top of page

GDPR Compliance

Effective Date: 20/12/2025

Last Updated: 20/12/2025

​

1. COMMITMENT TO DATA PROTECTION

Boss Cartier Agency (“Boss Cartier Agency”, “we”, “us”, “our”) is committed to protecting personal data and complying with UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018. 

 

We recognise the importance of privacy, data security, and transparency and are committed to ensuring that personal data is handled lawfully, fairly, and securely at all times. 

 

2. DATA CONTROLLER STATUS

Boss Cartier Agency LTD acts as the Data Controller for the personal data it collects and processes in connection with: 

  • Website visitors

  • Creator Applicants

  • Active and Former Creators

  • Recruiters and Contractors

  • Business Partners and Advisors

 

3. GDPR PRINCIPLES WE FOLLOW

We process personal data in accordance with the core GDPR Principles: 

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and Confidentiality (security) 

  • Accountability

 

Those principles guide all data handling decisions across the business. 

 

4. LAWFUL BASES FOR PROCESSING

We only process personal data where we have a lawful basis, including: 

  • Contractual Necessity: to provide Creator Management, Recruitment, and Payment Services

  • Legal Obligation: Tax, Accounting, Regulatory Compliance

  • Legitimate Interests: Operating and Improving our Business, preventing Fraud, ensuring Compliance

  • Consent: Marketing Communications and optional Data Submissions

 

Where Consent is relied upon, it may be withdrawn at any time. 

 

5. TYPES OF PERSONAL DATA PROCESSED

We may process the following categories of personal information: 

  • Identity and contact information 

  • Social media and platform account data (including TikTok LIVE performance metrics) 

  • Financial and payment related data

  • Communications and support records 

  • Contractual and compliance records 

  • Technical and usage data

 

We do not intentionally process special category data unless legally required or voluntarily provided. 

 

6. DATA SUBJECT RIGHTS

Under GDPR, individuals have the right to: 

  • Access their personal data

  • Rectify inaccurate data

  • Request erasure (“right to be forgotten”) 

  • Restrict processing

  • Object to processing 

  • Data portability 

  • Withdraw consent 

 

Requests can be made by emailing privacy@bosscartieragency.co.uk. We respond within one Calander month, as required by law. 

 

7. DATA SECURITY MEASURES

We implement appropriate technical and organisational measures to protect personal data, including: 

  • Restricted access controls 

  • Secure cloud based systems

  • Password protected devices

  • Role based permissions 

  • Secure data transfer methods 

  • Internal policies on data handling and confidentiality 

 

All Contractors and personnel with access to data are subject to confidentiality obligations. 

 

8. DATA PROCESSORS & THIRD PARTIES

We may share data with trusted third parties acting as data processors, including: 

  • Technology platforms and software providers 

  • Payment processors and financial institutions 

  • Professional advisors (legal, accounting, compliance) 

 

All processors are required to: 

  • Act only on our instructions 

  • Implement appropriate security measures

  • Comply with GDPR requirements

 

9. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including: 

  • Adequacy decisions 

  • Standard Contractual Clauses (SCCs) 

  • Equivalent lawful protections

 

10. DATA RETENSION

Personal data is retained only for as long as necessary to: 

  • Fulfil contractual obligations

  • Comply with legal requirements 

  • Resolve disputes

  • Maintain accurate business records

 

Data is securely deleted or anonymised once no longer required. 

 

11. DATA BREACH MANAGEMENT

We have procedures in place to detect, report, and investigate personal data breaches. 

 

In the event of a breach: 

  • We assess the risk to individuals 

  • We notify the ICO where legally required

  • We inform affected individuals where necessary

  • We take remedial action to prevent recurrence

 

12. TRAINING & AWARENESS

We ensure that individuals acting on behalf of Boss Cartier Agency: 

  • Understand GDPR obligations 

  • Are trained in secure data handling

  • Know how to report data protection concerns 

 

Training is updated as the business grows. 

 

13. RECORD KEEPING & ACCOUNTABILITY 

We maintain internal records of: 

  • Data processing activities 

  • Data protection decisions 

  • Data subject requests (SARs) 

  • Security measures 

 

This demonstrates accountability under GDPR. 

 

14. CHILDREN’S DATA

Boss Cartier Agency does not knowingly process personal data relating to individuals under the age of 18. 

 

15. COMPLAINTS & SUPERVISORY AUTHORITY

If you have concerns about how your data is handled, you may contact us directly. 

 

You also have the right to lodge a compliant with the Information Commissioner’s Office (ICO). 

 

www.ico.org.uk

 

16. REVIEW & UPDATES

This GPPR Compliance Statement is reviewed regularly and updated to reflect changes in law, guidance, or business practices. 

 

17. CONTACT INFORMATION

For all data protection matters: 

 

Boss Cartier Agency LTD

Email: privacy@bosscartieragency.co.uk

bottom of page