Reason for this Policy
policy is to ensure that personal information gathered and retained by us from
individuals are kept safe and secure and in a manner that is transparent to the
subject of that information.
Introduction Policy Scope
DJ Frames Entertainments has appointed
Neil Rookes as the Head of Data Protection.
We have adopted a risk-based approach
to data protection, whereby our policies and procedures only cover those areas
which apply to our use of personal data. For example, as we currently do not
use automated decision making or profiling, we do not have a policy on meeting
the rights of data subjects with regard to automated decision making or
individual from whom we obtain personal information/data.
entity on whose behalf data is being processed. The data is obtained from the
Data Controller. In most cases DJ Frames Entertainments is the Data Controller.
person/entity who processes the data under instructions of the Data
data includes any information related to a person that can be used to directly
or indirectly identify the person. Such data includes, but is not limited to:
Financial account details
also referred to as ‘data subjects’, have:
the right to be informed;
the right of access;
the right to rectification;
the right to erasure, sometimes referred to as
the ‘right to be forgotten’;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated
decision-making including profiling.
obligations in respect of personal data include:
· We must have precise knowledge of the data we hold
and process, its location, security usage and composition;
We must identify if it is personal, prohibited or client-related?
How is it captured - is it permitted by law
(‘lawful processing’) or consented to by the customer?
We must be able to provide information on how the
data is used and on the rights of individuals regarding their data.
We must demonstrate that we are managing personal
data in a manner compliant with the regulations and be able to supply, on
request, the details of the data we hold and how it has been used.
We have to be able to erase every instance of an
individual’s data in compliance with the right to be forgotten (including data
held in backups).
We must offer storage or conversion of data in a
format that allows portability to other data processors. ·
A duty to inform relevant parties if there is
Our use of data We
process two different types of personal data: customer data and firm data.
‘Customer data’ is personal data received from
customer in relation to professional engagements.
‘Firm data’ is personal data held by a firm in
relation to its own management, employees and affairs generally, including
When starting a new processing
activity, we can only process personal data for the purpose for which it was
training (appropriate to their role) to ensure
they understand these policies and procedures.
details of any changes to the firm’s data
protection policies and practices.
training to refresh their understanding of
these policies at least every two years.
explanation of the firm’s policies and procedures is included in our induction
procedures for new employees.
Relationships with others - suppliers When
entering contracts with suppliers who process or store our data, we ensure that
the supplier is fully compliant with the current data protection regime, and
the contract addresses the requirements concerning the sharing of data.
extent of the impact on our firm will depend on whether our firm is acting as a
controller or processor.
data controller is an organisation that determines the purpose and methods for
processing personal data. A data processor is an organisation that processes
personal data on behalf of a data controller.
determine what information to obtain and process in order to do our work, so we
may act as “controllers in common” or “joint controllers” with our customers.
Relationships with others - customers When we act as the data processor, we
must obtain documented instructions from any data controller on whose behalf we
When we act as a joint controller, we
must ensure the other joint controller complies with the regulations and that
our contract in respect of the sharing of data is in compliance with the regulations.
Data retention policies
What customer data should we hold?
The general principle is that we hold
the minimum amount of data necessary.
The data we hold must be adequate, relevant
and limited to what is necessary in relation to the purpose for which the data
is processed. This applies to both automated personal data and manual filing
systems where data is accessible.
How long do we retain personal data? In
general, data should not be retained any longer than necessary for the task
performed, or than is necessary to comply with the relevant laws and
records for six years from the end of the financial year (31st
March) to which they relate as the rules of HM Revenue and Customs require unless:
We are required to retain it under statutory
obligation, or ·
We are required to retain it for legal proceedings,
The data subject has consented to the retention.
decision to retain personal data beyond the policy noted above should be
documented and approved by the Head of Data Protection. A decision to retain
personal data beyond the policy above should consider:
The current and future value of the information,
The costs, risks and liabilities associated with
retaining it; and
The ease or difficulty of making sure it remains
accurate and up to date.
Privacy policies We
aim to ensure our privacy policies (also referred to as privacy notices) are
clear, use plain language, are transparent and easily accessible.
privacy notices include:
who we are;
what we are going to do with the customer information;
with whom it will be shared.
privacy notices also explain the lawful basis for processing, our data
retention policies and the fact that individuals have a right to complain to
the ICO if they think there is a problem with the way we are handling their
addition, if we intend to use the customer data in a way that is likely to be
unexpected or objectionable, then this must be included in our privacy notices.
communicate our privacy notices through our website.
Consent Consent must be specific, informed,
unambiguous, and freely given.
We record how and when customer consent was
lawfully gained, including:
When they consented
What they were told at the time
How they consented e.g. for written consent a copy
of the relevant document
Whether they have withdrawn consent, and if so
recognise that “consent” is likely to degrade over time, and therefore we need
to refresh the consent regularly in accordance with the context, the scope of
the original consent and the individual’s expectations.
obtaining consent, we do not rely on pre-checked boxes or implied consent. Instead,
whenever data is collected on them, we require evidence of a positive “opt-in”
by the individual.
consent is withdrawn, we must notify other known holders of the data that
consent has been withdrawn and that data should be erased.
personal data breach is an accidental or unlawful act that has affected the
confidentiality, integrity or availability of personal data. A personal data
breach occurs whenever any personal data is lost, destroyed, corrupted or
disclosed; if someone accesses the data or passes it on without proper
authorisation; or if the data is made unavailable and this unavailability has a
significant negative effect on individuals.
the breach is likely to result in a high risk of adversely affecting
individuals’ rights and freedoms, we must also inform those individuals without
who suspects they are the first person in the firm to identify a personal data
breach must inform the Head of Data Protection.
instructed to do so by the Head of Data Protection, no one should attempt to resolve
the problem themselves.
is the responsibility of the Head of Data Protection to ensure that a register
of all personal data breaches is maintained that records all breaches together
with the firm’s response to those breaches.
Reporting personal data breaches Any
breach that is likely to result in a risk to the rights and freedoms of
individuals must be reported to the Information Commissioner’s Office within 72
the firm is acting as data processors, we must inform the data controller as
soon as feasibly possible and without undue delay.
we act as data controllers we must inform the individuals (data subjects) if
there is a high risk that they will be impacted adversely by the breach. This
must be as soon as feasibly possible and without undue delay.
Subject Access Requests Data
subjects have the right to be informed, which includes the right to request the
information held by the firm.
the firm receives a Subject Access Request, it should be passed to the Head of
Data Protection who will allocate responsibility for responding to the request
to a relevant individual.
the information requested would make it more difficult to detect crime or is a
matter of national security, the firm must respond to any request within 30 days
of receipt of the request. If we decide to refuse a request, we must tell the
individual why and that they have the right to complain to the ICO and to seek
a judicial remedy. Any refusal must be given without undue delay and at the
latest, within one month of receiving the original request.
will not make a charge for responding to Subject Access Request, unless the requests
are manifestly unfounded or excessive.
is the responsibility of the Head of Data Protection to ensure that a register
of all Subject Access Requests is maintained that records all requests together
with the date and nature of the firm’s response to those requests.
Head of Data Protection ensures that an annual critical review of the firm’s compliance
with its data protection policies and practices, as well as the effectiveness
of those data protection policies and practices is carried out.
Head of Data Protection will provide evidence of the annual compliance review
to the principal responsible for completing the firm’s annual practice
completion, the Head of Data Protection will provide a summary of the evidence
of the annual compliance review to the next partners’ meeting, together with details
of any changes proposed to the firm’s data protection policies and practices.
You can pay by cash, or Direct Debit 2 week's before your event thank you. Once payment has been paid there is no refund on full balances.
DJ Frames is VPL & PPL license please let us know if you need a DBS check it will need to be completed by the venue or person hireing usa month before. European and state side insured Public Liability Insured PAT TESTED, & First Aid trained Please ask for all paper work, either can be show at venue or sent in the post or by email.
DJ Frames can record your old records onto CD with a fully mobile studio. we can record live bands, solo acts either at our home, studio, or our mobile studio can come to you. we can record either onto MAC or PC. please ask for more information.
Foam partys, This machine has a very big out put and produces 6000 cubic meters of foam per minute filling to your head, If you would like to hire this machine for your party please contact us on the above numbers. Picture below of foam machine, you can have Chocolate or any-other flavors or Ultra violet for different themes.
we Hire staging of many different lengths for any type of event.
Bouncy castles,slides, its a knock out game, please ask for more infomation
Marquees starting from 10 foot up 1000 foot 12/15/9 meters wide, please call to ask and to discuss which size marquee you would like to hire lighting, Furniture, heating, and Generators and distribution are all an extra cost.