top of page

Data Protection Policy/GDPR Compliance

Our Company is driven to be transparent and accountable in how it collects and uses personal data including. In particular, data relating to our employees, subcontractors, people, we engage with through freelance and with all our clients and customers who avail of our services.

This policy applies to the personal data of all such persons/companies.

Our organisation processes personal data in accordance with the following principles on data protection:

  • The organisation processes your personal information lawfully, fairly and in a transparent manner

  • The company only collects personal information for specific, particular and legitimate purposes.

  • The organisation processes personal data/information only where it is deemed adequate, relevant and is limited to what is considered necessary for the purpose of processing.

  • The organisation only keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.

  • The company keeps the personal data for the period necessary for processing.

  • The organisation takes on appropriate measures to ensure that all personal data is secure and protected against unlawful and unauthorised processing, accidental loss, destruction or damage.

  • Our company will tell our stakeholders the reason for processing their personal data, how we use such data and the lgal basis for processing in its privacy notices. It will not process personal data for other purposes.

  • Our organisation will rely on our legitimate interests to process data and in doing so shall carry out an evaluation to assess and ascertain that these interests do not infringe on the rights and freedoms of individuals or companies.

We process your data on the following grounds and reasons according to GDPR: a minimum of one of these reasons will apply to your data being collected.



Contractual Agreement

Legal obligation

Vital interests and the protection of life

Public Task

Legitimate Interests


Your Rights: As a data subject, stakeholders have a number of rights in relation to their data.

  • You have a right to make a subject access request.

  • Processing information of the data.

  • Whom the data has been disclosed to for the purpose of the business

  • The duration of the stored data and how long it will be required for

  • Rights to rectification or erasure of data

  • The right to make enquiries with the information commissioner office if it is thought that the data has been unduly processed.

  • If automated decision making has been availed of and the logic involved in such application/s.

You are also entitled:

To request the full data to be made in electronic form unless requested in any other format/medium.

To make a Subject Access Request (SAR) please make your request to or kindly fill in the organisation’s webpage enquiry form with your request.

The response time will be 1 month from the date of request and for larger data could take up to 3 months to send through in cases of high data volume.

Depending on the amount of data, there may be an administrative cost for requests that require full access request that may have large data stored needing to be proessed.

You can also request to rectify data

Request to delete some data or to restrict the data being processed if your data protection needs to override the legitimate needs of the company, this will need to be demonstrated with legitimate reasons and evidence.

Request to stop processing data if data is wrongly or unlawfully processed.

Please make any enquiries to our official email address that can be found on our website.

If the organisation has information that assesses that data has been wrongly processed then it will contact the information officer within 72 hours of the discovery.

As individuals/stakeholders you are encouraged to work with us and to contact us to inform us of any changes or updates necessary to be rectified from our end.

It is our responsibility to keep your data safe and secure and we will notify all stakeholders if there has been any loss or intercepted data.

Government and other official stakeholders may have access to our clients, employees and talents working with us for administrative and funding requirements.

Only authorised people in our organisation will have access to your data.

Likewise, as receivers of our data, it is also your responsibility to be bound by any Non Disclosure Agreements and written requests to protect our creative property and/or any data relating to our works that can be stolen by our competitors.

That you will not store any official data of ours for personal sharing.  Nor should any such creative data or work on any forthcoming projects be discussed or leaked to the press or any competitor. If you are storing any of our company’s data then on devices that are personal and/or work devices tat you are protecting our data with the same interests as we will safeguard you and your data.


Thank you once again.



Neil Mukherjee

Auteur Film Productions UK Ltd (AFPUK Ltd)

Head of Data Protection for AFPUK Ltd

bottom of page