This is the privacy notice of Mezzo Studios Limited t/a Brawl Agency. In this document, "we", "our", or "us" refer to Brawl.
We are registered with the Information Commissioners Office (registration number ZA467711).
We are company number 3657947 registered in England and Wales.
Our registered office is at 24a North Grange Road, Leeds, West Yorkshire, England, LS6 2BR.
Individuals wishing to contact us about data protection issues may do so by writing to us at Brawl Agency, 24a North Grange Road, Leeds, West Yorkshire, England, LS6 2BR or by emailing us at email@example.com.
This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org.
What kinds of personal information we may hold about you
The personal information that we collect includes:
Basic information, such as your name (including name prefix or title), the company you work for, your title or position.
Contact information, such as your postal address, email address and phone number(s).
Where you are our client, we will collect information about your circumstances that have led to you wishing to use our services. We also keep records of your contact with us.
Technical information collected when you visit our website or digital or in relation to materials and communications we send to you electronically, which includes information about the type of device you are using, your IP address and geographic location, your operating system and version, browser type, the content you view and the search terms you enter.
Information you provide to us for the purposes of attending meetings and events we host, including access and dietary requirements.
What we do with personal data
We may use this personal data for the following purposes:
To send you relevant marketing communications about our services.
To undertake research and analysis.
For identity validation and fraud reduction.
To communicate with you in relation to the provision of services by us.
To enable us, our clients or other suppliers of ours or our clients to communicate with you in relation to the provision of goods or services by you or the person that you work for.
To enable you and any other relevant individuals to be invited to, and to attend, the event and to facilitate your attendance (for example, dietary or special access requirements).
If you are a public official, otherwise act in official capacity, work for a public body, are a journalist or otherwise involved in the media and we need to contact you in the course of providing public relations or related services for our clients.
To understand how people use our website so that we can make it more intuitive.
The lawful basis on which we rely are
Contract: processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our clients/suppliers in connection with the performance of a contract.
Legal obligation: this applies where we need to collect and use your personal information to comply with applicable laws and regulatory requirements.
Consent: we may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us at firstname.lastname@example.org.
Legitimate interests: Mezzo Studios Limited uses and shares personal data based on its legitimate commercial interests. The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.
Who we share your information with
We will never share your personal information to any third parties except where it is necessary for us to provide our services to and on behalf of you. This includes:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If Mezzo Studios limited are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
How we obtain data about you
The personal data we have comes from various sources.
You give us your personal information directly, when you engage with us, including via our websites or digital media channels.
We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests.
We obtain contact details and other information from our business contacts.
We collect data from public information sources such as telephone directories, social media, the internet and news articles, and occasionally buy marketing lists of business contacts.
We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications. For information about our use of tracking devices and cookies, please refer to our Cookies policy.
Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
Data may be processed outside the European Union
Our websites are hosted in United Kingdom and Ireland.
We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business.
Accordingly, data obtained within the UK or any other country could be processed outside the European Union.
For example, some of the software our website uses may have been developed in the United States of America or in Australia.
We use the following safeguards with respect to data transferred outside the European Union:
The processor is within the same corporate group as our business or organisation and abides by the same binding corporate rules regarding data processing.
The data protection clauses in our contracts with data processors include transfer clauses written by or approved by a supervisory authority in the European Union.
We comply with a code of conduct approved by a supervisory authority in the European Union.
We are certified under an approved certification mechanism as provided for in the GDPR.
Both our organisation and the processor are public authorities between whom there is either a legally binding agreement or administrative arrangements approved by a supervisory authority in the European Union relating to protection of your information.
The right of access: you can contact us to request details about the information we hold about you, why we have it, who has access to it and where we got the information.
The right to rectification: If any data we hold about you is out of date or incorrect, let us know and we will update it.
The right to erasure: you have a right to request we delete any data we hold about you. When you request that we delete your data we will contact you to confirm that it has been deleted or advising of any legal reason we cannot delete your data.
The right to restrict processing: You have the right to request that we stop processing your data. When you request this, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.
The right to data portability: You have the right to request that we transfer your data to another controller. When you request this, we will make reasonable attempts to do so.
The right to object: you have the right to object to the storage and usage of your data.
Rights in relation to automated decision making and profiling: You have the right to request that we stop profiling you in relation to our direct marketing practice. You can inform us and we will deal with your request accordingly.
We will respond to all requests as soon as is feasible, without undue delay and within 30 days from receiving your request.
How you can complain
If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
To provide you with the services you have requested.
To comply with other law, including for the period demanded by our tax authorities.
To support a claim or defence in court.
Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.