Data Rights Policy[HT1]
1. Purpose
This Policy sets out how JW Media Music Limited manages and responds to queries including complaints [HT2] relating to the processing of personal data.
If you consider that we have incorrectly processed your personal data or failed to meet any of our data obligations, you are entitled to complain. It is helpful if you do this immediately. We will do our best to resolve the issue, as we want to give you the best possible service.
2. Scope
2.1This Policy applies to all external clients, service users and other external stakeholders, and to all employees, workers, contractors, agency staff, apprentices, volunteers and applicants whose personal data we process. It is intended to align with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Data Use and Access Act 2025 (DUAA 2025) and guidance from the Information Commissioner’s Office (ICO).
2.2This Policy may be incorporated into the Employee Handbook and related client-facing materials and applies in addition to any internal grievance, whistleblowing or complaints procedures. If there is any conflict, this Policy governs issues concerning personal data.
2.3 If you have a general complaint, please contact Jenny Oakes, our Managing Director who is responsible for client care matters at jenny@jwmediamusic.co.uk
3. Definitions
For the purposes of this Policy:
Personal data means any information relating to an identified or identifiable living individual.
Special category data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for identification, health data and data concerning a person’s sex life or sexual orientation.
Processing means any operation performed on personal data, such as collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, erasure or destruction.
Data subject means the identified or identifiable individual to whom personal data relates.
Complaint means any expression of dissatisfaction about our handling of personal data, our response to a data subject request, our data protection practices, a suspected personal data breach, or our compliance with UK GDPR, DPA 2018, DUAA 2025 or ICO guidance.
Data Controller means the organisation that determines the purposes and means of processing personal data.
Data Processor means a party that processes personal data on behalf of the Data Controller.
Data Protection team means the designated individuals responsible for advising on and monitoring compliance with data protection obligations, where appointed. Within our organisation the individual assigned the equivalent of the DPO role is the Managing Director.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
4. Data Protection Principles
4.1 We handle complaints and personal data in accordance with the data protection principles under UK GDPR and DPA 2018, as supplemented by DUAA 2025, namely :
- Lawfulness, fairness and transparency: We process data on a lawful basis and communicate clearly about our handling.
- Purpose limitation: We use complaint data only for managing and improving our complaints handling, regulatory compliance and related purposes.
- Data minimisation: We collect only what is necessary to assess and address the complaint.
- Accuracy: We take reasonable steps to ensure data is accurate and up to date.
- Storage limitation: We keep complaint records only for as long as needed for the purposes identified and to meet legal, regulatory or audit requirements.
- Integrity and confidentiality (security): We apply appropriate technical and organisational measures to protect complaint data.
- Accountability: We document decisions and are able to demonstrate compliance.
5. Rights of Data Subjects
5.1Depending on the circumstances and applicable law, you may have the right to:
- Access your personal data and receive information about our processing. - Rectify inaccurate or incomplete personal data.
- Erase personal data where applicable (the “right to be forgotten”).
- Restrict processing in certain situations.
- Object to processing based on our legitimate interests or for direct marketing.
- Data portability, to receive certain personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, and to obtain human review.
- Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
- Complain to the ICO and seek a judicial remedy if you believe your rights have been infringed.
5.2 Requests to exercise rights can be submitted via the contact details in Section 6below. We will verify identity where appropriate, and we will respond within the statutory timescales, normally within one month, extendable by up to two further months for complex or multiple requests. Certain rights may be limited by legal obligations, privileges or exemptions under the DPA 2018 and DUAA 2025.
6. Data Infringement Procedure
6.1 You can make a data complaint using any of the following channels:
- Email: at hello@jwmediamusic.co.uk clearly labelling your matter ‘Data’
- Post: Data Team, J W Media, Argyle House, 29 -31 Euston Road, London, NW1 2SD
- Telephone: 0207 400 1460
- In person: Please ask for the Managing Director at reception.
6.2 To help us both understand and investigate your matter please include the following:
- Your name and contact details.
- Details of your concern, together with the relevant dates.
- The Data that you believe is affected.
- Supporting emails or documents you have in relation to the matter.
- The outcome you wish to seek, including any remediation points we may be able to address.