GDPR

FRESH FACE Model Management 
GDPR FAQ

General GDPR FAQs  

What is the GDPR?    

The GDPR is the European Union’s new data protection law. It replaces the Data Protection Directive („Directive”), which has been in effect since 1995. While the GDPR preserves many of the principles established in the Directive, it is a much more ambitious law. Among its most notable changes, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or analyze personal data.   

When will the GDPR come into effect?    

 The GDPR takes effect on May 25, 2018. Although the GDPR became law in April 2016, given the significant changes some organizations will need to make to align with the regulation, a two-year transition period was included.   

Who does GDPR apply to?    

The GDPR applies to companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU and that collect and analyze data tied to EU residents (personal data). The GDPR applies no matter where personal data is processed and imposes a wide range of requirements on organizations that collect or process personal data, including a requirement to comply with six key principles:   

Requiring transparency on the handling and use of personal data.    

Limiting personal data processing to specified, legitimate purposes.     

Limiting personal data collection and storage to intended purposes.    

Enabling individuals to correct or request deletion of their personal data.     

Limiting the storage of personally identifiable data for only as long as necessary for its intended purpose.     

Ensuring personal data is protected using appropriate security practices.   

Although the rules differ somewhat, the GDPR applies to organizations that collect and process data for their own purposes („controllers“) as well as to organizations that process data on behalf of others („processors“). In addition, unlike the current Data Protection Directive, both controllers and processors can be held accountable for failing to comply with GDPR.    

Does GDPR apply to Fresh Face site?   

To the extent  processes EU personal data, yes, GDPR applies to Fresh Face web site.      

What is personal data under the GDPR?   

 The definition of personal data is broad under the GDPR. It includes any information relating to an identified or identifiable natural person (‘data subject’). Under the law, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. If an identifier can be tied to a natural person, it is personal data for purposes of GDPR compliance.    

What are Processors and Controllers under GDPR?   

 A controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines purposes and means of the processing of personal data.    

 A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf and under the direction of the controller.    

Is Fresh Face a Processor or Controller under GDPR with respect to site?   

 Fresh Face makes numerous decisions about the purposes and means of processing personal data we collect directly from Fresh Face clients, including how we use the data we collect for our services.   For example, Fresh Face determines how data is stored and processed using the service including available data fields and the purpose and functionality behind the data (data casting form).  Therefore, under GDPR Fresh Face is a controller and not a processor of that data.     

Fresh Face site is delivered pursuant to the data protection policies and procedures as a data controller, including:       

Maintains appropriate processes to select, contract with, and monitor the data processing activities of vendors that process personal information on behalf of Fresh Face.  

To the extent you have questions about what this means for your business, we encourage our customers to work with a legally qualified professional to discuss GDPR, how it applies specifically to their organization, and how best to ensure compliance.       

What are the responsibilities of a Controller?   

A controller is directly responsible for complying with data protection laws. This includes requirements to:   

provide notice of processing to the data subject; confirm legitimacy and proportionality for the processing of personal information;   

assure that disclosures to third parties are made in accordance with appropriate contractual terms and otherwise in compliance with applicable law;   

establish adequate measures to protect the cross-border transfer of personal information outside the EU;

establish appropriate controls over processors who process personal information on the controller’s behalf, including:   

• assuring processors maintain appropriate security measures,
• confirming the engagement of sub-processors in compliance with applicable rules,
• assuring adequate protections for cross-border transfers.

Is Fresh Face website GDPR Compliant?   

Fresh Face site is committed to being GDPR compliant when enforcement begins on May 25, 2018.   

What terms apply to use of Fresh Face?   

The Fresh Face Terms of Use govern use of Fresh Face website.   

How does Fresh Face comply with Data Subject Rights?    

Fresh Face honors data subject rights through different means:  

Data subjects can access, correct, or delete their content via sending Fresh Face an inquery to info@freshface.eu.

PRIVACY POLICY

The administrators of your Personal Data is Ondřej Suk – Fresh Face model management & production, ID: 74829939, office Havlíčkova 15, 110 00 Prague.

1. DATA PROTECTION

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

2. THE PURPOSE OF DATA COLLECTION

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

3. YOUR RIGHTS REGARDING YOUR DATA

The User has the right to access, control and verify the data being processed, and to obtain information about the purpose, scope and method of processing the data contained in the file and requests to supplement, update, rectify personal data, temporarily or permanently suspend their processing, delete data, request for cessation processing of personal data.

4. THE PERIOD OF DATA PROCESSING

Gifted will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of contractual relationship with you and satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, Fresh Face considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which Fresh Face processes your personal data.

Consent: By using our website, you hereby consent to our Privacy Policy.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at info@freshface.eu.

We may update this policy from time to time by publishing a new version on our website. Please check this page for updates.

Information clause on personal data processing (including image data) of Fresh Face Models. 

1. The administrator (hereafter “the Administrator”) of your personal data is Mr. Ondřej Suk. You can contact the Administrator by sending a letter to: Fresh Face model management & production, Havlíčkova 15, 110 00 Prague, or by email at: info@freshface.eu

2. Your personal data is processed when:
3. processing is necessary for the performance of a contract to which you are party (in the case of you being underage – your guardian) or in order to take steps at your request prior to entering into a contract (article 6, subsection 1, point B of EU GDPR) or it is necessary for compliance with a legal obligation to which the Administrator is subject (article 6, subsection 1, point C of EU GDPR)
4. On the basis of Article 6 section 1, point F when processing is necessary for the purposes of the legitimate interests pursued by the Administrator or Fresh Face. The above includes:
5. Promotion of Administrator’s own products and services.
6. Promotion of products and services owned by other entities which cooperate with Fresh Face. In such a case, model’s personal data can be sent to a third party by the Administrator only.
7. Organisation of castings and model contests
8. Establishment, exercise or defence of legal claims
9. Analysis of the quality of provided services
10. Communication with models through mail, post, telephone, social media
11. Providing the Administrator with your personal details is voluntary, however, it is essential for the successful fulfilment of the contract. Your personal information is used only within the scope needed to achieve the abovementioned purposes.
12. On the basis of GDPR** Article 9 section 2, point A, Fresh Face processes special categories of personal data that is:
13. Name, surname
14. Outward measurements
15. Outward appearance (image) which is not processed by any special technical means allowing unique identification or authentication of a natural person or prove one’s ID. d) Phone number
16. Account number
17. Mail address
18. Residence address
19. Address of a tax office the model is assigned to
20. All information included in model’s ID card or travelling documents
21. Direct links to social media accounts
22. In order to fulfil the modelling contract and other agreements signed with Fresh Face’s partners, your personal data comprising name, surname, outward measurements and other characteristic features, or your appearance (image) may be processed by the Administrator and published in paper or electronically. This involves any form of publication on:
23. Company’s webpage
24. Company’s and Model’s social media
25. Google and Models.com business card
26. Internet news bulletins and trade magazines
27. Electronic and printed magazines
28. Internet, television, radio transmissions
29. Cultural events, shows, promo campaigns and other similar ventures where data is used as a reference to a model or presenter.
30. Third party’s webpages and social media portals which received Model’s personal data through an entity cooperating with Fresh Face.
31. Composite cards and brochures
32. Agency’s promotion materials (both printed and electronic)
33. Because of the extraterritorial scope of the Internet network your personal date may be processed in third party countries. Hence, your data may be accessed by an unlimited number of people in the world.
34. Your data will be stored no longer than is necessary, that is, for the duration of the contract or in order to secure possible legal claims appertaining to Fresh Face and comply with Administrator’s legal obligations (based on taxation and accounting system).
35. You have the right to request from the Administrator access to and rectification or erasure of personal data or restriction of processing concerning your data or to object to processing as well as the right to data portability. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point E or F of Article 6, subsection 1 of EU GDPR, including profiling* based on those provisions. The Administrator shall no longer process the personal data unless the Administrator demonstrates compelling, legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
36. With reference to your data being collected by the Administrator you have the right to lodge a complaint with a supervisory authority (The Inspector General for Personal Data Protection) if you considers that the processing of personal data relating to you infringes the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016)

10. Data processors that act on behalf of the Administrator (Fresh Face)
11. Fresh Face’s employees – regardless of the labour contract form
12. Business partners, partner agencies
13. Media (television, press)
14. Artists and task performers
15. Debt collection agencies
16. Law firms
17. Banks, carriers, post offices
18. Accounting offices
19. Insurers
20. Embassies and consulates
21. State institutions, bodies, offices and agencies which are allowed to process data in compliance to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016.
22. You will not be subject to a decision which would be based solely on automated processing. This also includes data profiling*.
23. The Administrator may send the data to international organizations or outside the UE territory. In such a case, strict security measures will be taken to protect the data and the information will be transferred in accordance with article 49, subsection 1, point A, B, C of EU GDPR. At the same time, the Administrator does not provide any safeguards presented in Article 46, including lack of standard data protection clauses adopted by the data recipient and no binding corporate rules in accordance with Article 47 of EU GDPR. Hence, there is a risk of insufficient personal data protection. You or your legal guardian – if you are underage will be informed about the risk of data transfer to the recipient country. In such a case, a separate agreement will be drawn to empower Fresh Face to send personal data to a third party country.

*Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Information clause for a model candidate 

According to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) we provide you with the following information:  

1. The administrator (hereafter “the Administrator”) of your personal data is Mr. Ondřej Suk. You can contact the Administrator by sending a letter to: Fresh Face model management & production, Havlíčkova 15, 110 00 Prague, or by email at: info@freshface.eu
2. The data is collected for the purpose of processing your application, both the current application and any possible future one. Providing the Administrator with your personal details is voluntary, however, it is essential for the application process to be successful.
3. Your personal information is only used within the scope needed to achieve the abovementioned purpose. The information may be shared with the following third-party recipients: web hosting service providers or other data processing entities hired by the Administrator, Administrator’s employees or other individuals authorised by the Administrator. Your data is not made accessible to any third parties apart from the aforesaid subjects and other subjects that are granted access to personal information by law.
4. The Administrator will not reveal or send any personal data collected during the application stage to any foreign country or international organisation.
5. Your data will be stored no longer than is necessary, that is, for the duration of the current application or any possible future one.
6. You have the right to:
7. Request access to your personal data, rectify it, erase it or limit access to it, object to processing the data, or transfer it.
8. Withhold already given consent. The withdrawal of the information has no effect on the data already processed, providing that the data was processed in accordance with the law.
9. With reference to your data being collected by the Administrator you have the right to lodge a complaint with a supervisory authority (The Inspector General for Personal Data Protection) if you consider that the processing of your personal data infringes the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016.
10. You will not be subject to a decision based solely on automated processing, including data profiling*.
11. Please do not fill in the form unless you are over 16 years old. In such a situation, please ask your parent or legal guardian to send your application for you. The application form should be sent by email and it needs to contain contact details to your parent or legal guardian.

*Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Information clause on personal data processing of Fresh Face’s business partners. 

1. With reference to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) we provide you with the following information:
2. We kindly inform you that the Administrator of your personal data is Mr. Ondřej Suk and Ms. Daniela Kestlerová who runs Fresh Face and that all information are processed according to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
3. You can contact the Administrator by sending a letter to: Fresh Face, Havlíčkova 15, 110 00 Prague, or by email at: info@freshface.eu

The Administrator has not designated a Data Protection Officer.

4. Your personal data is collected for the purpose of:
5. Entering and fulfilling sales agreements – including payments for the provided services.
6. Sending notifications of order status or the completion of a commission.
7. Recovering dues owned to the Fresh Face
8. Handling customer service and complaints
9. Adjusting product promotion to the needs of the clients
10. Sending business information
11. Contacting the contractor of a service (Model)
12. We can enumerate the following legal basis on which the data can be processed:

• the consent being given to the processing of your personal data for one or more specific purposes (article 6, subsection 1, point A of EU GDPR)
• the performance of the contract we have signed in order to take steps at the request of the data subject prior to entering into a contract (article 6, subsection 1, point B of EU GDPR)
• compliance with a legal obligation to which the Administrator is subject (article 6, subsection 1, point C of EU GDPR)
• the purposes of the legitimate interests pursued by the Administrator or by a third party (article 6, subsection 1, point F of EU GDPR). This involves:
• the need to offer the best quality services that are provided to the clients
• adjusting our services to meet our clients’ needs and expectations
• carrying out our marketing and promotions activities

6. Your personal data may be processed by other entities that co-work with the Administrator to achieve the goals stated in point 4 of the current clause. This may refer to:
7. Natural persons who work in advertising or modelling (models, Fresh Face’s employees)
8. Entities that provide legal services (law firms)
9. Entities that render logistic services (couriers, post)
10. Entities processing notifications of order execution status
11. Entities rendering advertising and marketing services
12. Entities dealing with accounting services (accounting offices)
13. All public administration units legally authorised to personal data processing.
14. Your personal data may be sent to third countries, outside the European Economic Area or to international organisations. In the majority of cases, data is transferred through such service provides as Facebook or Google. The above occurs only if processing is necessary for the performance of the contract and only within the scope specified in Article no 4 of this clause. 

• Your personal data will be processed by the Administrator for the period necessary to render the services or in other cases stated above.
• You have the right to
• request access to your personal data, rectify it, erase it or limit access to it, object to processing of the data, or transfer it.
• withdraw already given consent. The withdrawal of the information has no effect on the data already processed providing that the data was processed in accordance with the law.
• lodge a complaint with a supervisory authority (The Inspector General for Personal Data Protection) if you consider that the processing of your personal data relating infringes the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016)

10. You do not have any legal obligation to provide the Administrator with your personal data; however, you might be obliged to do so on the basis of separate provisions. If we are not given your consent to collect and use the data, we will be unable to render our services on your behalf; in particular, we will not be able to sign any contract with you.
11. You will not be subject to a decision which would be based solely on automated processing. This also includes data profiling*.

*Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.