Privacy & Security Policy
For all enquiries: [email protected]
IF YOU HAVE ANY ENQUIRIES ABOUT OUR PRIVACY & SECURITY PROCEDURES, OR IF YOU HAVE AN ENQUIRY RELATING TO YOUR OWN PERSONAL DATA THAT WE HOLD, PLEASE USE THE CONTACT FORM AND TELL US. WE’LL GET BACK TO YOU ASAP.
Contacting Vervate
When you complete our online Contact Form, we will store it in our email server called Rackspace. Click on their names below for further information about their high levels of security.
Be assured that we absolutely never pass on your details to anyone without your consent. We will also always ask you if it’s ok to contact you with other information when we answer your enquiry.
PHOTOGRAPHS
Photographs are held in the following legislation, which Vervate adhere to:
Photographs are classed as personal data in the UK GDPR although no guidance has yet been released. In the meantime, we are taking all other steps to be GDPR compliant.
Taking Photos
Where photographs are taken for a client of Vervate’s (in UK GDPR speak they are the ‘Controller’), we do so via a contract and Licence to Use. If you have issues about this then please do contact us directly or if you are an employee, refer directly to your employer or HR Department for clarification.
Where a photograph is taken in a public space, Vervate retain the right to own the photograph in lieu of further or differing GDPR legislation.
Where a Vervate Photographer (a ‘sub-processor’) asks you for consent to take your photograph – for instance posing in a shopping centre, then we will take that as consent in lieu of further guidance from UK GDPR. Such occasions are already under the legislative banner of the DPA. You can also refer any concerns about that to the owner of the space you are in (for example the Shopping Centre).
VERVATE TRUST POLICY: We do therefore have a pertinent Business Interest for taking photographs and processing them, but please do be assured that we take security and your own identity very seriously.
Images Online
Vervate take images via a contract with one of our client’s (GDPR terms them as the ‘controller’). We are usually allowed in that contract to use various images to market our services. We are always very sensitive about which images we use and don’t use – with the subject of the photo our prime concern. If you see an image of yourself that do not wish to be public, that is credited to Vervate, please contact us. We are likely to refer you to our own client as the controller of the information held about you.
Image Security
When we have taken a photograph, we will then edit it, transfer it to our client and store it safely. We may also use it to market our services or on a private gallery for clients. Personal data further than just facial or location identification may occur in the title of the photograph (eg your name) or in the Metadata – information about a photograph that explains what it is and is stored ‘behind’ an image – you can view it using software such as Photoshop. This information is really important as it also helps us to keep track of where are photographs have been used and for anyone to find out who took it.
All of our cloud and hard disc drives have double encryption security barrier.
Personal Data
We store paper copies for the legal requirement of 7 years. However, give that we use as little paper as humanly possible, the data is online. Online and external cloud providers* are also secure:
Rackspace (email provider) | www.rackspace.com/en-gb/information/legal/privacycenter |
Mailchimp (for our newsletters only) | https://mailchimp.com/legal/ |
We Transfer | https://wetransfer.zendesk.com/hc/en-us/articles/360000341863-GDPR-compliance |
Dropbox | www.dropbox.com/en_GB/security/GDPR |
Shootproof | https://www.shootproof.com/legal/privacy-policy |
WP Engine | https://wpengine.co.uk/support/gdpr-compliance/ |
WordPress site | Updated every week with security patches All images are right click disabled and low compression |
Shootproof Galleries
These are sent to the controller as private password protected galleries. The content is live for 30 days only.
Right To Erasure, Including Retention And Disposal
We routinely and securely dispose of personal data that is no longer required, in line with the agreed timescales as stated in our contract with the Controller.
This does NOT apply to photographs which we store for business interests. Contact us for any enquiries or concerns.