: Starpower personnel, including those within our affiliate, Starpower Limited, shall receive and process your personal data for the purposes described herein, and facilitate transfers of such data between Business Contacts and Talent as needed. Such personal data is also disclosed to the following recipients to effectuate the purposes described herein:
- CHIPS (US): Cloud-based storage provider
- Salesforce (US): Customer relationship management
Retention: Please see below for our general retention periods. Please note that the below retention periods may be extended or shortened, as appropriate, based on the context of our relationship with an EEA Individual (e.g., negotiations for a sale), and for compliance with legal obligations (e.g., accounting, finances, tax).
Emails and related information within our network will be retained at the latest for 3 years and then archived for 10 years, at which point it will be deleted (subject to any earlier deletion requests). However, emails of the Starpower founders shall be retained at their discretion based on their business needs (e.g., oversight, records, client management).
Personal data relating to contractual and other legal documentation, such as with Business Contacts or Talent, will be retained permanently.
Google Analytics data will be retained for 14 months from the date of receipt.
Your GDPR Rights: As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting: email@example.com with the subject line “GDPR Notice.”
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Starpower’s Standard Contractual Clauses.
Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes. In such case, your personal data will no longer be used for that purpose.
Transfer of Personal Data outside the EEA: We are self-certified under the EU-US and Swiss-US Privacy Shield for appropriate transfer of your personal data, such as to our US data centers, pursuant to Article 45(1); in these instances, you may have specific rights under the Privacy Shield (see E.U.-U.S. and Swiss-U.S. Privacy Shield Notice below). We may also rely on a derogation pursuant to Article 49(1)(b) or Article 49(1)(c) for limited transfers of Talent data to/within third countries when facilitating agreements between (a) us and Talent and (b) agreements between Talent and Business Contacts, respectively.
Disclosure to Public Authorities: Starpower may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.
Updates to this GDPR Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.
How to Contact Us: Please reach out to firstname.lastname@example.org for any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”