cropped-black_vervate_full_logo_circle-small.png

VERVATE

Vervate_Logo

Privacy & Security Policy

Updated March 2021

For all enquiries, contact:

Susi Doherty, Creative Director, Vervate, 01273 275162

IF YOU HAVE ANY ENQUIRIES ABOUT OUR PRIVACY & SECURITY PROCEDURES, OR IF YOU HAVE AN ENQUIRY RELATING TO YOUR OWN PERSONAL DATA THAT WE HOLD, PLEASE USE THE CONTACT FORM AND TELL US.  WE’LL GET BACK TO YOU ASAP.

Contacting Vervate

When you complete our online Contact Form, we will store it in our email server called Rackspace.  Click on their names below for further information about their high levels of security.

Be assured that we absolutely never pass on your details to anyone without your consent.  We will also always ask you if it’s ok to contact you with other information when we answer your enquiry.

 

PHOTOGRAPHS

Photographs are held in the following legislation, which Vervate adhere to:

UK Copyright Law

Data Protection Act (DPA)

Photographs are classed as personal data in the UK GDPR although no guidance has yet been released.  In the meantime, we are taking all other steps to be GDPR compliant.

 

Taking Photos

Where photographs are taken for a client of Vervate’s (in UK GDPR speak they are the ‘Controller’), we do so via a contract and Licence to Use.  If you have issues about this then please do contact us directly or if you are an employee, refer directly to your employer or HR Department for clarification.

Where a photograph is taken in a public space, Vervate retain the right to own the photograph in lieu of further or differing GDPR legislation.

Where a Vervate Photographer (a ‘sub-processor’) asks you for consent to take your photograph – for instance posing in a shopping centre, then we will take that as consent in lieu of further guidance from UK GDPR.  Such occasions are already under the legislative banner of the DPA.  You can also refer any concerns about that to the owner of the space you are in (for example the Shopping Centre).

VERVATE TRUST POLICY:  We do therefore have a pertinent Business Interest for taking photographs and processing them, but please do be assured that we take security and your own identity very seriously.

 

Images Online

Vervate take images via a contract with one of our client’s (GDPR terms them as the  ‘controller’). We are usually allowed in that contract to use various images to market our services.  We are always very sensitive about which images we use and don’t use – with the subject of the photo our prime concern.  If you see an image of yourself that do not wish to be public, that is credited to Vervate, please contact us.  We are likely to refer you to our own client as the controller of the information held about you.

 

Image Security

When we have taken a photograph, we will then edit it, transfer it to our client and store it safely.  We may also use it to market our services or on a private gallery for clients.  Personal data further than just facial or location identification may occur in the title of the photograph (eg your name) or in the Metadata – information about a photograph that explains what it is and is stored ‘behind’ an image – you can view it using software such as Photoshop.  This information is really important as it also helps us to keep track of where are photographs have been used and for anyone to find out who took it.

All of our cloud and hard disc drives have double encryption security barrier.

 Personal Data

We store paper copies for the legal requirement of 7 years.  However, give that we use as little paper as humanly possible, the data is online.  Online and external cloud providers* are also secure:

Rackspace (email provider)www.rackspace.com/en-gb/information/legal/privacycenter
Mailchimp (for our newsletters only)https://mailchimp.com/legal/
  
We Transferhttps://wetransfer.zendesk.com/hc/en-us/articles/360000341863-GDPR-compliance
Dropboxwww.dropbox.com/en_GB/security/GDPR
Shootproofhttps://www.shootproof.com/legal/privacy-policy
WP Enginehttps://wpengine.co.uk/support/gdpr-compliance/
WordPress site

Updated every week with security patches

All images are right click disabled and low compression

 

Shootproof Galleries

These are sent to the controller as private password protected galleries.  The content is live for 30 days only.

 

Portability

The right to data portability applies:

to personal data an individual has provided to a controller;

Eg. Names on images at an event or a shopping centre of people in the background.  Currently only image based – indicates location too

where the processing is based on the individual’s consent or for the performance of a contract;

Eg. Names of staff for portraits. On a notepad between commission and office. Then on metadata.

when processing is carried out by automated means

Eg. via Buffer for social media

 

Right To Erasure, Including Retention And Disposal

Every quarter, we routinely and securely dispose of personal data that is no longer required, in line with the agreed timescales as stated in our contract with the Controller.

This does NOT apply to photographs which we store for business interests.  Contact us for any enquiries or concerns.

Want to just email us?

Prefer to talk to a human?