1. Introduction

New Erra Entertainment Presents Ltd is a premier entertainment company dedicated to producing and promoting world-class events that celebrate African culture and foster connections through the power of entertainment. We are committed to breaking boundaries and fostering connections through the power of entertainment, rooted in the principles of diversity and equality.

2. Purpose

This Data Protection Policy outlines our commitment to protecting the personal data of our employees, clients, artists, partners, and other stakeholders. We aim to ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Scope

This policy applies to all personal data processed by New Erra Entertainment Presents Ltd, including data related to employees, clients, artists, partners, and any other individuals whose personal data we handle.

4. Data Protection Principles

We adhere to the following principles when processing personal data:

• Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

• Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

• Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

• Accuracy: Personal data shall be accurate and, where necessary, kept up to date.

• Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

• Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

5. Legal Basis for Processing

We will process personal data only when there is a lawful basis for doing so, which may include:

• Consent: The data subject has given clear consent for processing their personal data for a specific purpose.

• Contractual Necessity: Processing is necessary for the performance of a contract with the data subject or to take steps at their request before entering into a contract.

• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by the data subject’s rights and interests.

6. Data Subject Rights

Individuals have the following rights regarding their personal data:

• Right to Access: The right to request access to their personal data and information about how it is processed.

• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.

• Right to Erasure: The right to request the deletion of their personal data in certain circumstances.

• Right to Restrict Processing: The right to request the restriction of processing in certain circumstances.

• Right to Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

• Right to Object: The right to object to processing based on legitimate interests or direct marketing.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Access Controls: Restricting access to personal data to authorized personnel only.

• Data Encryption: Using encryption technologies to protect personal data during storage and transmission.

• Regular Audits: Conducting regular audits and assessments of our data processing activities and security measures.

8. Data Breach Response

In the event of a data breach, we will promptly assess the risk to individuals’ rights and freedoms and, if necessary, report the breach to the Information Commissioner’s Office (ICO) within 72 hours. Affected individuals will be informed without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

9. Third-Party Processors

We ensure that any third parties processing personal data on our behalf do so in a manner consistent with this policy and have appropriate safeguards in place. We will enter into data processing agreements with such third parties as required by law.

10. Training and Awareness

We provide regular training to our employees and contractors on data protection principles and practices to ensure compliance with this policy and applicable laws.

11. Policy Review

This policy will be reviewed annually or when significant changes occur to ensure its effectiveness and compliance with applicable laws and regulations.

12. Contact Information

For any questions or concerns regarding this Data Protection Policy or our data processing practices, please contact:

Data Protection Officer

New Erra Entertainment Presents Ltd

[Contact Details]

13. Approval

This Data Protection Policy is approved and endorsed by the Managing Director of New Erra Entertainment Presents Ltd.

Signed:

[Managing Director’s Name]

Managing Director

Date: [Date]