Privacy Policy

1. About This Privacy Policy

1.1 This policy sets out, as a business, how we process data both inside the Business and on the Website. This document is primarily for clients, subscribers, website visitors and people who wish to contact us about our services. 

1.2 We are committed to protecting your privacy and complying with our data protection obligations under General Data Protection Regulation 2016/679 (GDPR) and any other applicable legislation within the USA, including the Texas Data Privacy and Security Act (TDPSA) and other relevant legislation around data privacy.

1.3 When you interact with us or use the Website, we act as the data controller of your personal data. This means we are responsible for processing and deciding how to use your personal data. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.


2. Contact Information

2.1 If you have any concerns or want further information about our use of data or this policy in general, use the details below to contact us;

Contact Name:  Alyssa Wilkinson

Registered Business Name: Epoch

US registration as : Non profit 501C3

Registered Address:  5900 Balcones Drive, Austin, Texas 7873

Website: www.Epochworks.com

Email Address:  Alyssa.wilkinson@epochwork.com


3. Who Do We Collect Information From?

We collect information from;

Visitors to our Website

Subscribers to our email list

Clients/customers

Suppliers and contractors

Contacts (Network)

Individuals whilst providing services to our clients

Individuals who we film on behalf of our clients


4. What Information Do We Collect?

4.1 We collect, store and use the types of personal data set out in the tables at the end of this policy. (Please see the Data Protection Policy and Record keeping policy for employees.)


5. How Will We Use Your Personal Data?

5.1. We will use your personal data for the purposes set out in the table at the end of this policy.


6. How Do We Share Your Personal Data?

6.1. When we share personal data, we do so under the Data Protection Laws. Where necessary, we may share specific personal data with employees, contractors, consultants or advisers to facilitate sales and general commercial purposes.

6.2. We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.

6.3. We also may need to share information externally for legal reasons. These include the HMRC and the police in connection with a police investigation. 


7. Sharing Information

7.1. We endeavour to keep as much data within the UK/EU; however, there may be times when this is impossible. Where the platforms we use are outside of the UK or not a country where we have adequacy regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.

7.2. Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.

7.3. A complete list of the information can be requested by email.


8. Where Do We Collect Information

8.1 Website - The Website may contain links to other websites over which we have no control, usually concerning blogs. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this Website. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.

8.2. The Website does have plugins that we use for third-party platforms.

8.3. We use a number of platforms to deliver our services. For a full list of these, please email us.

8.4. Contacts and clients - We collect information from contacts and clients (and potential clients) through

Name

Contact details

Contact forms

Emails

Gender

Meetings, trainings

Payment details

Occupation and role details

Age

    

8.5. Suppliers -We collect information from clients (and potential clients) through

Emails

Address

Contracts

Invoicing

Notes from telephone calls and meetings


9. Your Rights

9.1. We respect your privacy rights and will respond to requests for access or control over information about you under the Data Protection Law. We may require you to verify your identity before we take any action.

9.2. Depending on the reason we have your personal data, you have a right to:

access the personal information we hold about you (commonly known as subject access);

request that we correct or complete personal information we hold about you that is inaccurate or incomplete;

request that we erase your personal information in some circumstances or object to our processing it;

restrict how we use your personal data in certain circumstances;

request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services and

where we have asked for your consent to process your data to withdraw this consent.

9.3. These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

9.4. If you wish to exercise any of these rights, please contact us.

9.5. Your right to object - You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

9.6. If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.

9.7. Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.

9.8. At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.


10. Data Protection Principles

10.1. We process your personal data under the following principles:

We process your personal data lawfully, fairly and in a transparent way;

we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;

we only process personal data that is adequate, relevant and limited to what is necessary to achieve the goal for which it is processed;

we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;

we do not store personal data in a form that identifies you for any longer than is required for our processing; and

we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

10.2. When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide it.  

10.3. Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.


11. What Is Our Lawful Basis For Processing?

11.1. We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each data type we process.

11.2. We will choose one of the lawful bases stated within GDPR and/or TDPSA to justify how we use your personal data. These are:

Consent: You have given consent to processing your personal data for one or more specific purposes. As detailed above, you can withdraw your consent at any time.

Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

Legal obligation: We must process your personal data to comply with a legal obligation.

Vital interests: The processing is necessary to protect your or another person’s vital interests.

Public interest: Processing is necessary for performing a task in the public interest or the exercise of some official authority.

Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.


12. How to complain

12.1. If you have any concerns about our use of your personal information, you can make a complaint to us by using the contact details above.

13. Policy review

13.1. We update and review this policy at least annually or when required due to changes in practice and legal updates. An updated version on the Website will make reasonable efforts to bring any material changes to your attention.



The table below sets out detailed information about the types of personal information we collect, our purposes for processing, the basis for processing and the retention period for the personal data.

Website / email marketing / social media


When collected / store
Category of personal data
Purpose of processing
Lawful basis for processing
Retention period
Website visit
Cookies
Essential 
Required – legitimate interest
1 year

Clients

When collected / stored
Category of personal data
Purpose of processing
Lawful basis for processing
Retention period
Contact
Website
Email marketing platform
Name and contact details
 
To deliver your services to you.
For fraud prevention and detection
To contact you with information, newsletters and marketing materials about our services
Performance of sale
Compliance with legal obligation
Consent
For three years since you gave consent, or until you withdraw consent if earlier
Bank transfer
Cheque
Card payments
Payment information
To take payment and give refundsFor fraud prevention and detection
Performance of contract
Compliance with legal obligation
For six years after transaction
Emails
Contact history
To provide customer service and supportTo train our staff
Performance of contract
Legitimate interests in dealing with complaints or claims
For six years since you last logged on to the Website
Platform analytics
Browser, device and Site usage information
To improve the Website To protect the Website against fraudTo set default options for you, such as language and currency
Performance of contract
Legitimate interest in maintaining our Website
For three years since you last logged on to the Website
Website
Testimonial capture form
Google Reviews
Emails
Customer comments and product reviews
To improve our products and servicesWhere relevant, to establish, exercise or defend legal claims
Performance of contract
Legitimate interest in dealing with complaints or claims and improving our products and/or services generally
For six years
Client information
Name
Contact details
Emails
Filming on behalf of clients
Video
Images
Interviews
As instructed by clients to fulfil a contract
Contract
Consent from individuals for filming
Deleted / destroyed once project completed. 

For information collected on behalf of our clients for filmed work, please view their Privacy Policy.