The Creator Collective – Data Protection Policy
Last updated: 1 August 2025
Purpose
The purpose of this policy is to ensure that The Creator Collective handles personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all personal data we collect, store, and process from content creators, clients, and other contacts.
Scope
This policy applies to:
All employees, contractors, and third-party service providers acting on behalf of The Creator Collective.
All personal data processed by the business, whether in electronic or paper form.
Definitions
Personal data: Any information relating to an identifiable person, including name, contact details, social media handles, demographic information, and payment details.
Processing: Any activity involving personal data, including collection, storage, use, disclosure, and deletion.
Data subject: The individual whose personal data we process (e.g. a creator or client).
Data Protection Principles
The Creator Collective will ensure that personal data is:
  • Processed lawfully, fairly, and transparently
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept no longer than necessary
  • Processed securely, with appropriate technical and organisational measures in place
Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
  • Consent – for example, when creators opt in to join our panel
  • Contract – to fulfil agreed research services for clients
  • Legitimate interests – for business operations and relationship management
  • Legal obligation – to comply with applicable laws and regulations
Types of Personal Data Collected
We may collect:
  • Full name and contact details
  • Social media handles and platform information
  • Demographic details (e.g. location, audience profile)
  • Research participation records
  • Payment details for incentive processing
  • Any content submitted for research purposes (e.g. videos, images, text)
How We Use Personal Data
We use personal data to:
  • Recruit and manage creators for research projects
  • Match creators to relevant opportunities
  • Communicate about research activities
  • Deliver and analyse research outputs
  • Process incentive payments
  • Comply with legal and regulatory requirements
Data Storage and Security
Personal data is stored securely on encrypted, password-protected systems
  • Access to personal data is limited to authorised personnel only
  • Cloud storage providers are UK/EU-based or comply with UK GDPR requirements for international transfers
  • Paper records (if any) are kept in locked storage and securely destroyed when no longer needed
Data Retention
  • Creator and client data is retained for a maximum of 3 years after the last interaction, unless required for legal purposes
  • Payment records are retained for 6 years to comply with tax obligations
  • Data is securely deleted when no longer required
Data Sharing
We only share personal data where necessary and with appropriate safeguards in place, including:
  • Research platforms and tools (e.g. survey software, video conferencing)
  • Professional service providers (e.g. accountants, legal advisors)
  • Clients (only anonymised or consented data relevant to the project)
Data Subject Rights
Under UK GDPR, data subjects have the right to:
  • Access their personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
Requests should be sent to hello@thecreatorcollective.global. We will respond within 30 days.
Data Breach Management
  • Any suspected data breach will be reported to the Data Protection Lead immediately
  • We will investigate, contain, and assess the breach
  • If required, we will notify the ICO within 72 hours and affected individuals without undue delay
Roles and Responsibilities
  • Data Protection Lead: Responsible for ensuring compliance with this policy and acting as the point of contact for data protection matters.
  • All personnel: Responsible for following this policy and safeguarding personal data.
Policy Review
This policy will be reviewed annually or sooner if required by changes in law or business operations.
Contact: The Creator Collective Email: hello@thecreatorcollective.global 20 Goodwood Way, Chippenham, SN14 0SY

by Joanne Rodger