Privacy policy
1. INTRODUCTION
This Privacy Policy sets out how we, David Higham Associates (‘DHA’, ‘we’, ‘us’, ‘our’), collect, use, store and share personal data in connection with our business.
According to UK General Data Protection Regulation (UK GDPR), we are a UK-established data controller and process personal data in accordance with the Data Protection Act 2018, and other applicable UK data-protection laws.
Where we process personal data of individuals located outside the UK, we will also comply with any applicable local data-protection laws, where required.
This Privacy Policy explains:
2. ABOUT US
We are a firm of literary, film and television agents registered in England and Wales under company number 304776. For the purposes of UK data-protection law, David Higham Associates Ltd is the ‘data controller’ of your personal data.
Contacts: Lizzy Kremer (Managing Director); Véronique Baxter, Georgia Glover, Andrew Gordon, Molly Ker Hawn, Alice Howe, Nicky Lund (Directors)
Address: David Higham Associates Ltd, 6th Floor, Waverley House, 7–12 Noel Street, London W1F 8GQ, United Kingdom
Website: davidhigham.co.uk
Email: privacy@davidhigham.co.uk
3. INFORMATION: WHAT KIND AND FROM WHERE?
DHA may collect different kinds of information about you in different ways: personal data that you provide to us when you interact with the agency or our website; data and other information that we collect about you; and information that may be provided to us by third parties.
Information that you provide to us
This means information that you provide to us when you make an enquiry to DHA over the phone, by email, in writing or via our website; submit manuscripts or other content by post, email or via our website; enter into an agreement with us for representation; apply for a job or internship with us; or ‘follow’, ‘like’, post to or interact with a DHA social media account, including X and Instagram, and others we may launch in the future.
The information you provide to DHA may include:
(a) Identity and contact data: title, names and pseudonyms, address(es), email address(es) and phone numbers;
(b) Financial and contract data: if we represent you, you may also provide us with your bank details, VAT and tax information, immigration and residency information, existing contracts (and related correspondence) with publishers or other licensees of your work; and
(c) Employment and background data: if you are submitting a manuscript for review or a job application, you may also provide additional information about your academic and work history, qualifications, skills, references, proof of your entitlement to work in the UK, your national security number, passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
Information we may collect about you
(a) Correspondence: we may collect information contained in any correspondence between us. For example, if you contact DHA using the Permissions form on our website or by email, post or telephone, we may keep a record of that correspondence;
(b) Website: we may collect information about your interactions with the website, including information such as login data, IP address and page views;
(c) Technical data: we may also collect certain information about how you use our website. This information may be collected by a third-party website analytics provider on our behalf and/or may be collected using cookies (see paragraph 6 below) or similar technologies; and
(d) Travel preferences: in certain circumstances we may collect and distribute to relevant overseas publishers details about your travel and accommodation preferences, for example in the event of an overseas publicity tour.
Information we receive from third parties
In certain circumstances, we will receive information about you from third parties. For example:
(a) Employers, recruitment agencies and referees: if you are a job applicant we may contact your recruiter, current and former employers and/or referees to provide information about you and your application;
(b) Publishers and other licensees of your work: if we represent you, you will normally authorise us to receive information about you from your previous agents (if applicable), publishers and other licensees such as information about your contracts, performance, royalties and other payments;
(c) Third parties who can verify submitted information: if you submit a manuscript to us for our review, we may use third-party providers to verify the information that you provide to us in connection with that submission – for example, IP or bibliographic databases or websites (e.g. NielsenIQ BookScan, Amazon) to confirm your publication or sales history;
(d) Website security: we may collect information from our website security service partners about any misuse to the website or the introduction of any other material or action that is malicious or harmful.
We may also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
4. INFORMATION: USAGE & LAWFUL BASES
We will use your information for the purposes listed below either on the basis of our performance of the terms of representation agreed between us and the provision of our services to you; your consent (where we request it); where we need to comply with a legal or regulatory obligation; or our legitimate interests or those of a third party.
We will only use your personal data where UK GDPR permits us to do so. Most commonly, we will use your personal data on one or more of the following lawful bases:
We use your information for the following purposes:
(a) To provide access to our website in a manner convenient and optimal which may include sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner, and that requests such as Permissions applications or Submissions are processed in a timely manner);
(b) To manage our relationship with you, which will include notifications about changes to our Terms & Conditions or Privacy Policy (on the basis of complying with our legal obligations and our legitimate interest to keep our records updated and study how our website and services are used);
(c) To conduct business with you and facilitate our business relationship with you if you are a client, including the administration of your contract with us and any contracts with third parties when we represent you on such contracts (on the basis of our legitimate interest in maintaining our business contracts; on the basis of performing our contract with you);
(d) To process any job applications you submit to us, whether directly or via an agent or recruiter including sharing this with a third-party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
(e) To interact with users on social media platforms including X, Instagram and others we may have accounts with in the future, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);
(f) To carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of services to our website users);
(g) To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);
(h) To enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our ‘legitimate interest’, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in personalising, modifying or otherwise improving the services and/or communications that we provide to you; detecting and preventing fraud and operating a safe and lawful business; or improving the security and optimisation of our network, sites and services.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests do not automatically override yours, and we will not use your information if we believe your interests should override ours, unless we have other grounds to do so (such as your consent or a legal obligation). You have the right to object to this processing as explained in paragraph 9 below.
5. INFORMATION: SHARING
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information only when relevant and necessary with third parties such as:
(a) Our service providers: third parties we work with to deliver our business (including, for example, our website hosts Eprefix and our database provider Bradbury Phillips);
(b) Publishers, licensees, sub-agents, advisors and service companies: if we represent you, any publishers or other licensees of your work (or prospective publishers and licensees) as well as sub- or co-agents, advisors (such as your solicitor or accountant) and editorial service providers, where applicable.
(c) Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
(d) Any other third parties (including legal or other advisors, regulatory authorities, HMRC, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect your information from unauthorised access or processing. Where third parties process personal data on our behalf, they do so under written contracts which require them to:
6. COOKIES
We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website.
If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies please visit www.aboutcookies.org. Please note that, if you do set your internet browser to reject cookies, you may not be able to access all of the functions of the website.
Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We do not control these third-party sites or cookies and this Privacy Policy does not apply to them. Please consult the Terms & Conditions and/or Privacy Policy of the relevant third-party site to find out how that site collects and uses your information.
7. INFORMATION: SECURITY & RETENTION
We always aim to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
(a) ensuring the physical security of our offices;
(b) ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
(c) maintaining a data protection policy for, and delivering data protection training to, our employees; and
(d) limiting access to your personal information to those in our company who need to use it in the course of their work.
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or research or for reference if we think your work may be of interest to us in the future, for example:
Retention periods vary depending on the nature of the data and our relationship with you. Where personal data is no longer required, it will be securely deleted or anonymised.
8. INFORMATION: TRANSFER OVERSEAS
We are based in the United Kingdom. In the course of our business, we may transfer personal data to recipients located outside the UK, including publishers, licensees, sub-agents, service providers and professional advisers.
Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place as required by UK GDPR, including:
(a) transfers to countries recognised by the UK government as providing an adequate level of protection;
(b) use of UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses, where applicable; and
(c) other lawful mechanisms permitted under UK GDPR.
We do not rely on the EU–US Privacy Shield, which is no longer valid under UK law.
9. INFORMATION: YOUR RIGHTS
Under UK GDPR, you have the following rights in relation to your personal data:
(a) the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
(b) the right to ask us not to process your personal data for marketing purposes;
(c) the right to request access to the information that we hold about you;
(d) in certain circumstances, the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider);
(e) the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
(f) the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Policy;
(g) the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests) and there is something about your particular situation which makes you want to object to processing on this ground;
(h) in certain circumstances, the right to ask us to limit or stop processing information about you, or erase information we hold about you; and
(i) the right to lodge a complaint about us to the UK Information Commissioner’s Office (see below), as well as with the relevant authority in your country of work or residence.
(j) the right to data portability, where processing is based on consent or contract and carried out by automated means;
(k) the right not to be subject to a decision based solely on automated processing, including profiling, where that decision has legal or similarly significant effects (we do not currently carry out such processing).
Supervisory authority
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
www.ico.org.uk
If you are located outside the UK, you may also have the right to complain to your local data protection authority.
10. HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Policy and we will comply with your requests unless we have a lawful reason not to do so.
We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
11. THIRD-PARTY LINKS
The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. CHANGES TO THIS PRIVACY POLICY & YOUR DATA
We may make changes to this Privacy Policy from time to time and will post any changes to our website. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Privacy Policy was updated on 28 January 2026 and applies from that date.