Privacy Policy

1. About This Privacy Policy

1.1. This policy sets out, as a business, how we process data both inside the Business and on the Website. This document is primarily for clients, subscribers, website visitors and people who wish to contact us about our services.

1.2. We are committed to protecting your privacy and complying with our data protection obligations under General Data Protection Regulation 2016/679 (GDPR) and any other applicable legislation within the USA, including the Texas Data Privacy and Security Act (TDPSA) and other relevant legislation around data privacy.

1.3. When you interact with us or use the Website, we act as the data controller of your personal data. This means we are responsible for processing and deciding how to use your personal data. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.

2. Contact Information

2.1. If you have any concerns or want further information about our use of data or this policy in general, use the details below to contact us;

Contact Name:	Alyssa Wilkinson
Registered Business Name:	Epoch
US registration as :	Non profit 501C3
Registered Address:	5900 Balcones Drive, Austin, Texas 7873
Website:	Epochworks.com
Email Address:	Alyssa.wilkinson@epochwork.com

3. Who Do We Collect Information From?

3.1. We collect information from;

Visitors to our Website
Subscribers to our email list
Clients/customers
Suppliers and contractors
Contacts (Network)
Individuals whilst providing services to our clients
Individuals who we film on behalf of our clients

4. What Information Do We Collect?

4.1. We collect, store and use the types of personal data set out in the tables at the end of this policy. (Please see the Data Protection Policy and Record keeping policy for employees.)

5. How Will We Use Your Information?

5.1. We will use your personal data for the purposes set out in the table at the end of this policy.

6. How Do We Share Your Personal Data?

6.1. When we share personal data, we do so under the Data Protection Laws. Where necessary, we may share specific personal data with employees, contractors, consultants or advisers to facilitate sales and general commercial purposes.

6.2. We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.

6.3. We also may need to share information externally for legal reasons. These include the HMRC and the police in connection with a police investigation.

7. Sharing Information

7.1. We endeavour to keep as much data within the UK/EU; however, there may be times when this is impossible. Where the platforms we use are outside of the UK or not a country where we have adequacy regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.

7.2. Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.

7.3. A complete list of the information can be requested by email.

8. Where Do We Collect Information?

Website

8.1. The Website may contain links to other websites over which we have no control, usually concerning blogs. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this Website. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.

8.2. The Website does have plugins that we use for third-party platforms.

8.3. We use a number of platforms to deliver our services. For a full list of these, please email us.

Contacts and Clients

8.4. We collect information from contacts and clients (and potential clients) through

Name
Contact details
Contact forms
Emails
Gender
Meetings, trainings
Payment details
Occupation and role details
Age

Suppliers

8.5. We collect information from clients (and potential clients) through

Emails
Address
Contracts
Invoicing
Notes from telephone calls and meetings

9. Your Rights

9.1. We respect your privacy rights and will respond to requests for access or control over information about you under the Data Protection Law. We may require you to verify your identity before we take any action.

9.2. Depending on the reason we have your personal data, you have a right to:

access the personal information we hold about you (commonly known as subject access);

request that we correct or complete personal information we hold about you that is inaccurate or incomplete;

request that we erase your personal information in some circumstances or object to our processing it;

restrict how we use your personal data in certain circumstances;

request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services and

where we have asked for your consent to process your data to withdraw this consent

9.3. These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

9.4. If you wish to exercise any of these rights, please contact us.

Your Right to Object

9.5.You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

9.6. If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.

9.7. Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.

9.8. At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.

10. Data Protection Principles

10.1. We process your personal data under the following principles:

We process your personal data lawfully, fairly and in a transparent way;
we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
we only process personal data that is adequate, relevant and limited to what is necessary to achieve the goal for which it is processed;
we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
we do not store personal data in a form that identifies you for any longer than is required for our processing; and
we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

10.2. When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide it.

10.3. Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.

11. What Is Our Lawful Basis For Processing?

11.1. We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each data type we process.

11.2. We will choose one of the lawful bases stated within GDPR and/or TDPSA to justify how we use your personal data. These are:

Consent: You have given consent to processing your personal data for one or more specific purposes. As detailed above, you can withdraw your consent at any time.
Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Legal obligation: We must process your personal data to comply with a legal obligation.
Vital interests: The processing is necessary to protect your or another person’s vital interests.
Public interest: Processing is necessary for performing a task in the public interest or the exercise of some official authority.
Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

12. How to Complain

12.1. If you have any concerns about our use of your personal information, you can make a complaint to us by using the contact details above.

13. Policy Review

13.1. We update and review this policy at least annually or when required due to changes in practice and legal updates. An updated version on the Website will make reasonable efforts to bring any material changes to your attention.

Date reviewed	Policy changes	Date completed and ratified	Updated by	Version
04/10/2024	New Policy			1

Table of Personal Information We Use:

The table below sets out detailed information about the types of personal information we collect, our purposes for processing, the basis for processing and the retention period for the personal data.

Website / email marketing / social media

When collected / stored	Category of personal data	Purpose of processing	Lawful basis for processing	Retention period
Website visit	Cookies	Essential	Required – legitimate interest	1 year

Clients

When collected / stored	Category of personal data	Purpose of processing	Lawful basis for processing	Retention period
Contact Website Email marketing platform	Name and contact details	To deliver your services to you For fraud prevention and detection To contact you with information, newsletters and marketing materials about our services	Performance of sale Compliance with legal obligation Consent	For three years since you gave consent, or until you withdraw consent if earlier
Bank transfer Cheque Card payments	Payment information	To take payment and give refunds For fraud prevention and detection	Performance of contract Compliance with legal obligation	For six years after transaction
Emails	Contact history	To provide customer service and support To train our staff	Performance of contract Legitimate interests in dealing with complaints or claims	For six years since you last logged on to the Website
Platform analytics	Browser, device and Site usage information	To improve the Website To protect the Website against fraud To set default options for you, such as language and currency	Performance of contract Legitimate interest in maintaining our Website	For three years since you last logged on to the Website
Website Testimonial capture form Google Reviews Emails	Customer comments and product reviews	To improve our products and services Where relevant, to establish, exercise or defend legal claims	Performance of contract Legitimate interest in dealing with complaints or claims and improving our products and/or services generally	For six years
Client information	Name Contact details Emails
Filming on behalf of clients	Video Images Interviews	As instructed by clients to fulfil a contract	Contract Consent from individuals for filming	Deleted / destroyed once project completed.

For information collected on behalf of our clients for filmed work, please view their Privacy Policy.