Data Protection Policy

Policy Prepared by: Pauline Gray

Policy Prepared on: 02/02/2023

Next Review date: 01/02/2024


As a model agency Model Students processes personal data in relation to its own staff, models/work-seekers, customer & businesses contacts and other people the organisation has a relationship with or may need to contact.

Data Protection Law

The Data Protection Act 1998 describes how organisations including Model Students must collect, handle and store personal information.

The Data Protection Act 1998 requires Model Students act as data controller to process data in accordance with the principles of data protection. These require that data shall be:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate
  • Not kept longer than necessary
  • Processed in accordance with the staff, model/work seekers data rights
  • Kept securely


People Risk and Responsibilities

Model Students holds data on individuals for the following general purposes:

  • Staff Administration
  • Advertising, marketing and public relations
  • Accounts and records
  • Administration and processing of models/work-seekers personal data for the purposes of work-finding services. This includes names, email addresses and telephone numbers plus other information relating to modelling work.


Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and all Model Student staff shall be responsible for doing this.

Data may only be processed with the consent of the person whose data is held. Therefore, if they have not consented to their personal details being passed to a third party doing so may constitute a breach of the Data Protection Act 1998.

General Staff Guidelines

Staff are permitted to access data covered by this policy where it is needed for their work. They should add, amend, or delete data from the database and amend where information is known to be old, inaccurate or out of date. In addition, all employees should ensure that adequate security measures are in place. For example:

  • Computer screens should not be left open by individuals who have access to personal data
  • Passwords should not be disclosed
  • Email should be used with care
  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason
  • Personnel files should always be locked away when not in use and when in use should not be left unattended
  • Care should be taken when sending personal data in internal or external mail
  • Destroying or disposing of personal data counts as processing. Therefore, care should be taken in the disposal of any personal data to ensure that it is appropriate. For example, it is necessary to shred sensitive data.

It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person; allowing unauthorised persons’ access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of Data Protection Law.


Data Protection Officer Pauline Gray


Keeping staff updated about data protection responsibilities, risks and issues.

Reviewing all data protection procedures and related policies.

Arranging data protection training and advice for the people covered by this policy.

All requests to access data by staff, models/work seekers, customers or clients etc. should be referred to Pauline Gray (Data Protection Officer) email: