Aros

Terms & Conditions

2.0

About This Policy

This policy applies to all individuals working for Aros at all levels, including directors, senior managers, staff, consultants, agency staff, agents or any other person associated with us wherever located.

The types of personal data that Aros may be required to handle include information about current, past and prospective employees, clients, suppliers, users of its website and others that Aros communicates with.

The personal data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the General Data Protection Regulation 2016 (GDPR) and other regulations.

It is Aros’ policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.

This policy and any other documents referred to in it sets out the basis on which Aros will process any personal data it collects from data subjects, or that is provided to Aros by data subjects or other sources. It also sets out rules on data protection and the legal conditions that must be satisfied when Aros obtains, handles, processes, transfers and stores personal data.

Anyone processing personal data on behalf of Aros must only do so as instructed and in accordance with this policy and any other policy or procedure designed to ensure our compliance with our legal obligations.

3.0

Definition of Data Protection Terms

Data is the information which is stored electronically, on a computer or in certain paper-based filing systems.

Data Subjects for the purpose of this policy include all living individuals about whom Aros hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information. In Aros, data subjects include current, past and prospective employees, suppliers, contractors and clients.

Personal Data means data relating to a living individual who can be identified from that data (or from that data and other information in Aros’ possession). Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions or behaviour.

Data Controllers are the people who, or organisations which, determine the purposes for which, and the manner in which, any personal data is processed. They are responsible for establishing practices and policies in line with regulation. Aros is the data controller of all personal data used in its business for its own commercial purposes.

Data Users are those Aros employees whose work involves handling (‘processing’ in Data Protection terms) personal data. Data users must protect the data they handle in accordance with this data protection and any applicable data security procedures at all times. Data users are likely to include people in ‘Administration’ roles (including studio management, finance, senior management and Directors).

Data Processors include any person or organisation that is not a data user that processes personal data on Aros’ behalf and on Aros’ instructions e.g. IT support, pensions, accountants, health insurance brokers

Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.

Sensitive Personal Data includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any such court in such proceedings. Sensitive personal data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.