top of page
desk.png

Privacy Policy & Data Protection Notice

Introduction

At Twelve, safeguarding Your Data is Our Priority

We are committed to protecting the privacy and security of your personal information. As part of our dedication to maintaining the highest standards, we want to assure you that

  • Your Data is Secure: We employ robust security measures to safeguard your personal information against unauthorised access, loss, or misuse.

  • We Don't Sell Your Data: We value your trust, and as a responsible organisation, we pledge not to sell, trade, or share your data with third parties without your explicit consent.

  • Transparency is at the core of our values. If you have any questions or concerns about our data protection policies and practices, please don't hesitate to contact us. Our team is always here to provide you with the information and assistance you need

Who We Are

Twelve acts as a data controller for the personal data we collect and process. We manage models, clients, staff, and applicants, and we work with trusted third-party processors who provide IT support, hosting, and related services.

2. Data we collect

We collect personal data that is necessary for our operations as a talent management agency. This includes, but is not limited to:

  • Identification and contact information (name, email, phone, address)

  • Model portfolios, photographs, and media

  • Client and booking information

  • Financial and payment data

  • Employment and contractor records

  • Social media and online profile information

  • Technical and website usage data (such as IP address and browser information)

3. How we use Personal Data

We process personal data for the following purposes:

  • Assessing and representing models and talent

  • Managing client bookings and communications

  • Maintaining portfolios, contracts, and records

  • Processing payments and complying with financial obligations

  • Promoting talent and brand activity through marketing and social media

  • Maintaining website functionality and security

Our lawful bases for processing include contractual necessity, legitimate interests, and legal obligations. 

4. Security and Data Protection 

We use appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access. These include:

  • Multi-factor authentication for staff and administrator accounts

  • Encryption of devices and secure off-site backups

  • Restricted and logged access for authorised personnel and service providers

  • Regular system monitoring, maintenance, and patching

  • Periodic review and testing of our security controls

Our security framework aligns with recognised UK standards, including the Cyber Essentials scheme. All third-party service providers (for example, IT support or website hosting) are bound by Data Processing Agreements (DPAs) requiring equivalent safeguards.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or business requirements. Certain records may be kept for extended periods where required for legitimate business or legal reasons.

Model and talent data, for the purpose of Managing representation, maintaining portfolio history, protecting usage rights, and responding to commercial or legal enquiries. Retained for as long as necessary to manage representation and protect legitimate business interests. Data is reviewed periodically to ensure it remains relevant.

Applications for representation, for the purpose of Assessing suitability for representation. If not successful, data is automatically deleted from our systems after 30 days. Successful applicants’ data becomes part of the model record and follows that retention schedule.

Client and booking data, for the purpose of Managing bookings, contracts, invoicing, and client relationships. Retained for the duration of the business relationship and as long as necessary to meet contractual, financial, and legal requirements.

Financial and accounting records, for the purpose of Fulfilling legal and tax obligations, payment processing, and business continuity. Retained in accordance with UK tax and accounting rules and for as long as required for legitimate business or legal reasons.

Social media and online content, for the purpose of Scouting, promotion, marketing, and public engagement across social platforms. Retained for Content and related data remain online while relevant to representation or brand promotion. Data hosted on third-party platforms may persist according to those platforms’ own retention policies. Storm reviews hosted content periodically for relevance.

Website and technical data, for the purpose of Ensuring website security, analytics, and performance monitoring. Retained for short operational periods unless required for security or diagnostic purposes.

6. Data Sharing 

We may share limited personal data with trusted service providers who assist us in operating our IT systems, communications, and business processes. All such providers act on our documented instructions and are bound by confidentiality and data protection agreements. 

7. Data Subject Rights

You have the right to:

  • Access and obtain a copy of your personal data

  • Request correction or deletion

  • Restrict or object to processing

  • Withdraw consent (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us at compliance@twelvemanagement.co.uk

8. Data Breaches 

If a personal data breach occurs, we will investigate promptly and, where required, notify the ICO and affected individuals within 72 hours as required by law.

9. Updates to this Notice

We review this notice regularly and will update it if our practices or legal obligations change. 

bottom of page