PRIVACY POLICY

TMSgr agency (TMSgr or we/us/our) maintains a large network of leading, authentic and emerging digital influencers, content creators, bloggers, models, and talents (art directors, creative directors, stylists, photographers, videographers etc) that we may connect to our customers who have brand portfolios in the beauty, fashion, lifestyle and travel industry among others.

Through our services, website, or via other interaction or communication with us, personal data may need to be processed. Your privacy is highly important to us, we live up to the obligations under the Applicable Data Protection Law thus, we carefully handle, process personal data and strive for security. In this Privacy Statement, we will inform you about the way we process your personal data.

1) To whom does this Privacy Statement apply?

YOU

This Privacy Statement applies to you when you visit our website or otherwise engage with TMSgr.

CUSTOMERS

In order to collaborate with you and/or fulfill our contract with you as our customers, we need to process certain personal data. You may be a customer and/or an employee of a customer with whom we currently work, a former customer or a potential customer in our network.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

This Privacy Statement is applicable to you having one of the above professions in our network. This is the case if we have a contractual relationship with you and represent you or you are a potential candidate we would like to represent and establish a contractual relationship with.

When you have one of the above professions we may obtain information about you via your public profile on social media or via your public website(s). Also, we may have received information directly from you due to our contractual relationship. We may also obtain information from third parties, such as social media channels or other digital service providers on the effect of your posts. When you are a potential candidate, the information that we process originates from your public social media profiles or your public website(s) and the data you provide us when applying for casting.

In order to connect you to the marketing portfolios of our customers, we need to process certain personal data of you. When processing your personal data, we make use of our internal TMSgr Platform, where we store information that we may receive from you, obtain from public sources or receive from third parties upon your consent.

2) Who is the data controller?

The data controller for the processing of your personal data in accordance with Article 4 (7) of the General Data Protection Regulation (GDPR) is:

TMSgr

Under Noxious Butterfly LTD

Agias Zonis 1, office 406

CY 3026, Limassol, Cyprus

[email protected]

3) What types of personal data do we process?

We may process the following types of personal data:

YOU

a. Personal data of visitors of TMSgr website, include your name and address data; IP address; type browser; search history; time of the session; online behavior; demographic information (country and language); age; gender (not per person but in general).

b. Personal data can be processed by means of a contact form or contact email address, include your name and/or company name; (company) email address; title; phone number; website; social media accounts (username); reach on social media; your question or message.

CUSTOMERS

a. Former customers: include your name; title; company name; company address; company email address; telephone number; bank details (name of the bank, full address of bank, bank account number); Chamber of Commerce number; VAT number; specific arrangements; confidential information (such as marketing plans); brand documents; fees and budgets.

b. Potential customers: include your name; title; company name; company address; company email address; telephone number; specific arrangements; confidential information (such as marketing plans); brand documents; fees and budgets.

The aforementioned types of personal data may originate from various sources. We may process personal data that we have found on your public website. When you are a (former) customer, we will process personal data that we have obtained in connection with our cooperation. This data may originate from your agreement with us, from public sources and from information you (or your representative/employee) provided to us. For due diligence reasons we may collect credit information.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

a. Your name and address data, gender, date of birth, your public profile photo from social networks, email address, phone number, social media accounts and/or website, account name, nickname, information about preferences, photos that you have sent us, amount of followers, estimated engagement on social media accounts and assumed target groups.

b. Details of arrangements made between you and TMSgr including start and end date of agreements made, bank details, social security number, Chamber of Commerce number, information that you provide us in the course of our relation and impressions on your social media accounts relating to marketing posts (including the amount of views, types of followers, age groups etc.).

c. Potential candidates: includes your name and address data, gender, date of birth, your public profile photos from social networks, email address, phone number, social media accounts and/or website, account name, nickname, information about preferences, photos that you grant us permission to use, amount of followers, estimated engagement on social media accounts, assumed target groups and information that you provided us if you have been in contact with our agency.

The aforementioned types of personal data may originate from various sources. We may process personal data that we have found on your public profile on social media or your public website to the extent you have made this information public intentionally and not solely for private purposes. When you are an influencer, content creator, model, blogger, talent etc or former influencer, content creator, model, blogger, talent etc, we will process personal data that we have obtained in connection with our cooperation. This data may originate from your agreement with us, from your social media profile(s) or website(s) and from information you provided to us.

4) What are the purposes for the processing of your personal data?

We may process your personal data for various purposes:

YOU

  1. Maintaining our administration
  2. Improving our services
  3. Making propositions
  4. Approaching you if requested
  5. Maintaining contact, handling enquiries, complaints and disputes
  6. Compliance with applicable laws and regulations.
  7. Monitor online behavior; Measure Search Engine Optimization (SEO) and Search Engine Advertising (SEA); Improvement of the website (statistical analysis)
  8. Assess new business, job or press enquiries

We will not further process your personal data for other purposes than mentioned in this Privacy Statement.

CUSTOMER

When you are a (former) customer, we may process your personal data for the following purposes:

  1. Maintaining the administration of our customers (registration of past customers)
  2. Improving our services towards our customers by market analysis, identification of reach and target groups
  3. Provide customers with proposals.
  4. Contract management
  5. Performance of contracts with customers
  6. Approaching customers for new collaborations
  7. Compliance with applicable laws, regulations and due diligence.

When you are a potential customer, we may process your personal data for the following purposes:

  1. Maintaining the administration of our customers (registration of prospective customers)
  2. Approaching customers for new collaborations
  3. Making propositions for our customers
  4. Maintaining contact, handling enquiries, complaints and disputes
  5. Compliance with applicable laws, regulations and due diligence.

We will not further process your personal data for other purposes than mentioned in this Privacy Statement.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

We may process your personal data for various purposes:

  1. Maintaining the administration of our network of you and potential influencers, content creators, talents etc
  2. Approaching you for new collaborations
  3. Making propositions for our customers
  4. Improving our services towards our customers by market analysis, identification of reach and target groups
  5. Maintaining contact, handling enquiries, complaints and disputes
  6. Compliance with applicable laws and regulations
  7. Contract management
  8. Rolling out marketing campaigns in collaboration with the influence, content creator, talent etc
  9. Performance of contracts with influencers, content creators, talents etc
  10. Auditing the effect of a marketing campaign, measuring impressions.

When you are a potential influencer, purpose 1 to 6 apply.

We will not further process your personal data for other purposes than mentioned in this Privacy Statement.

5) What are the applicable legal grounds for the processing of your personal data?

YOU

When you are a website visitor or otherwise engage with TMSgr, we may process your personal data for the following legal grounds:

● Consent for auditing a marketing campaign

We may ask for your consent for certain data processing activities such as auditing the effect of a marketing campaign.

● legitimate interests

We may furthermore process personal data based on our -and your- legitimate interest to the extent such interest is not overridden by your privacy interests or fundamental rights and freedoms. The legitimate interests that we may rely on for the processing of your personal data are to operate and grow our business, to communicate with you in relation to our website and provide support, to keep our website updated and relevant, to protect our business and prevent fraud and other prohibited or illegal activities and for due diligence purposes if we choose to sell, transfer or merge (parts of) our business.

● statutory obligations

When required, we may process your personal data to meet with statutory obligations, such as our obligations arising out of tax laws.

CUSTOMERS

When you are a customer, we may process your personal data for the following legal grounds:

● executing the agreement that we have with you

We process your personal data, because it is necessary for the execution of our agreement with you, for example to connect to you to our influencers.

● Consent for auditing a marketing campaign

We may ask for your consent for certain data processing activities such as auditing the effect of a marketing campaign.

● Legitimate interests

We may furthermore process personal data of our customers and potential customers based on our -and your- legitimate business interest to the extent such interest is not overridden by your privacy interests or fundamental rights and freedoms. The legitimate interests that we may rely on for the processing of your personal data are to operate and grow our business, to communicate with you in relation to our services and provide support, to keep our platform updated and relevant, to protect our business and prevent fraud and other prohibited or illegal activities and for due diligence purposes if we choose to sell, transfer or merge (parts of) our business.

● Statutory obligations

When required, we may process your personal data to meet with statutory obligations, such as our obligations arising out of tax laws.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

When you are one of the above, we will need to process your personal data for the following legal grounds:

● executing the agreement that we have with you

We process your personal data, because it is necessary for the execution of our agreement with you, for example to connect you to our customers.

● Consent for auditing a marketing campaign and sharing additional social media data

If you are an influencer, content creator, talent etc we may ask for your consent for auditing a marketing campaign and sharing specific information in relation to (the reach of) your posts, weblogs and vlogs with us. When you give your consent for the sharing of this information, you allow social media channels such as Facebook and other parties, like Google Analytics, to provide data relating to the amount of views or clicks and other aggregated information about your followers or website visitors (e.g. age, location, interests, language) in relation to your posts or website content. The information we receive is not attributable to individual followers or website visitors yet may contain your personal data (in any case your account name or website URL). The parties providing such information will remain data controllers in relation to the personal data they will process in this respect. TMSgr will only be the data controller for the further processing of your personal data and we will only process such in accordance with this Privacy Statement. If we rely on your consent to process your personal data, you may withdraw your consent at any time by contacting us at [email protected]

● legitimate interests

We may furthermore process personal data of our influencers, content creators, talents etc and of potential ones based on our -and your- legitimate business interests to the extent such interest is not overridden by your privacy interests or fundamental rights and freedoms. The legitimate interests that we may rely on for the processing of your personal data are to operate and grow our business, to communicate with you on our service and provide support, to keep our platform updated and relevant, to protect our business and prevent fraud and other prohibited or illegal activities and for due diligence purposes if we choose to sell, transfer or merge (parts of) our business.

● statutory obligations

When required, we may process your personal data to meet our statutory obligations, such as our obligations arising out of tax laws.

6) How long will your personal data be retained?

YOU

We will not retain your personal data longer than necessary for the purposes for which we have obtained it. In principle, we may retain your personal data up to a maximum of five years upon the ending of our engagement for statistical and administrative reasons, unless we are required to retain your personal data to comply with a statutory obligation.

The data that is being processed via our contact form or contact email address shall be saved as long as the nature of the form or the content of your email is necessary for its full answer and handling.

CUSTOMERS

We will not retain your personal data longer than necessary for the purposes for which we have obtained it. In principle, we may retain your personal data up to a maximum of five years upon the ending of our business relationship, unless we are required to retain your personal data to comply with a statutory obligation.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

We will not retain your personal data longer than necessary for the purposes for which we have obtained it. In principle, we may retain your personal data up to a maximum of five years upon the ending of our business relationship, unless we are required to retain your personal data to comply with a statutory obligation.

7) Who has access to your personal data?

YOU

Service Providers.

Next to that, TMSgr may involve third party service providers who will act as a data processor on our behalf. TMSgr selects its service provides with due care and makes all necessary arrangements with these third parties. In any case, TMSgr will enter into a data processing agreement which includes arrangements on data security to protect your personal data against data breaches. An example of a service provider we use is Google Analytics & Facebook Inc Analytics. Google Analytics is used for analysis of visit and click behavior on our website and gives TMSgr insight into the effectiveness of the website. Based on the results, improvements to the website are made. There is a processing agreement in place with Google Analytics & Facebook Inc Analytics for dealing with the collected data. The data are anonymized as much as possible and are not provided to third parties.

Group Companies.

Persons working at or on behalf of TMSgr may have access to your personal data on a need-to-know basis.

Authorities.

TMSgr may provide your personal data to the competent authorities upon their request to the extent legally required or to the extent this would be necessary to defend TMSgr ‘s rights in legal proceedings or investigations or if TMSgr has a legal obligation to disclose your personal data.

Other Businesses.

TMSgr may provide your personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement.

We will not sell or rent your personal data to third parties.

CUSTOMERS

Our Influencers, content creators, talents etc

TMSgr may provide certain personal data to its influencers, content creators, talents etc in order to provide them with business propositions or in relation to a marketing campaign. When our influencers, content creators, talents etc would further process your personal data, they would do so for their own purposes acting as a data controller. The terms and policies of our customers may apply to such data processing activities.

Service Providers.

Next to that, TMSgr may involve third party service providers who will act as a data processor on our behalf. TMSgr selects its service provides with due care and make all necessary arrangements with these third parties. In any case, TMSgr will enter into a data processing agreement which includes arrangements on data security to protect your personal data against data breaches.

Group Companies.

Persons working at or on behalf of TMSgr may have access to your personal data on a need-to-know basis. TMSgr may further share your personal data with companies within her group of companies.

Authorities.

TMSgr may provide your personal data to the competent authorities upon their request to the extent legally required or to the extent this would be necessary to defend TMSgr ‘s rights in legal proceedings or investigations or if TMSgr has a legal obligation to disclose your personal data.

Other Businesses.

TMSgr may provide your personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement.

We will not sell or rent your personal data to third parties.

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

Our Customers.

TMSgr may provide certain personal data to its customers in order to provide them with business propositions or in relation to a marketing campaign of a customer that you participate in. When our customers would further process your personal data, they would do so for their own purposes acting as a data controller. The terms and policies of our customers may apply to such data processing activities.

Service Providers.

Next to that, TMSgr may involve third party service providers who will act as a data processor on our behalf. TMSgr selects its service provides with due care and makes all necessary arrangements with these third parties. In any case, TMSgr will enter into a data processing agreement which includes arrangements on data security to protect your personal data against data breaches.

Group Companies.

Persons working at or on behalf of TMSgr may have access to your personal data on a need-to-know basis TMSgr may further share your personal data with companies within her group of companies.

Authorities.

TMSgr may provide your personal data to the competent authorities upon their request to the extent legally required or to the extent this would be necessary to defend TMSgr ‘s rights in legal proceedings or investigations or if TMSgr has a legal obligation to disclose your personal data.

Other Businesses.

TMSgr may provide your personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement.

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

We will not sell or rent your personal data to third parties.

8) Are your personal data processed outside the EEA?

Our third-party service providers may be located in countries outside the European Economic Area (EEA) which may not offer an adequate level of protection of personal data. In order to protect your personal data and to live up to our statutory obligations we shall implement additional safeguards, for instance by entering into a data transfer agreement on the basis of the Standard Contractual Clauses as approved by the European Commission prior to engaging service providers outside the EEA.

When necessary, and in the interest of those involved, personal data is shared between our offices in Athens and Cyprus. [We have entered into an intra-group data transfer agreement on the basis of the Standard Contractual Clauses, as approved by the European Commission, with our office in Athens to ensure that your personal data is adequately transferred.

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

9) How is your personal data secured?

We will exercise due care when dealing with your personal data. Amongst other things, this means that we will adopt appropriate technical and organizational measures to secure and protect your personal details against loss and unlawful processing. We protect our systems and applications according to the applicable standards for information security and we also make data processing agreements with our service providers which include obligations to implement adequate security measures.

10) Your rights

You have certain privacy rights in relation to your personal data pursuant to the privacy regulations, such as the right of access, the right of rectification, the right of erasure, the right to restriction of processing, the right to data portability and the right to object. Please find below more details on how and when you can exercise your rights.

YOU

You have the following rights with regard to your personal data:

CUSTOMERS

You have certain privacy rights in relation to your personal data pursuant to the privacy regulations, such as the right of access, the right of rectification, the right of erasure, the right to restriction of processing, the right to data portability and the right to object. Please find below more details on how and when you can exercise your rights.

You have the following rights with regard to your personal data:

In order to exercise your rights please contact us at [email protected]. We aim to respond to your request within one month after receiving such a request. However, this one month term may be extended with two months. In such event, we will inform you within one month after receipt of your request and explain why the extension is necessary. We may ask you in response to your request to identify yourself.

Like any data subject, you will always have the right to issue a complaint with the competent data protection authority in case of violation of the GDPR and other regulations which affects your privacy. The competent authority for the data processing activities described in this Privacy Statement is the Cyprus Data Protection Authority. More information is available on the website at the following link: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument

INFLUENCERS, CONTENT CREATORS, TALENTS, MODELS, BLOGGERS, ART DIRECTORS, STYLISTS, PHOTOGRAPHERS, VIDEOGRAPHERS etc

You have certain privacy rights in relation to your personal data pursuant to the privacy regulations, such as the right of access, the right of rectification, the right of erasure, the right to restriction of processing, the right to data portability and the right to object. Please find below more details on how and when you can exercise your rights.

You have the following rights with regard to your personal data:

11) Contact

If you have any questions concerning the manner in which we process your personal data, about this Privacy Statement, or you wish to invoke your rights, you may contact us at [email protected]

This Privacy Statement may be modified from time to time. We encourage you to check this Privacy Statement regularly so that you are aware of any changes.

This Privacy Statement was last updated in February 2021.