Privacy & Security Policy
Updated April 2018
For all enquiries, contact:
Susi Doherty, Creative Director, Vervate
IF YOU HAVE ANY ENQUIRIES ABOUT OUR PRIVACY & SECURITY PROCEDURES, OR IF YOU HAVE AN ENQUIRY RELATING TO YOUR OWN PERSONAL DATA THAT WE HOLD, PLEASE USE THE CONTACT FORM AND TELL US. WE’LL GET BACK TO YOU ASAP.
When you complete our online Contact Form, we will store it in cloud software called Agile and our email server called Rackspace. Click on their names below for further information about their high levels of security.
Be assured that we absolutely never pass on your details to anyone without your consent. We will also always ask you if it’s ok to contact you with other information when we answer your enquiry.
Photographs are held in the following legislation, which Vervate adhere to:
Photographs are classed as personal data in the GDPR although no guidance has yet been released. Vervate are hoping for further guidance when EU legislation is ratified in the UK in the Autumn of 2018, and will take any appropriate measure then. In the meantime, we are taking all other steps to be GDPR compliant.
Where photographs are taken for a client of Vervate’s (in GDPR speak they are the ‘Controller’), we do so via a contract and Licence to Use. If you have issues about this then please do contact us directly or if you are an employee, refer directly to your employer or HR Department for clarification.
Where a photograph is taken in a public space, Vervate retain the right to own the photograph in lieu of further or differing GDPR legislation.
Where a Vervate Photographer (a ‘sub-processor’) asks you for consent to take your photograph – for instance posing in a shopping centre, then we will take that as consent in lieu of further guidance from GDPR. Such occasions are already under the legislative banner of the DPA. You can also refer any concerns about that to the owner of the space you are in (for example the Shopping Centre).
VERVATE TRUST POLICY: We do therefore have a pertinent Business Interest for taking photographs and processing them, but please do be assured that we take security and your own identity very seriously.
Vervate take images via a contract with one of our client’s (GDPR terms them as the ‘controller’). We are usually allowed in that contract to use various images to market our services. We are always very sensitive about which images we use and don’t use – with the subject of the photo our prime concern. If you see an image of yourself that do not wish to be public, that is credited to Vervate, please contact us. We are likely to refer you to our own client as the controller of the information held about you.
When we have taken a photograph, we will then edit it, transfer it to our client and store it safely. We may also use it to market our services or on a private gallery for clients. Personal data further than just facial or location identification may occur in the title of the photograph (eg your name) or in the Metadata – information about a photograph that explains what it is and is stored ‘behind’ an image – you can view it using software such as Photoshop. This information is really important as it also helps us to keep track of where are photographs have been used and for anyone to find out who took it.
All of our cloud and hard disc drives have double encryption security barrier.
We store paper copies for the legal requirement of 7 years. However, give that we use as little paper as humanly possible, the data is online. Online and external cloud providers* are also secure:
|Rackspace (email provider)||www.rackspace.com/en-gb/information/legal/privacycenter|
|Mailchimp (for our newsletters only)||https://mailchimp.com/legal/|
|WordPress site||Updated every week with security patches
All images are right click disabled and low compression
*These will be updated by Vervate to check on compliance on 24th May 2018
These are sent to the controller as private password protected galleries. The content is live for 30 days only.
The right to data portability applies:
to personal data an individual has provided to a controller;
Eg. Names on images at an event or a shopping centre of people in the background. Currently only image based – indicates location too
where the processing is based on the individual’s consent or for the performance of a contract;
Eg. Names of staff for portraits. On a notepad between commission and office. Then on metadata.
when processing is carried out by automated means
Eg. via Buffer for social media
Right To Erasure, Including Retention And Disposal
Every quarter, we routinely and securely dispose of personal data that is no longer required, in line with the agreed timescales as stated in our contract with the Controller.
This does NOT apply to photographs which we store for business interests. Contact us for any enquiries or concerns.