Last updated: 05 January 2025

ES:ME Entertainment Services (“ES:ME”, “we”, “us”) is committed to protecting the personal and business data shared with us by clients, suppliers, freelancers, contractors, and job applicants.
These guidelines explain what information we collect, how we use it, how we store it, and the rights of individuals and companies whose data we process.

This policy follows GDPR-style principles, applied in a practical way suitable for our operations in Qatar, the United Arab Emirates, and the Kingdom of Saudi Arabia.

1. Who this policy applies to

This policy applies to:

• Clients and client representatives

• Suppliers and partner companies

• Freelancers and contractors

• Job applicants

It covers data submitted directly to ES:ME in connection with business, projects, payments, compliance, or recruitment.

2. Types of data we collect

Depending on the relationship, ES:ME may collect and process the following information:

a) Identity & business information

• Company name

• Trade licence / commercial registration

• VAT or tax registration numbers

• Passport or ID copies (where legally required)

• Registered or operational address

b) Contact details

• Email addresses

• Telephone or WhatsApp numbers

• Emergency contact details (for freelancers and crew only)

c) Financial information

• Bank account details

• IBAN / SWIFT codes

• Invoices and payment records

d) Operational and compliance data

• CVs and professional profiles

• Technical certifications (e.g. rigging, rope access, engineering)

• Insurance documents

• Site access and crew documentation required by venues or authorities

We only collect data that is necessary for legitimate business, legal, or operational purposes.

3. How data is collected

Data is usually collected through:

• Email correspondence

• Online forms (Microsoft Forms or ES:ME website forms)

• WhatsApp or similar messaging platforms

• Shared folders (Microsoft SharePoint)

4. Purpose of data processing

We use data strictly for legitimate business purposes, including:

• Project planning and execution

• Contracting and engagement of suppliers and freelancers

• Payment processing and accounting

• Legal, tax, and regulatory compliance

• Health, safety, and site access requirements

• Recruitment and assessment of applicants

We do not collect or process data for unnecessary or unrelated purposes.

5. Data storage and security

Data is stored using secure systems, including:

• Microsoft 365 and SharePoint

• Local company-issued devices (laptops)

• Accounting and finance systems (e.g. Xero or similar)

• CRM and communication platforms (e.g. ActiveCampaign)

Access is restricted to authorised personnel only and protected through:

• Password protection

• Role-based access controls

• Internal confidentiality obligations

ES:ME takes reasonable technical and organisational measures to protect data against unauthorised access, loss, or misuse.

6. Internal access to data

Access to data is limited to:

• Management

• Finance and accounts teams

• HR and administration

• Project management teams (on a need-to-know basis)

• External accountants or auditors (where required)

All access is limited to what is necessary for the relevant role.

7. Data sharing with third parties

Data may be shared only when necessary and legally required, including with:

• Banks (for payment processing)

• Tax authorities (as required by law)

• Government portals (visas, permits, compliance submissions)

• Insurance providers (as required)

• Clients or venues (e.g. crew lists, access approvals)

We do not sell data and do not share it with third parties for marketing purposes.

8. Marketing and communications

• Submitted data is not used for marketing without consent

• Communications are primarily operational (projects, payments, compliance)

• Any marketing communication is limited to ES:ME’s own services

• Recipients always have the option to opt out

ES:ME does not share contact data with third-party marketers.

9. Data retention

ES:ME retains data only for as long as necessary, in line with business needs and legal requirements in Qatar, UAE, and KSA.

Indicative retention periods:

• Financial and accounting records: up to 7–10 years, as required by law

• Freelancer and supplier records: up to 5 years after last engagement

• Job applicant data: up to 2 years, unless consent is given for longer retention

• Inactive contacts: reviewed and deleted periodically where no longer required

Data is securely deleted or anonymised once it is no longer needed.

10. Data subject rights

Where applicable, individuals and company representatives may request:

• Access to their data

• Correction of inaccurate data

• Deletion of data (where legally permissible)

• Restriction of processing

Requests will be assessed in line with legal and operational obligations.

11. Contact

For any questions or requests relating to data protection, please contact:

Email: info@es-me.net
Company: ES:ME Entertainment Services