Get a Quote

Privacy Policy

Effective Date: 1st January 2026

1. Introduction

Welcome to Onside Productions. We respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and when you use our CrewCall freelancer portal. It also tells you about your privacy rights and how the law protects you.

Onside Productions is the Data Controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this policy).

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, last name, and professional roles/qualifications.

  • Contact Data: Email address, telephone numbers, and physical address.

  • Logistics & Operational Data: Employment status (Self-Employed vs. Limited Company), daily fee rates, car registration (for site access/parking), and system availability/unavailability dates.

  • Emergency Contact Data: Next of kin name and telephone number (collected strictly for Health & Safety purposes while you are on site).

  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, and operating system used to access our portal.

  • Usage Data: Information about how you use our website, the CrewCall portal, and interactive project resource links (e.g., SharePoint/Dropbox links).

3. How We Collect Your Data

We use different methods to collect data from and about you, including:

  • Direct interactions: You may give us your Identity, Contact, and Logistics data by filling in forms (such as the CrewCall Registration Form) or by corresponding with us by post, phone, email, or otherwise.

  • Automated technologies: As you interact with our portal, we automatically collect Technical Data about your equipment, browsing actions, and patterns using secure session cookies.

4. How We Use Your Data & Our Legal Basis

Under UK GDPR, we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Performance of a Contract: To register you as a new freelancer, issue Letters of Engagement (LOEs), manage project crewing, and process your fees.

  2. Legitimate Interests: To run our business, provide administration and IT services, prevent fraud, and ensure the security of the CrewCall portal.

  3. Legal Obligation: To comply with tax, accounting, and health & safety laws (including holding your emergency contact details while you are actively deployed on a project).

  4. Consent: When you explicitly opt-in during the signup process to allow us to hold your profile for future crewing opportunities.

  5. Detailed description of the order subject with regard to the nature and purpose of the Contractor’s tasks:
    • Occasional processing of passport details for travel and accommodation bookings
    • Occasional processing of personal data required for Visa and A1 applications
    • Occasional processing of National Insurance details, citizenship, employment status and financial/payment information as appropriate for calculation of foreign Social Security contributions
    • Occasional processing of passport and citizenship details for Visa and Workers Authorisation purposes
    • Inclusion in itineraries (online and off-line)
    • Inclusion of contact information in crew and production schedules, contact sheets, call sheets etc.
    • The below mentioned data listed under (4) Type of Data may be shared with event production staff for job specific visa, travel and workers authorisation requirement purposes
    The contractually agreed data processing is carried out in the United Kingdom or a jurisdiction within the European Economic Area or the United States of America, due to the Contractor’s head office being based there. Any transfer to the USA will have a valid adequate transfer mechanism in place.
    Any transfer to any other third party countries will have a valid adequate transfer mechanist in accordance with the Data Protection Laws, including (but not limited to) a transfer mechanism that:
    – is confirmed by an adequacy decision from the European Commission (Article 45 (3) GDPR);
    – is achieved with binding corporate rules (Articles 46(b) and 47 GDPR);
    – is achieved with standard data protection clauses approved by the European Commission or the Information Commissioner’s Office (Article 46 GDPR);
    – is achieved with approved codes of conduct (Article 46 (2) (e) in conjunction with Article 40 GDPR);
    – is achieved with an approved certification mechanism (Article 46 (2) (f) in continuation with 42 GDPR).
    – is achieved with other measures permitted by the Data Protection Laws (including those at Article 46(2)(a), (3)(a) and (b) GDPR).

5. Disclosures of Your Personal Data

We do not sell your personal data. We may share your data with trusted third-party service providers acting as Data Processors who require access to operate our business efficiently. These include:

  • Intuit (QuickBooks Online): For accounting, invoicing, client management, and payment processing.

  • Postmark: For the secure delivery of transactional emails (e.g., job invites, password resets, LOEs).

  • Cloud Storage Providers (e.g., Microsoft SharePoint / Dropbox): Used for hosting project resources (Call Sheets, Risk Assessments) that you access via the portal.

  • IT & Hosting Providers: Companies that securely host our servers and database infrastructure.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. This includes:

  • Encrypting all user passwords using industry-standardbcrypt hashing.

  • Enforcing secure, encrypted, and HTTP-only sessions to prevent cross-site scripting (XSS).

  • Implementing Rate Limiting to prevent brute-force login attacks.

  • Restricting database access strictly to internal, authenticated server connections.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

By law, we must keep basic information about our freelancers and financial transactions (including Contact, Identity, Financial, and Transaction Data) forsix years after they cease being active for tax and accounting purposes.

8. Your Legal Rights

Under the UK General Data Protection Regulation (UK GDPR), you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data (Data Subject Access Request).

  • Request correction of the personal data that we hold about you (you can do this directly within the CrewCall portal via the “Edit Profile” button).

  • Request erasure of your personal data (the “Right to be Forgotten”). You can request this via the portal, and we will delete your profile unless we have a superseding legal or accounting obligation to retain specific records.

  • Object to processing of your personal data.

  • Request restriction of processing of your personal data.

  • Request the transfer of your personal data to you or a third party.

  • Withdraw consent at any time where we are relying on consent to process your personal data.

9. Cookies

The CrewCall portal uses secure, strictly necessary session cookies to keep you logged in and to protect your account from unauthorized access. We do not use third-party tracking or advertising cookies on the portal. You can set your browser to refuse all or some browser cookies, but doing so will prevent you from logging into the portal.

10. Contact Us & Complaints

If you have any questions about this privacy policy or our privacy practices, please contact our team at:

Email address: [email protected]

Postal address: Unit 29, Milnhay Business Park, Milnhay Road, Langley Mill, NG16 4HZ

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None