DOBEDO REPRESENTS
PRIVACY & DATA POLICY
In this document (“Privacy Policy”) DoBeDo Represents (“DBDR”), acting by its owner/s as otherwise identified in this website and business communications, explains how DBDR uses data and handles privacy and why and how DBDR collects and uses information. DBDR also covers the choices available to you in accordance with your rights and its obligations. This document reflects the Privacy Policy as from 1 March 2020 and as reviewed and updated from time to time. “You” means anyone reading or given access to this document, who may be a client (or customer), prospective client, a business interaction party, or visitor to the website.
DBDR is an international business with separate company offices in New York and London providing photographer and audio-visual agency services and arts events promotion to those clients with whom it enters into contracts as such, and other parties within the cultural and commercial sectors. In referring to “Services” or DBDR’s activities we are referring to our day-to-day business in those sectors, including in meeting the needs of existing and prospective clients, those it communicates and interacts with for its business purpose, and the need for maintenance of books and records.
DBDR complies with requirements of privacy and confidentiality, and with applicable data protection legislation relating to the rights of data subjects, including the EU General Data Protection Regulation, or GDPR, effective 25 May 2018, the Data Protection Act 2018, and relevant applicable federal and state law and regulation in the United States of America, including the California Consumer Privacy Act 2018. DBDR acknowledges that territorials provisions protecting the rights of data subjects may overlap in certain instances.
DBDR’s owner/s determine data management practices and safeguards according to the above stated purposes and are controllers of all relevant information along with legally and regulatory compliant data processors. DBDR’s guiding principle is only to use information fairly and for the bona fide purposes of its business doing so at all times with regard to the consent obtained from you and your instructions in relation to the use of information and subject to rights of data subjects.
A Information which DBDR may hold or retain
A1 Customer Data
- Information which you supply to DBDR in the exercise of your choice to do so for the purposes of enquiry or contract, which may include certain information which DBDR requests, which may be compulsory or not. In general, compulsory information is oriented towards establishing a proper basis for contractual relations, for example, as to client or contact identity, address (necessary for financial processing and also delivery), usual contact information, including email and at least one active telephone number, and necessary age particulars, and non-compulsory information is oriented to DBDR’s better understanding client needs and preferences including, where the client wishes it, marketing communications – all of this is “Customer Data”.
- In so far as a unique customer account is allocated to you, which is always the case once a transaction arises between us, the Customer Data will be retained as long as the account is active, and if it is closed, for such period as may be required by law, or as DBDR determines to be reasonable and appropriate. As a matter of policy DBDR presently retains information relating to its business for 8 years from last activity or communication (which may or may not have involved data processing).
- You should be aware that all businesses may be required in specified circumstances to report to the police or other relevant authorities’ activities regarded to be criminal, otherwise unlawful or potentially so, including in relation to so-called identify fraud, and that your rights and DBDR’s obligations to you in respect of Customer Data or otherwise, may be subject to and overridden by public interest and our obligation to comply with the investigations and enquiries of proper authorities.
- DBDR will only hold Customer Data which you provide with your consent. DBDR may reasonably assume consent on a continuing basis where you engage DBDR and the engagement has not been terminated.
- For the purposes of the proper running and administration of DBDR’s business, including accounting, it may handle, including via a data processor, the following “Other Information”:
- Information necessary for the creation and maintenance of a client or trade partner account. In addition to Customer Data, this might include password and security information;
- Information relating to work undertaken specific to a client, e.g. time/task recording;
- Financial information relating to retainer, invoicing and payment. DBDR may collect and store billing address and credit card information but only in compliance with applicable legislation or regulation and with your permission;
- Information relating to visits to DBDR’s web services and other activities connected with the Services. This may include information about how you are accessing and using the DBDR website and the Services, including past work, administrative and support communications, including in respect of any complaints, and how you engage with features, content, and any links, and what integrations and embeds you use (in so far as DBDR operates them);
- Contact information, including any you elect to share with us by way of any application (e.g. by way of so-called “sharing”);
- Log data. This is information compiled, for example, whenever you visit a website, or your mobile app sends and receives data as you use it. This log data may include your so-called Internet Protocol address, the address of the web page or pages you visited before accessing DBDR’s Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data. This list is not exhaustive;
- Device information. Information may be collected about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether some or all of this information is collected often depends on what type of device you are using and its settings;
- Geo-location information. Precise GPS location from mobile devices is collected only with your permission. Wi-Fi and IP addresses received from your browser or device may be used to determine approximate location;
- Services integrations. If, when using the Services, you integrate with a third-party service, that service may connect to DBDR’s service. The third-party provider of the integration may share certain information about your account with DBDR. We do not receive or store your passwords for any of these third-party services. Any such third-party services will be clearly flagged and identified as such (e.g. Dropbox);
- Third-party data. DBDR may also receive information from our trading partners, or others that we use to make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which zip codes, or it might be more specific information, such as about how well an online marketing or email campaign performed;
- In respect of Other Information, DBDR will always respect such rights as you may exercise to block, restrict or manage information as set out above, including by way of settings in your relevant device/s.
A2 Cookies
““Cookies” are small items of data sent from a website and stored locally on a user's computer by the user's web browser whilst the user is browsing. They may be retained if not cleared or blocked. They make “tailoring” of web-activity possible in storing reference data particular to a user. DBDR may use cookies and similar technologies to provide and support its website and Services in accordance with this Privacy Policy, subject always to your rights under the GDPR. The only cookies set by the DBDR website and associated domain are essential functional cookies falling under the ‘strictly necessary’ exemption. DBDR will only make use of other cookies with the consents that you are asked to give prior to their use. These consents may have options for opting in or out of different cookies, and may be given on a continuing basis, but you may change your preferences at any time.
B How we use your information
DBDR uses your information to provide, maintain and improve the Services and in protecting, enhancing and administering its business. This may include the use of data through selective surveys and other research to analyse and understand how DBDR Services are being used and our products seen in terms of quality and customer satisfaction;
B1 Customer Data
DBDR accesses and makes reasonable use of Customer Data in accordance with the terms of a customer’s consent and instructions, and applicable terms and conditions, in order to (a) provide, maintain and improve the Services, (b) address service, security, technical issues or in accordance with a customer’s request for assistance or support, or in addressing any grievance or complaint (c) comply with the law or any lawful data request or instruction and (d) to service any matter arising from DBDR’s terms and conditions from time to time in accordance with them. This DBDR does in accordance with its statutory and contractual security and confidentiality obligations.
B2 Other Information
DBDR uses Other Information for the following purposes, to:
- To communicate with you and other parties by for example:
- Responding to your requests, if you contact DBDR with a problem, query or question, DBDR will use available information, including any you give, to respond;
- Sending emails and messages. DBDR may send you Services and administrative emails and messages. DBDR may also contact you to inform you about changes in the Services, its Service offerings, and important notices related to the Service and the website, such as in relation to security, fraud and data breach. These emails and messages are an essential part of the Services and our mutual interests and you may not opt-out of them other than by terminating DBDR’s contract. DBDR occasionally may send emails about new product features or other news about its business. You may opt out of these at any time;
- Manage billing and account systems and records. DBDR uses account data, including typical professional services supply and project management software packages to administer accounts, client projects and to keep track of billing and payments;
- Conduct marketing exercises – you may opt out of these at any time;
- Investigate and prevent abuse and security breaches;
- This Privacy Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable customer or other data subject – in other words information which is a general nature and not specific to your identity or Customer Data.
C Your Choices
C1 Customer Data
Subject to retaining information necessary to maintain an active client account, DBDR will always respect your wishes in relation to Customer Data. DBDR has only basic and simple records, so there is no self-management of your customer profile. You may always elect to close your account or advise DBDR by email, telephone or through the ‘CONTACT’ page as to your particular requests or instructions.
C2 Other Methods for Choice
Many browsers have functions which provide you with privacy, security and control tools, for example in relation to cookies and other aspects of data storage. Your mobile device will include a broad range of settings options for you tailor what the device and your use of it may reveal to other parties, for example, location data and notifications. These controls are not within our remit or control and are matters of your preferred use of options available to you in your particular devices operating systems and installed apps. If we offer any mobile device app, it will be subject to this Privacy & Data Policy.
C3 Other information
If you have any questions about our use of Other Information you may contact DBDR at any time with your enquiry.
D Sharing and Disclosure
On occasion information described in this Data Policy may be shared by DBDR.
D1 Customer Data
DBDR may share Customer Data in accordance with any agreement with any client and the client’s instructions, and this may be with third party service providers and agents. DBDR may engage third party companies or individuals to process Customer Data on its behalf. DBDR may combine with other businesses and partners in conducting business and delivering services. DBDR may for the purposes of its business and in servicing clients integrate elements into its platforms and client resources, which may include integrations added by a client or by someone else with the client’s consent.
DBDR does not assume responsibility for and has no liability in respect of the use of third parties of information which is not gathered directly from DBDR or which is provided by the choice of the client or other relevant business partner.
D2 Other Information
DBDR may share Other Information in the lawful operation of its business, and for purposes of assessment and review of quality control and performance indicators and in order to resolve any issue or controversy that arises between DBDR and a client or otherwise in connection with or because of our business. DBDR may use third parties to process and analyze Other Information.
D3 Other Disclosures
Below are examples of when DBDR may otherwise disclose Customer Data and Other Information which may occur:
- During changes to DBDR’s business structure, for example if it engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, financing, acquisition of all or a portion of its business, a similar transaction or proceeding, or steps in contemplation of such activities (including so-called “due diligence”);
- To comply with applicable laws and regulations or to confirm to any code of practice or conduct to which the firm is subject, including in relation to proper and valid requests for disclosure, or the requirements of a court order, or police or other authority’s investigation;
- To enforce DBDR’s rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of DBDR or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud;
- In the case of aggregated or de-identified information, then for any purpose. For example, DBDR may share aggregated or de-identified information for bona fide business or research purposes.
E General Policies / Further information
E1 Security
DBDR takes security seriously and has appropriate and up to date systems to protect information you provide to us from loss, misuse, and unauthorized access or disclosure and ensures the same is the case with its own service providers. These systems take into account the sensitivity of the information we collect, process and store, and the current state of available technology having regard to the nature, size and scale of DBDR’s business from time to time. Details of DBDR’s prevailing security practices may be requested at any time by any party entitled to make such a request.
E2 Under-age
As a business affairs service, DBDR will only enter into client relations with persons over the age of 18 at the relevant point of contract, unless the lawful parent/s or guardian/s with appropriate authority confirm otherwise and provide all required GDPR-compliant consents. For this reason, DBDR will neither hold nor process any information relating to such persons other than on the same basis. In the event that DBDR discovers that any account has been opened with it in breach of this Privacy Policy, DBDR will take appropriate steps, including in respect of safeguarding and closure of the account.
E3 Changes to this Privacy Policy
DBDR may change this Privacy Policy from time to time, and if it does so it will post any changes on this page. If you use the Services or deal with DBDR after those changes are in effect, you will be deemed to have agreed to and accepted the revised policy.
E4 Third Parties / Tracking
Subject to the information set out above, DBDR gives notice of the following effective as of the date of this policy:
- For the purposes of website e-mail sign-ups, DBDR uses an embedded Mailchimp form, which sends data direct to Mailchimp. We don't handle any of data on our server. Mailchimp operates under the EU-USA Privacy Shield and in accordance with [Mailchimp's own privacy policy].
- DBDR uses Vimeo and YouTube embeds on the website, both of which third party services set their own cookies and operate in accordance with their respective privacy policy: [Vimeo privacy policy] / [YouTube policies].
- DBDR does not use Google Analytics or any analytics software. There are no tracking scripts involved in our website code and we don't track IP addresses on the backend server.
- The DBDR website and server do not directly handle or store any other data.
E5 More questions?
Please also feel free to contact DBDR if you have any questions about this Privacy Policy or DBDR companies' associated practices. Contact details are as follows, in each case please address your enquiry to the Data Manager: datamanager@dobedo.agency
USA & rest of the world: DoBeDo Represents Inc. 103 East Broadway, 1st Floor, New York, NY 10002, USA.
In the UK and EU: DoBeDo Represents Ltd. 7 Atlas Mews, Off Gamsgate Street, London SE8 2NE, UK.
E-mail (global): datamanager@dobedo.agency
Reviewed and updated January 2024.