top of page

Privacy policy


We are WIMP Ltd (“we” or “us”), a company registered in england and wales. Our company registration number is 12982154.

We are committed to protecting your personal data. This privacy policy gives you detailed information on when we collect your personal data, how we use it and how we keep it secure.

Our responsibilities

For the purpose of the applicable data protection legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers and people comply with data protection legislation in relation to the personal data we handle.

We require our people to comply with this privacy policy and our data protection policy when dealing with personal data.

We take personal data breaches very seriously and are required to notify the information commissioner’s office in the event of such a breach.

When using, collecting and disclosing personal data, we follow the key data protection principles.

We have policies, procedures and records to demonstrate compliance with the principles as further detailed in our data protection policy.

How we collect, use and disclose your personal data.

Generally, we collect your personal data when you interact with us (for example, when entering into a relationship with us as model, or client or as one of our people). However, from time to time we also need to collect personal data from other third parties in connection to our relationship with you:

Examples are set here:

Model (including prospective model)
Types: information such as name, contact details, financial information, national insurance numbers, images/photographs. Collection: from application forms, via emails from clients, from publicly available sources such as magazines and social media.
Purpose: for management purposes, assessing eligibility, fulfilling legal obligations, pictures may be used for marketing.
Disclosure: to third party services who support the operation of the business. To our talent for the purposes of fulfilling our contractual obligations. To clients for the purposes of fulfilling contractual obligation. We shall only transfer personal data to third parties which is limited to the relevant purpose and is adequately protected.
Retention period: 10 years and not for longer than is necessary. We shall keep all personal data up to date and shall immediately and permanently delete any personal data which is not necessary for the purpose.

Client (including prospective client)
Types: information such as name, business, payment details
Collection: when you contact us via email or telephone, via a particular assignment, via third parties such as publicly available sources.
Purpose: for relationship managing and as required by the law. Disclosure: to third party services who support the operation of the business. To our talent for the purposes of fulfilling our contractual obligations. We shall only transfer personal data to third parties which is limited to the relevant purpose and is adequately protected
Retention period: 8 years and not for longer than is necessary. We shall keep all personal data up to date and shall immediately and permanently

Our people
Types: personal data such as name, employment history, background, financial information, identification.
Collection: from cvs, background checks, notes and records kept. Purpose: human resources admin, training and potentially marketing.
Disclosure: to third party services who support the operation of the business. To our talent for the purposes of fulfilling our contractual obligations. To clients for the purposes of fulfilling contractual obligation. We shall only transfer personal data to third parties which is limited to the relevant purpose and is adequately protected.
Retention period: 6 years and not for longer than is necessary. We shall keep all personal data up to date and shall immediately and permanently

Your rights

Personal data must be processed in line with an individual’s rights, including the right to:
*request a copy of their personal data *request that their inaccurate personal data is corrected *request that their personal data is deleted and destroyed when causing damage or distress *opt out of receiving electronic communications from us.

Should you wish to make request in line please contact


Information security is a key element of data protection. We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. Our policy and approach to information security is contained within our data protection policy.

Changes to our privacy policy

Any changes we make to this privacy policy in the future will be posted on this page and where appropriate sent to you via e-mail. Please check back frequently.

Data protection policy

WIMP Ltd needs to gather and use certain information about individuals.

These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection and comply with the law.

Policy scope

This policy applies to:
*the office of WIMP Ltd
*all staff and volunteers of WIMP Ltd
*all contractors, suppliers and other people working on behalf of WIMP Ltd

It applies to all data that the company holds relating to identifiable individuals even if that information technically falls outside of the data protection act 1998 and can include; names of individuals, postal addresses, email addresses, telephone numbers and any other information relating to individuals.

Data protection risks

This policy helps to protect WIMP Ltd from data security risks including; breaches of confidentiality . For instance, information being given out inappropriately. Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them. Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.


Everyone who works for or with WIMP Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.

Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

The directors are ultimately responsible for ensuring that WIMP meets its legal obligations.

The directors will deal with any subject access requests.

WIMP Ltd alongside their software provider ensure all systems and equipment used for storing data meet acceptable security standards.

General staff guidelines

*the only people able to access data covered by this policy should be those who need it for their work
*data should not be shared informally. When access to confidential information is required, employees can request it from the directors.
*WIMP will provide training to employees to help them understand their responsibilities when handling data.
*employees should keep all data secure, by taking sensible precautions and following the guidelines below.
*in particular, strong passwords must be used and they should never be shared.
*personal data should not be disclosed to unauthorised people either within the company or externally.
*data should be reviewed and updated if it is found to be out of date. If no longer required it should be deleted and disposed of.
*employees should request the help of the directors if they are unsure about any aspect of data protection.

Data storage

These rules describe how and where data should be safely stored.

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.

These guidelines also apply to data that is usually stored electronically

*when not required, the paper or files should be kept in a locked drawer or filing cabinet.
*employees should make sure paper and printouts are not left any where unauthorised people could see them, like on a printer.
*data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts

*data should be protected with strong passwords that are changed regularly and never shared between employees.
*if data is stored on removable media (like an external hard drive) this should be kept locked away when not being used.
*data should only be stored on designated drivers and servers.
*servers containing personal data should be sited in a secure location, away from general office space.
*data should be backed up frequently. Those back-ups should be tested regularly.
*data should never be saved directly on to laptops, smart phones or other portable devices.
*all servers and computers containing data should be protected by approved security software and a firewall.

Data use

Personal data is of no value to WIMP unless the business can make use of it. However, it is when personal data is accessed and used that it can be the greatest risk of loss, corruption or theft.

*when working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
*personal data should not be shared informally. In particular, it should never be sent by email as this form of communication is not secure.
*data must be encrypted before being transferred electronically.
*personal data should never be transferred outside the european economic area.
*employees should not save copies of personal data to their own computers.

Data accuracy

The law require WIMP to take reasonable steps to ensure data is kept accurate and up to date.

The more important it is that the personal data is accurate, the greater the effort WIMP should put in to ensuring its accuracy.

It is the responsibilities of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

*data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
*staff should take every opportunity to ensure data is updated. For instance, by confirming a customers details when they call.
*WIMP will make it easy for data subjects to update the information WIMP holds about them. For instance, via the company website.
*data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number it should be removed from the database,
*all marketing databases should be checked against industry suppression files every 6 months.

Subject access requests

All individuals who are the subject of personal data held by WIMP are entitled to:

*ask what information the company holds about them and why
*ask how to gain access to it
*be informed how to keep it up to date
*be informed how the company is meeting its data protection obligations.

If an individual contacts the company requesting this information this is called a subject access request. These should be made by email to the directors. Individuals will be charged £10 per subject access request. The information will be provided within 14 days. The identity of anyone making a subject access request will always be verified before handing over any information.

Disclosing data for other reasons

In certain circumstances, the data protection act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, WIMP will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Providing information

WIMP aims to ensure that indviduals are aware that their data is being processed and that they understand:

*how the data is being used
*how to exercise their rights

To these ends, the company has a privacy policy available above and also on request.

Website terms


*the website is owned by WIMP Ltd (the “company”). The company registration number is 12982154.

WIMP Ltd (“we or us”) place great importance on visitor privacy and the security of all guests visiting ("The website"). We are dedicated to protecting your personal information under the data protection act 1998 and this privacy policy describes how we work to maintain your trust.

By accessing or using the website you agree to the terms of this policy. If you do not agree to any of these terms please do not use this website.

This policy only applies to data collected on the website and does not apply to websites of affiliated companies.

We reserve the right to modify the policy at any time. Any future changes will be posted on the website and, where appropriate, notified by e-mail.

You are responsible for regularly reviewing the policy or any updates and/or changes to out policy.

Information we collect

We collect personal information provided to us directly by you such as when you apply to become a model, place a booking, e-mail us, authenticate an order or request information from us.

By providing us with your details you agree that we may send you marketing and promotional material, or other information about our products and services.

You may choose to stop receiving communications from us at any time either via email or via the unsubscribe option.

We do not use cookies.

The information you provide us will be held on our computers and may be accessed by or given to our staff.

We endeavour to protect personal information under our control in order to prevent the loss, misuse, unauthorised access, disclosure or alteration of your information. Unfortunately, the transmission of information via the internet is not completely secure. Although we will take reasonable steps to protect your personal data we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. See our data protection policy.

Links to other websites

The website may contain links to other websites that are owned and operated by third parties. Even if the third party is affiliated with us we have no control over these linked websites, all of which have separate privacy and data collection practices. Please be aware that we cannot guarantee or be responsible for the data collection practices of such other websites. We encourage you to read the privacy statements for those linked websites.

Privacy of children

Privacy of children the website is not designed for or directed to children. As such, we do not intend to collect and will not knowingly collect any personal information from children below the age of 16 without parental consent. If you are under 16 you must ask your parent or guardian before you send any information to us or ask us to e-mail anything to you. By sending us any information or asking us to send you information you are confirming that you have received the informed consent of your parent or guardian. Parents are encouraged to review their children’s e-mail and internet activities to ensure that the website is being used by their child in accordance with parental consent and this policy.


*information on this website does not constitute an offer or solicitation to conduct modelling business in any jurisdiction. It is your responsibility to inform yourself about and observe any applicable laws relating to modelling.
*information on the website has been obtained from sources which we believe to be reliable and accurate.
*the company is not responsible for the accuracy of the information contained within the website provided by third parties. *while the company endeavours to ensure that the information on the website is correct, the company does not warrant the accuracy and completeness of the material on the website. The company may make changes to the material on the website, at any time without notice. The material on the website may be out of date, and the company makes no commitment to update such material.
*the material on the website is provided “as is” without any conditions, warranties or other terms of any kind. Accordingly, to the maximum extent permitted by law, the company provides you with the website on the basis that the company excludes all representations, warranties, conditions and other terms including purpose and the use of reasonable care and skill which, but for these terms, might have effect in relation to the website.


*the company, any other party (whether or not involved in creating, producing, maintaining or delivering the website), and any of the company’s group companies and the officers, directors, employees, shareholders or agents of any of them, exclude all liability and responsibility for any amount or any kind of loss or damage that may result to you or a third party in connection with the website in any way or in connection with the use, inability to use or the results of use of the website, any websites linked to the website or the material on such websites, including but not limited to loss or damage due to viruses that may infect your computer equipment, software, data or other property on account of your access to, use of, or browsing the website or your downloading of any material from the website or any websites linked to the website (including without limitation, any direct loss or damages of income, profits, goodwill, data, contracts, use of money, or loss or damages arising from or connected in any way to business interruption, and whether in tort (including consequential loss or damages).

*the company does not warrant that functions contained in the website content will be uninterrupted or error free, that defects will be corrected or that the website’s server is free of viruses, worms, trojans or bugs.

© 2021 WIMP Ltd all rights reserved  terms and conditions privacy policy

bottom of page