Axis Productions Ltd and our subsidiary companies are committed to protecting your personal data and understand that the privacy and security of your personal information is extremely important. In this notice ‘Axis’ will refer to all group companies and subsidiaries detailed in the ‘Who We Are’ section.
This privacy notice explains why and how we collect and process your personal data. It relates to personal data you share directly with us, data shared by others on your behalf, through publicly held information, industry forums or subscription databases. Where a third party has shared your information with us, we trust that they have informed you about the use of your data.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we collect, hold and use personal data about you.
Personal data is defined as any information relating to an identified or identifiable natural living person - a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’.
Our Data Protection team is responsible for ensuring that this notice is made available to you or a third party acting on your behalf, prior to Axis collecting or processing your personal data. Our Data Protection team can be contacted at email@example.com. or in writing to Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
All Employees and Staff of Axis who interact with you as a data subject or with a third party acting on your behalf, are responsible for ensuring that this notice is drawn to your/their attention prior to any personal data being processed.
At Axis, we will always be transparent about how and why we collect and process your personal data.
Who we are
When we say ‘Axis’ or ‘we’ or ‘us’ or ‘our’, we are generally referring to Axis Productions Ltd who are Axis Studios and the separate legal entities that make up our group businesses.
Axis Productions Ltd is a limited company registered in Scotland SC306712. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Axis VFX Ltd is a limited company registered in Scotland SC466154. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Flaunt MH Ltd is a limited company registered in Scotland SC509584. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Flaunt PM Ltd is a limited company registered in Scotland SC543194. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Flaunt LG Ltd is a limited company registered in Scotland SC591909. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Axis HH Ltd is a limited company registered in Scotland SC572043. Registered Office: Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
Axis Studios Group and Axis Animation also form part of Axis Productions Ltd. It will also include other businesses we may add to Axis Productions Ltd in the future.
Why we collect and store your personal data
We collect, process and store personal data in relation to individuals, data subjects associated with businesses we work with, for our service suppliers, along with our industry contacts and individuals from other organisations.
Axis collects and stores personal data for a number of reasons, such as:
- When you contact us by email, telephone, post or social media to enquire about our services
- To understand your needs and how they may be met
- To provide you with specialist services and fulfill our contractual obligations as set out in our Terms and Conditions and/or Master Service Agreement.
- Where we provide services to our clients where you may be an employee, a subcontractor, a supplier or customer of our client
- To manage our relationship with you
- To verify identification where required
- To communicate with you by post, email or phone
- To maintain client and administration records
- To process financial transactions such as invoicing and payment processing
- To process funding applications
- To prevent and detect crime, fraud or corruption
- To meet legal, regulatory and ethical responsibilities
- To maintain accurate historical project records and reference
- To maintain secure access to our studios
We are committed to ensuring that the information we collect, use and store, is appropriate, is not excessive, is accurate and up to date, is not retained for longer than required and does not constitute an invasion of your privacy.
We may process your personal data as we are building our relationship with you, where we are entering into a bidding or contract process with you, where we are proposing to or have worked on joint projects with you, where we have or have previously held a contract or service agreement with your or where we have provided you with our services in the past.
We do this for the purposes of our own legitimate interests, or where a third party has a legitimate interest in processing your personal data, provided that those interests do not override any of your own interests, rights, and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent. In these circumstances, you also have the right to withdraw your consent at any time to processing for such specific purposes.
Where we may record video calls, we will notify you in advance, seek your consent to do so and process in accordance with the terms of this notice.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
What data and information do we hold
Axis collects and processes a range of information about you. Typically, we may hold:
- Names, addresses, personal and business contact details
- Specialist skills
- Tax status and VAT registration details
- Business interests and shareholdings
- Banking information to facilitate financial transactions between us
- Details of contact we have had with you in relation to the provision of, or the proposed provision of, our services
- Details of any services you have received from us
- Our correspondence and communications with you
- Information from research, surveys, and marketing activities
- Information we receive from other sources, such as publicly available information, the information provided by your employer or by our clients on your behalf
- Video recordings in connection with creative briefings, review and feedback sessions, QA sessions or team introductions
- CCTV footage and other information obtained through electronic means such as swipecard records
Who we share your information with
Internally: We will share data within Axis where required for business administrative purposes and for the provision of the specialist services you have requested from us.
Our Service Providers: We may pass your personal data on to third-party service providers contracted to Axis in order to provide you with the services you require and fulfill the contracts we have in place with you. Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use them only to fulfill the service they provide to you on our behalf. When they no longer need your data to fulfill this service, they will dispose of the details in line with Axis procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfillment of a contract we hold with you, unless we are legally required to do otherwise.
Other organisations and individuals: If required by law, or where we are asked to by a public or regulatory authority, such as Police or HMRC.
How long do we keep your data
We will retain your personal data for as long as necessary to fulfil the purposes for which it is collected. When assessing the retention period appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided
- any statutory or legal obligations
- the purposes for which we originally collected the personal data
- the lawful grounds on which we based our processing
- the types of personal data we have collected
- the amount and categories of your personal data and
- whether the purpose of the processing could reasonably be fulfilled by other means
- The software we use allows us to maintain your information on our customer relationship systems before, during and after the period when you are or have been a client. This information will also be maintained for any regulatory, legal and statutory periods and to maintain historical project records, even when you cease to be a client of Axis Productions Ltd.
We use Mailchimp to store our mailing lists and support our marketing communications. Where, based on our legitimate interests, you are already included in these mailing lists, you can unsubscribe at any time. Where you have given us your consent to be included in these mailing lists and receive marketing communications from us, you can withdraw this consent and unsubscribe from these communications at any time.
International transfers of your personal data
Personal Data we collect from you may be transferred and stored outside the EEA. Where your personal information is required to be sent outside the EEA we will ensure that any such transfers outside of the EEA are made subject to appropriate safeguards as required by the GDPR or any such data protection laws in force.
Your rights as a data subject
As a data subject, you have a number of rights. These include the right:
- To be informed about our Privacy Notice before we collect your personal data
- To have access to and request from us, a copy of the data we hold on you
- To ask us to update and change any incorrect or incomplete data
- To ask us to delete and erase your data in certain circumstances, for instance when we no longer require the information for the purpose for which it was obtained
- To ask us to restrict the processing of your personal data where certain conditions apply
- To ask us to transfer data which we hold data electronically about you to another organisation
- To request that decisions based on an electronic automated basis, where you have given your consent and where the decision can have a significant impact on you, can be reviewed by an individual and contested by you
- If you have queries any questions about how Axis collects, processes and stores your data or wish to exercise any of your ‘data subject’ rights, please contact firstname.lastname@example.org
At your request, Axis can confirm what information we hold about you and how it is processed. If you wish to make a subject access request, please email email@example.com
We hope that you will not need to complain about how your personal data is being processed by Axis or by third parties associated in delivering our services, or how your complaint has been handled. If you want to, you have the right to lodge a complaint directly with the supervisory authority and with Axis through our Data Protection Manager.
The details for each of these contacts are:
Data Protection Manager, Axis Productions Ltd, Suite 7.1, Skypark 1, 8 Elliot Place, Glasgow, G3 8EP.
UK Data Protection Regulator, The Information Commissioner’s Office (‘ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or email https://ico.org.uk/concerns/
We are serious about taking the appropriate measures to protect your personal data.
Our teams and service providers are all trained and contractually obligated to conform to confidentiality, data protection and security guidelines when they join Axis and this is revisited on a regular basis whilst working with us. We limit access to our studios to those who require access, using a secure access door entry system. We also review and adjust our policies and procedures, as required, to keep your data secure. We apply controls and access restrictions across all of our technology platforms and review these at regular intervals.
1.1 Axis Studios uses closed-circuit television (CCTV) and the images produced for lawful and legitimate interests to prevent breaches in staff NDAs or employment contracts or detect crime and to review the Studios server rooms and communal areas in order to provide a safe and secure environment for its staff, contents of project and visitors, and to prevent loss or damage to Axis property.
1.2 The system comprises of 7 fixed cameras, which are in operation 24 hours a day, 7 days a week.
1.3 The system does not have sound recording capability.
1.4 The CCTV system is operated and managed by a third-party service provider Skypark management and security. The CCTV system will be regularly maintained in accordance with the manufacturer’s instructions.
1.5 The CCTV can be reviewed from within the security room by Skypark management and security team. Security measures are in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes the fact that the CCTV hard drives are located in a secured server room and access to this room is only via a formal approval process. Password protection, technical access controls and the use of encryption are also technical protection measures. Access to the images is controlled by Skypark management and security. Skypark Management and security will regularly check and confirm the efficiency of the system, including that the equipment is properly recording, that the cameras are functional, that the time and date are correct and that that footage is being deleted or retained in accordance with this document.
1.6 The introduction of, or changes to, CCTV will be subject to Axis management and Skypark management agreement.
1.7 The CCTV is registered with the Information Commissioner under the terms of the Data Protection Act 2018. The use of CCTV, and the associated images are covered by the Data Protection Act 2018. This policy outlines Axis’s use of CCTV and how it complies with the Act.
1.8 All authorised operators and employees of Skypark with access to images are aware of
the procedures that need to be followed when accessing the recorded images.
Through this policy, all operators are made aware of their responsibilities in following the CCTV Code of Practice. The ‘Data Controller’, Malcolm McFetridge, Skypark Management will ensure that all employees are aware of the restrictions in relation to access to, and disclosure of, recorded images.
2 Statement of Intent, objectives
2.1 To increase the personal safety of our staff and visitors on site;
To support our health and safety measures;
To assist in identifying, apprehending and prosecuting any offenders on site;
To help protect the building and assets and those of its staff from intrusion, theft, vandalism, damage or disruption.
The legal basis for the use of any personal data which is captured by the CCTV system is that the processing is necessary for legitimate interests (provided that those interests are not overridden by individuals’ rights and interests). Axis may also need to use this personal data in order to establish, exercise or defend against legal claims.
Axis complies with the Information Commissioner’s Office (ICO) CCTV Code of Practice to ensure that CCTV is used responsibly and safeguards both trust and confidence in its continued use. The Code of Practice is published at:
https://ico.org.uk/media/1542/cctv-code-of-practice.pdf 2.2 CCTV warning signs are clearly and prominently placed at the main entrance of the Skypark building as well as on the doorway of each server room.
3 Siting the Cameras
3.1 Cameras are sited so that they only capture images relevant to the purposes for which they are installed and care will be taken to ensure that reasonable privacy expectations are not violated. Axis will ensure that the location of equipment is carefully considered to ensure that images captured to comply with the Data Protection Act 2018 and GDPR.
4 Storage and Retention of CCTV images
4.1 Recorded data will not be retained for longer than is necessary. The footage will automatically be deleted on a 90-day rolling basis, unless specific images are required to be retained in order to deal with an incident or in order to respond to a request by an individual. While retained, the integrity of the recordings will be maintained to ensure their evidential value and to protect the rights of the people whose images have been recorded.
4.2 All retained data will be stored securely at all times and permanently deleted as appropriate / required.
5 Access to data
5.1 Access to recorded images will be restricted to those staff authorised to view them, and will not be made more widely available.
6 Subject Access Requests
6.1 Individuals have the right to request access to CCTV footage relating to themselves under the Data Protection Act 2018 and GDPR.
6.2 All requests should be made in writing to The ‘Data Controller’ Malcolm McFetridge, Skypark Management. Individuals submitting requests for access will be asked to provide sufficient information to enable the footage relating to them to be identified. For example, date, time and location.
6.3 Skypark Management will respond to requests within 40 calendar days of receiving the written request and any fee. This is as per the ICO CCTV Code of Practice.
6.4 A fee of £10 may be charged per request. This is as per the ICO CCTV Code of Practice.
6.5 Skypark Management reserves the right to refuse access to CCTV footage where this would prejudice the legal rights of other individuals or jeopardise an on-going investigation.
7 Access to and Disclosure of Images to Third Parties
7.1 There will be no disclosure of recorded data to third parties other than to authorised personnel such as the Police and service providers to our clients where these would reasonably need access to the data (e.g. investigators).
7.2 Requests for images/data should be made in writing to The ‘Data Controller’ Malcolm McFetridge, Skypark Management.
7.3 The data may be used within the Axis’ discipline and grievance procedures as required, and will be subject to the usual confidentiality requirements and to the normal subject access requests.
8.1 Complaints and enquiries about the operation of CCTV should be directed to The ‘Data Controller’ Malcolm McFetridge, Skypark Management in the first instance.
Further information on CCTV and its use is available from the following:
CCTV Code of Practice Revised Edition 2017 (published by the Information Commissioners Office) Version 1.2 https://ico.org.uk/media/1542/cctv-code-of-practice.pdf
Regulation of Investigatory Powers Act (RIPA) 2000
Data Protection Act 2018