Our policies

Privacy Policy

This Privacy Policy governs the manner in which distillery collects, uses, maintains and discloses information collected from users (each, a “User”) of the www.wearedistillery.co website (“Site”). This privacy policy applies to the Site and all products and services offered by distillery.

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, subscribes to a newsletter, or in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, an email address. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, in which case this may prevent them from engaging in certain Site-related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.

Web browser cookies

Our site may use “cookies” to enhance the user experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

distillery collects and uses Users personal information for the following purposes:

To improve our Site

— We continually strive to improve our website offerings based on the information and feedback we receive from you.

To send periodic emails

— If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sharing your personal information

We do not sell, trade, or rent Users’ personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.

Third-party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

Changes to this Privacy Policy

distillery has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy and terms of service. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us at:

distillery www.wearedistillery.co

distillery 65 Leonard Street, Old Street, London, EC2A 4QS

This document was last updated Oct 2019

Equality and Diversity Policy

distillery recognises that diversity and inclusion help to support creativity and innovation: they are an essential ingredient in a successful television company. We are committed to encouraging diversity and inclusion and to ensuring there is no discrimination in our company. We want our workforce to be truly representative of all sections of society. We want our company to be one in which every employee and freelancer feels respected and able to give of their best.

To that end, this policy provides a framework of equality and fairness for all in our employment. It expresses our commitment not to discriminate on the grounds of age, disability, gender, gender reassignment, marital status (including civil partnerships), race, ethnic origin, colour, nationality, national origin, religion or belief and sexual orientation. We oppose all forms of unlawful and unfair discrimination.

This policy applies to employed and freelance staff and to people working on and off screen.

All freelancers and employees, whether part-time, full-time or temporary, will be treated fairly and with respect. Selection for employment, whether as a member of staff or on a freelance basis, will be on the basis of aptitude and ability. Access to opportunities for promotion, training or any other benefit will also be on the basis of aptitude and ability. All employees will be encouraged to develop their full potential and the talents and resources of the workforce will be fully utilised to maximise the creativity and success of the company.

We will:

  • Actively seek to increase the number of people we work with who are from groups/communities that are under-represented in the media industry as a whole, or in particular job roles in the industry.

  • Review all our formal and informal employment/hiring practices and procedures to ensure they are fair and help us to identify the best talent.

  • Identify and take opportunities to increase the diversity of casting decisions

  • Ensure reasonable adjustments are made to enable disabled people to work in or with our company, both on and off screen.

  • Actively seek to increase the diversity of our talent networks.

  • Create an environment in which individual differences and the contributions of all our staff and freelancers are recognised and valued.

  • Ensure every employee and freelancer is able to work in an environment that promotes dignity and respect for all. We will not tolerate any form of intimidation, bullying or harassment.

  • Ensure training, development and progression opportunities are available to all staff.

This policy is fully supported by the senior management of the company. Breaches of the policy may be regarded as misconduct and could lead to disciplinary proceedings.

Modern slavery and human trafficking statement

Financial year 2019

This statement sets out distillery’s actions to understand all potential modern slavery risks related to its business and to put in place steps that are aimed at ensuring that there is no slavery or human trafficking in its own business and its supply chains. 

This statement relates to actions and activities during the current financial year. distillery is committed to operating all of its business activities to the highest standards of business ethics and integrity. We are committed to understanding more about modern slavery and ensuring there is no modern slavery concerns in our business or supply chain. Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain.

We are committed to improving our practices to combat slavery and human trafficking. In light of the obligation to report on measures to ensure that all parts of our business and supply chain are slavery free, we have put in place a designated Modern Slavery and Human Trafficking Policy, to demonstrate our commitment to acting ethically and with integrity in all our business relationships and to implementing and enforcing effective systems and controls to ensure slavery and human trafficking is not taking place anywhere in our supply chains. This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our company’s slavery and human trafficking statement for the financial year ending 2019. 

Organisational structure and supply chains

distillery is a content company based in London, Singapore, San Francisco and Dubai.  We develop content for our clients in local and international markets.  Our supply chain consists of freelance editorial suppliers based in the UK and internationally and freelance film and production crews based both locally and internationally. 

Supply chain risks 

distillery’s suppliers are mostly based within the UK which has a developed culture of ethical business practice and strong labour regulation. We have therefore assessed the overall risk of the business contracting with organisations that engage in slavery or human trafficking as relatively low. However, we have recognised that a risk in our supply chain exists where the business contracts with suppliers based in international markets. 

Acts to address risks 

We are taking all reasonable levels of assurance and are undertaking the following activities on an ongoing basis to assess and address these risks:  Conducting an internal risk assessment to identify which of the businesses suppliers are most likely to provide services in countries and/or sectors where modern forms of slavery are more likely to be prevalent;  Reviewing existing contractual arrangements and identifying ways these can be strengthened to further reduce the risk of slavery and human trafficking in our businesses and supply chains; and Providing anti-slavery training to key staff in accordance with the UK’s Modern Slavery Act 2015. 

Due diligence processes for slavery and human trafficking 

As part of our initiative to identify and mitigate risk, we have in place systems to:  

  • Identify and assess potential risk areas in our supply chains  

  • Mitigate the risk of slavery and human trafficking occurring in our supply chains  

  • Monitor potential risk areas in our supply chains  

  • Protect whistle blowers 

  • Supplier adherence to our values 

  • We have zero tolerance to slavery and human trafficking 

  • We are committed to provide training to staff to ensure a high level of understanding of the risks of modern slavery and human trafficking in our supply chains and our business

  • We also require our business partners to ensure a high level of understanding of the risks of modern slavery and human trafficking is understood by all their employees.

This is the data protection policy of distillery London Ltd (‘organisation’).

Introduction

The organisation is committed to being transparent about how it collects and uses personal data including, in particular, the data of our employees, sub-contractors, people we engage on a freelance basis, actual and potential contributors to our content, plus clients/customers of our services. This policy applies to the personal data of all such persons.

Data Protection Principles

The organisation processes personal data in accordance with the following data protection principles:

  • The organisation processes personal data lawfully, fairly and in a transparent manner. 

  • The organisation collects personal data only for specified, explicit and legitimate purposes. 

  • The organisation processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing. 

  • The organisation keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay. 

  • The organisation keeps personal data only for the period necessary for processing.

  • The organisation adopts appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.

The organisation tells individuals the reasons for processing their personal data, how it uses such data and the legal basis for processing in its privacy notices. It will not process personal data of individuals for other reasons. Where the organisation relies on its legitimate interests as the basis for processing data, it will carry out an assessment to ensure that those interests are not overridden by the rights and freedoms of individuals.

The legal basis on which we hold personal data

We hold personal data under the following permitted reasons provided by the GDPR:

(a) Consent: the individual has given clear consent for the organisation to process their personal data for a specific purpose, like their employment or their contribution to a film.

(b) Contract: the processing is necessary for a contract the organisation has with the individual, or because they have asked us to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for the organisation to comply with the law (not including contractual obligations).

(d) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Individual rights

As a data subject, individuals have a number of rights in relation to their personal data. Where the exercise of these rights relates to a specific client contract, the individual may be referred directly to that client to exercise those rights.

Subject access requests

Individuals have the right to make a subject access request. If an individual makes a subject access request, the organisation will tell him/her:

  • whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;

  • to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;

  • for how long his/her personal data is stored (or how that period is decided);

  • his/her rights to rectification or erasure of data, or to restrict or object to processing;

  • his/her right to complain to the Information Commissioner if he/she thinks the organisation has failed to comply with his/her data protection rights; and

  • whether or not the organisation carries out automated decision-making and the logic involved in any such decision-making.

The organisation will conduct reasonable searches for data, including keyword searches and mailbox searches within company systems. The organisation will provide the individual with a copy of the personal data undergoing processing after other individual person data or commercially sensitive information has been redacted. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise. To make a subject access request, the individual should send the request to info@wearedistillery.co or use the organisation form for making a subject access request. In some cases, the organisation may need to ask for proof of identification before the request can be processed. The organisation will inform the individual if it needs to verify his/her identity and the documents it requires.

The organisation will normally respond to a request within a period of one month from the date it is received. In some cases, such as where the organisation processes large amounts of the individual’s data, it may respond within three months of the date the request is received. The organisation will write to the individual within one month of receiving the original request to tell him/her if this is the case.

If a subject access request is manifestly unfounded or excessive, the organisation is not obliged to comply with it. Alternatively, the organisation can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to  which the organisation has already responded. If an individual submits a request that is unfounded or excessive, the organisation will notify him/her that this is the case and whether or not it will respond to it.

Other rights

Individuals have a number of other rights in relation to their personal data. They can require the organisation to:

  • rectify inaccurate data;

  • stop processing or erase data that is no longer necessary for the purposes of processing;

  • stop processing or erase data if the individual interests override the organisation’s legitimate grounds for processing data (where the organisation relies on its legitimate interests as a reason for processing data);

  • stop processing or erase data if processing is unlawful; and

  • stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override the organisation’s legitimate grounds for processing data.

  • to ask the organisation to take any of these steps, the individual should send the request to the email address on our website.

Data security

The organisation takes the security of personal data seriously. The organisation has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.

Complaints

If you have a concern about the way the organisation has handled your data, please contact the email address on our website. We will:

  • acknowledge your query 

  • investigate the concern

  • escalate to the end client if relevant

  • update you on the findings

  • take remediation actions if required

If you are unhappy with the way we have handled your concern, you can raise a complaint with the ICO. For information on this process, please visit the ICO website.

Data breaches

If the organisation discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. The organisation will record all data breaches regardless of their effect.

Data breach reporting process

  1. Data breach occurs

  2. Report up the chain: Employee > Line Manager > MD

  3. Record the events

  4. Assess the breach

  5. Reduce the damage of the breach where possible

  6. Inform individuals and provide assistance

Individual responsibilities

Individuals are responsible for helping the organisation keep their personal data up to date. Individuals should let the organisation know if data provided to the organisation changes, for example if an individual moves house or changes his/her bank details.

Individuals may have access to the personal data of other individuals and of our customers and clients in the course of their employment, contract, volunteer period, internship or apprenticeship. Where this is the case, the organisation relies on individuals to help meet its data protection obligations to staff and to customers and clients.

Individuals who have access to personal data are required:

  • to access only data that they have authority to access and only for authorised purposes;

  • not to disclose data except to individuals (whether inside or outside the organisation) who have appropriate authorisation;

  • to keep data secure in compliance with our organisation Security Policy;

  • not to remove personal data, or devices containing or that can be used to access personal data, from the organisation’s premises without complying with our Security Policy to secure the data and the device;

  • not to store personal data on local drives or on personal devices that are used for work purposes; and to report data breaches of which they become aware to beki@wearedistillery.co immediately.

Failing to observe these requirements may amount to a disciplinary offence, which will be dealt with under the organisation’s disciplinary procedure. Significant or deliberate breaches of this policy, such as accessing employee or customer data without authorisation or a legitimate reason to do so, may constitute gross misconduct and could lead to dismissal without notice.