Introduction

Your Data Privacy is important to us. This Privacy Policy explains what we do with your personal data (please see personal data definition in Annex 3), whether we are in the process of considering your application to join us, continuing our relationship with you once you have joined us, providing you with a service or receiving a service from you.

This Privacy Policy comes into effect on 25th May 2018 and supersedes our previous Data Protection Policy (Data Protection Act 1998). Should you wish to view the full General Data Protection Regulation (GDPR) please click on this link https://gdpr-info.eu/

This Privacy Policy describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. We are committed to protecting and safeguarding your data privacy rights.

This Privacy Policy applies to the personal data of our CRM users, applicants, staff members, clients and suppliers and individuals who our staff members indicate are their emergency contacts.

The data protection principles stated in the Data Protection Act 1998 still apply. These have been the ones in force in the United Kingdom to date and from 25th May 2018 the GDPR is an additional and statutory obligation designed to protect the data privacy of the individual (data subject). You may
view these original principles in Annex 2.

Who is responsible for ensuring compliance with this Privacy Policy and its data protection and data security responsibilities?

Maintaining appropriate standards of data protection and data security is a collective task shared between all Kru Live staff members. This policy and the rules contained in it apply to all of our staff irrespective of seniority, tenure, working hours, including all employees, directors and officers,
consultants, contractors, casual or agency staff, trainees, homeworkers, fixed term staff and volunteers (staff)

Our directors have overall responsibility for ensuring that all personal information is handled in compliance with the law and have appointed a Data Protection Officer (see Annex 1 for contact details).

All of our staff have personal responsibility to ensure compliance with this policy, to handle all personal information consistently with the principles set out here and to ensure that measures are taken to protect data security. Managers have special responsibility for leading by example and
monitoring and enforcing compliance.

What kind of personal information do we collect?

Applicant data

We collect an applicant’s information for the purpose of considering an application to join us.

Information collected and processed for the purposes of considering your application may include the following:

  • Your name
  • Your title
  • Your address
  • Your email address
  • Your telephone number
  • Your CV and/or promotional CV and images submitted in support of your application
  • Any other work related information regarding specific additional skills and attributes that
  • you could bring to the role that you are applying for
  • Proof of your identity and, if applicable, proof of your ongoing eligibility to take work in the United Kingdom

Please note that this list is not exhaustive and may vary from time to time depending on legitimate business need and/or changing statutory requirements.

Staff member data

We collect additional information from staff members who are either employed or engaged by us for the purposes of administering your employment or engagement with us and for the carrying out of our statutory obligations.

Information collected and processed for the purposes of administering of your employment or engagement with us may include:

  • Your date of birth
  • Confirmation of your identity and, if applicable, proof of your ongoing eligibility to take work
  • in the United Kingdom
  • Your National Insurance Number
  • Your bank details
  • Emergency contact details
  • Diversity information including racial or ethnic origin, gender, age, sexual orientation,
  • disability, religious or other similar beliefs
  • Additional information on your skills, attributes and interests that may assist us in placing
  • you in suitable roles or assignments
  • Additional information such as your driving licence or any criminal convictions if these are necessary for a role that you are applying for or for an assignment that you would like to be considered for

Please note that this list is not exhaustive and may vary from time to time depending on legitimate business need and/or changing statutory requirements.

Client and supplier data

The data we collect and process on our clients and suppliers is only that which is necessary to enable the smooth running of our business relationship and may include:

  • Generic contact details for the business
  • Individual business contact details such as email addresses, telephone numbers (landline
  • and/or mobile)
  • Financial details

Please note that this list is not exhaustive and may vary from time to time depending on legitimate business need and/or changing statutory requirements

How do we collect your personal data?

Applicant data

There are three primary ways in which we collect data from you when you apply to join us:

1. Personal data that you provide us with when you register your application; entering your details on our website for example

2. Personal data that we receive from other sources; an external recruitment company for example or referees

3. Personal data that we collect in order to further consider your application; as a result of an interview for example

Staff member data

There are three primary ways in which we collect data from you when you are employed or engaged by us:

1. Additional personal data that you provide us with when your application to join us has been successful and where you continue to update them throughout your time with us

2. Personal data that we receive from other sources; referees for example, or feedback as a result of an assignment

3. Personal data that we collect automatically; assignment records or payroll records for example

Client or supplier data

There are three primary ways in which we collect data from you when you are employed or engaged by us:

1. Personal data that you provide us; when we agree to enter into a business relationship for example

2. Personal data that we receive from other sources; due diligence or other market checks for example

3. Personal data that we collect automatically

How do we use your personal data?

Applicant data

We use the data we have obtained about you for the purpose of considering your application and for contacting you.

Staff member data

We use the data we have obtained about you for the purposes of administering your employment or engagement with us. These may include the following:

  • Storing, and updating as necessary, your details in order to maintain accuracy
  • Communicating with you via telephone, text or email in order to be able to offer you, and confirm you on assignments or to advise you of statutory or other changes which may affect your employment or engagement
  • Assessing your data in order to be able offer you assignments most suited to you
  • Sending clients the necessary parts of your personal data in order for them to consider your suitability for an assignment
  • Sending clients the necessary parts of your personal data in timesheets or other documents which confirm your participation on assignments
  • Carrying out our payroll and invoicing processes
  • Using third party resources to verify details which may be pertinent to your employment or engagement, such as references, qualifications or criminal convictions
  • Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties
  • Carrying out staff surveys as to how we are performing and how we may improve
  • Where there is a legal requirement to do so

Please note that this list is not exhaustive and may vary from time to time, but they are examples of what we consider to be legitimate business need in order to fulfil your expectations of being offered assignments and our responsibilities towards you and our clients in carrying out our necessary, operational business requirements.

If, for example, we were approached by a third party requesting participation in marketing or research projects, this would fall outside of our legitimate business interest and we would seek your consent as to whether you wished to participate.

Equal opportunities monitoring and other sensitive personal information

This is another area where we would seek your consent to release your personal data.

We are committed to ensuring that our recruitment and business model is parallel to our approach to equal opportunities. Some of the data that we collect if you participate in our equal opportunities monitoring comes under the heading of ‘diversity information.’ As mentioned above this includes information regarding racial or ethnic origin, gender, age, sexual orientation, disability, religious or
other similar beliefs. We may from time to time, and where appropriate disclose this information in an anonymised format in order to meet statutory compliance requirements or where we may be contractually obliged to do so by a client.

This information is classified as sensitive personal information and in order to use it, even in anonymised form, we are required to seek your explicit consent. We do this by offering you an optin; this means that you have to explicitly and clearly tell us that you agree to us collating and using or
disclosing the information. Consent is explained more fully later in this policy document.

Client and supplier data

We use the data we have obtained about you for the purposes of administering and conducting our business and commercial relationships with you.

We may do this in the following ways:

  • using your generic or personal contact details to communicate about existing or future business
  • storing, and updating when necessary, your details on our database
  • keeping records of our business and financial communications and transactions offering you services that fall within the remit of our current or previous business relationship or to obtain services from you
  • where we are legally obliged to do so

Please note that this list is not exhaustive and may vary from time to time, but they are examples of what we consider to be legitimate business need in order to fulfil our business and commercial interests.

How do we keep your personal data safe?

The protection and safeguarding of the personal data that we hold is very important to us. We have in place a range of appropriate technical and organisational measures designed to protect personal information from misuse, loss and unauthorised access. These include measures to deal with any suspected data breach.

How long do we keep your personal data for?

Applicants

If your application to join us was unsuccessful the personal information you provided will be deleted after a period of 6 months.

Staff members

If you join us but do not take any work or receive any monies from us your personal information will be deleted after a period of 18 months.

If you have worked for us and been paid by us and then cease working for us, then your personal information will be deleted 6 years after your last period of work.

Your rights to access, amend or take back your personal information

The protection and clarification of the rights of EU citizens and individuals in the EU with regard to data privacy is the central pillar of GDPR. These rights are unaffected by Brexit and mean that even once you have given us personal information you retain various rights with regard to your data. These rights are as follows:

The right to be informed

You have the right to be informed about the collection and use of your personal data. We must provide you with information including: our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with.

The right of access – Data Subject Access Requests (DSAR)

You have the right to ask us to confirm what information we hold on you at any time and request that we modify, update or delete such information. You must make this request in writing. We may ask you to verify your identity and for more information about your request. We will respond to your
request as soon as possible and no later than one month of receipt.

We may extend the period of compliance by a further two months if your requests are complex or numerous. If we do this we will inform you within one month of the receipt of the request and explain why the extension is necessary.

There will be no charge for the information we provide you with unless your request is “manifestly unfounded or excessive.” In this case any fee will be based on the administrative cost of providing you with the information. A fee may also be charged should you request further copies of the information. Once again, it will be based on the administrative cost of providing the copies.

If your request is “manifestly unfounded or excessive” we may refuse to respond. If we refuse your request we will tell you why as soon as possible, and no later than one month from receipt, and advise you of your right to complain to our supervisory authority.

The right to rectification

You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can make this request verbally or in writing. We will respond to your request as soon as possible and no later than one month from receipt.

We may extend the period of compliance by a further two months if your requests are complex or numerous. If we do this we will inform you within one month of the receipt of the request and explain why the extension is necessary.

There will be no charge for the information we provide you with unless your request is “manifestly unfounded or excessive.” In this case any fee will be based on the administrative cost of providing you with the information. 
If your request is “manifestly unfounded or excessive” we may refuse to respond. If we refuse your request we will tell you why as soon as possible, and no later than one month from receipt, and advise you of your right to complain to our supervisory authority.

The right to erasure

You have the right to have your personal data erased if one or some of the following apply:

  • the personal data is no longer necessary for the purpose which we originally collected or processed it for
  • we are relying on consent as our lawful basis for holding the data, and you withdraw your consent
  • we are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing
  • we are processing the personal data for direct marketing purposes and you object to that processing
  • we have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle)
  • we have to do it to comply with a legal obligation


The right to restrict processing

In certain circumstances you have the right to request the restriction or suppression of your personal data. When processing is restricted, we are permitted to store your personal data, but not use it. You can make a request verbally or in writing. We will respond as soon as possible but no later than one month following receipt.

You have the right to request that we restrict the processing of your personal data in the following circumstances:

  • you contest the accuracy of your personal data and we are verifying the accuracy of the data
  • your data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you don’t wish erasure and request restriction instead
  • we no longer need the personal data but you wish us to keep it in order to establish, exercise or defend a legal claim
  • you have objected to our processing of your data under Article 21(1), and we are considering whether our legitimate grounds override yours


The right to data portability

This right allows you to obtain and reuse your personal data for your own purposes across different services.

It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

The right to data portability only applies:

  • to personal data you have provided to us
  • where the processing is based on your consent or for the performance of a contract
  • when processing is carried out by automated means

There is no charge should you request this and the timing of our response is as given above as is the process to be followed should we not respond or refuse your request for data portability.

The right to object

You have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
  • direct marketing (including profiling)
  • processing for purposes of scientific/historical research and statistics.
  • We will cease processing your personal data unless:
  • we can demonstrate compelling legitimate grounds for the processing, which overrides your interests, rights and freedoms
  • the processing is for the establishment, exercise or defence of legal claims


Rights in relation to automated decision making and profiling

The GDPR has provisions on:

  • automated individual decision-making (making a decision solely by automated means without any human involvement)
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process

We do not process your data in this way but if you would like further information on this please click on the link at the beginning of this document. Further information is also included in Article 22.

International transfer of your data

For the purposes of enabling you to take assignments in the EU we may share relevant parts of your data with our European partners in The Staffing & Entertainment Collective.

Should you be offered (and accept) assignments outside of the EU by us, then decisions regarding any release of your data will be made on a case by case basis. Your data will only be released with your consent, in accordance with GDPR requirements, and only when appropriate checks have been made and safeguards been put in place.

We are a British owned and based company and all of our data is controlled, processed and stored in the United Kingdom.

Consent

From time to time there may be circumstances where it may be necessary to process your data for reasons that fall outside of our legitimate business interest. We will always seek your consent in such situations.

Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which he or she, by a statement of clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

This means that:

  • you have to freely give us your consent without being put under any type of pressure
  • you must know what you are consenting to and be sure that we have given you all necessary information
  • you have control over which processing activities you consent to and which ones you don’t
  • you need to take positive and affirmative action in giving us your consent and that we have provided a clear and unambiguous way for you to provide your consent

We will keep records of the consents that you have given in this way. You may withdraw your consent at any time.

From time to time we may review and amend this Privacy Policy to comply with new statutory obligations or to meet our changing business requirements.

Annex 1 – Data Protection Officer details and supervisory authority details

Kru Live Data Protection Officer:

Suzi Ley Greaves
E: suzi@krulive.com
T: 0207 736 1188
A: Kru Live Ltd
 19a Heathman’s Road
 London
 SW6 $TJ

Supervisory authority details:

The Information Commissioner’s Office
E: casework@ico.org.uk
T: 0303 123 1113
A: The Information Commissioner’s Office
 Wycliffe House
 Water Lane
 Wilmslow
 Cheshire
 SK9 5AF

Annex 2 – Data Protection Act 1998 – Data principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless

  • (a) at least one of the conditions in Schedule 2 (https://www.legislation.gov.uk/ukpga/1998/29/schedule/2) is met, and
  • (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 (https://www.legislation.gov.uk/ukpga/1998/29/schedule/3 )is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or
damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Annex 3 – definition of personal data

Under the GDPR personal data means “any information relating to an identified, or identifiable natural person (data subject); an identifiable natural person is one who can be identified directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “

Get in Touch

Kru have been really helpful in making our product demonstrations a success. They respond to last minute requests excellently and are always keeping me in the loop. Kru have been able to deliver excellent results and have made the training process really simple too

Sodastream

We have worked with the Kru team for over a year now with Oculus and I can honestly say that they are a key part of the team, they are always reliable, easy to get hold of at any time and never come to us with an issue that doesn’t have a solution. The campaign has been managed brilliantly with great staff and coverage from the field team. Not only do they manage and motivate staff well but also come to us with solutions in a professional and timely manner.

Jack Morton Worldwide

“We set Kru Live the very challenging task of delivering a range of ambassadors across a variety of projects, in 13 cities across the UK over a very busy and competitive 6 week event period, and we were very pleased with the results! The Kru Live team became the face of the DHL brand, so selection and training was paramount and we worked well together to make that happen. I was very impressed by the casting days, and the video entries were a really great way for us to be involved with selection which built a level of comfort early on in the process, and their systems made the on the day management much more efficient. Kru Live have become a trusted partner and we continue to collaborate and work with Kru Live on all our current and future events”.

Bright Partnerships

  • The Cogs 2016 Awards Silver Winner
  • Field Marketing Award Brand Experience Award Gold winner 2015
  • Field Marketing Award Brand Experience Award Bronze winner 2014
  • Field Marketing Award Bronze winner 2013
  • Event 100 Club 2013
  • IVCA Live come Awards 2013 Winner
  • The Cogs Awards For the People that make it Work Staffing Winner 2013
  • Event Awards Winner 2016
  • Event 100 Club
  • Field Marketing Award Brand Experience Award Gold Winner 2012
  • Field Marketing Award Brand Experience Award Silver Winner 2013
  • The Drum UK Event Awards: Award Winner 2015

Request a Quote

By ticking this box, you agree that we can store and use your data to communicate with you. We will never pass on your information to other organisations. You can review our privacy policy here.

Not already a member? Join our books

Register Here

Contact Us

Email Us

team@krulive.com

Follow us on social media

New Business Enquiries

sarahjane@krulive.com
0207 736 1188

We Operate Globally

hello@tsecollective.com

Staff Enquiries

0207 736 1188

Find Us

19a Heathman's Road, Fulham, London, SW6 4TJ

Get Directions

By ticking this box, you agree that we can store and use your data to communicate with you. We will never pass on your information to other organisations. You can review our privacy policy here.