Privacy Policy
1. About This Privacy Policy
1.1 This policy sets out, as a business, how we process data both inside the Business and on the Website. This document is primarily for clients, subscribers, website visitors and people who wish to contact us about our services.
1.2 We are committed to protecting your privacy and complying with our data protection obligations under General Data Protection Regulation 2016/679 (GDPR) and any other applicable legislation within the USA, including the Texas Data Privacy and Security Act (TDPSA) and other relevant legislation around data privacy.
1.3 When you interact with us or use the Website, we act as the data controller of your personal data. This means we are responsible for processing and deciding how to use your personal data. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.
2. Contact Information
2.1 If you have any concerns or want further information about our use of data or this policy in general, use the details below to contact us;
Contact Name: Alyssa Wilkinson
Registered Business Name: Epoch
US registration as : Non profit 501C3
Registered Address: 5900 Balcones Drive, Austin, Texas 7873
Website: www.Epochworks.com
Email Address: Alyssa.wilkinson@epochwork.com
3. Who Do We Collect Information From?
We collect information from;
Visitors to our Website
Subscribers to our email list
Clients/customers
Suppliers and contractors
Contacts (Network)
Individuals whilst providing services to our clients
Individuals who we film on behalf of our clients
4. What Information Do We Collect?
4.1 We collect, store and use the types of personal data set out in the tables at the end of this policy. (Please see the Data Protection Policy and Record keeping policy for employees.)
5. How Will We Use Your Personal Data?
5.1. We will use your personal data for the purposes set out in the table at the end of this policy.
6. How Do We Share Your Personal Data?
6.1. When we share personal data, we do so under the Data Protection Laws. Where necessary, we may share specific personal data with employees, contractors, consultants or advisers to facilitate sales and general commercial purposes.
6.2. We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.
6.3. We also may need to share information externally for legal reasons. These include the HMRC and the police in connection with a police investigation.
7. Sharing Information
7.1. We endeavour to keep as much data within the UK/EU; however, there may be times when this is impossible. Where the platforms we use are outside of the UK or not a country where we have adequacy regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.
7.2. Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.
7.3. A complete list of the information can be requested by email.
8. Where Do We Collect Information
8.1 Website - The Website may contain links to other websites over which we have no control, usually concerning blogs. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this Website. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.
8.2. The Website does have plugins that we use for third-party platforms.
8.3. We use a number of platforms to deliver our services. For a full list of these, please email us.
8.4. Contacts and clients - We collect information from contacts and clients (and potential clients) through
Name
Contact details
Contact forms
Emails
Gender
Meetings, trainings
Payment details
Occupation and role details
Age
8.5. Suppliers -We collect information from clients (and potential clients) through
Emails
Address
Contracts
Invoicing
Notes from telephone calls and meetings
9. Your Rights
9.1. We respect your privacy rights and will respond to requests for access or control over information about you under the Data Protection Law. We may require you to verify your identity before we take any action.
9.2. Depending on the reason we have your personal data, you have a right to:
access the personal information we hold about you (commonly known as subject access);
request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
request that we erase your personal information in some circumstances or object to our processing it;
restrict how we use your personal data in certain circumstances;
request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services and
where we have asked for your consent to process your data to withdraw this consent.
9.3. These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
9.4. If you wish to exercise any of these rights, please contact us.
9.5. Your right to object - You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.
9.6. If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.
9.7. Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.
9.8. At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.
10. Data Protection Principles
10.1. We process your personal data under the following principles:
We process your personal data lawfully, fairly and in a transparent way;
we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
we only process personal data that is adequate, relevant and limited to what is necessary to achieve the goal for which it is processed;
we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
we do not store personal data in a form that identifies you for any longer than is required for our processing; and
we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.
10.2. When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide it.
10.3. Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.
11. What Is Our Lawful Basis For Processing?
11.1. We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each data type we process.
11.2. We will choose one of the lawful bases stated within GDPR and/or TDPSA to justify how we use your personal data. These are:
Consent: You have given consent to processing your personal data for one or more specific purposes. As detailed above, you can withdraw your consent at any time.
Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Legal obligation: We must process your personal data to comply with a legal obligation.
Vital interests: The processing is necessary to protect your or another person’s vital interests.
Public interest: Processing is necessary for performing a task in the public interest or the exercise of some official authority.
Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
12. How to complain
12.1. If you have any concerns about our use of your personal information, you can make a complaint to us by using the contact details above.
13. Policy review
13.1. We update and review this policy at least annually or when required due to changes in practice and legal updates. An updated version on the Website will make reasonable efforts to bring any material changes to your attention.
The table below sets out detailed information about the types of personal information we collect, our purposes for processing, the basis for processing and the retention period for the personal data.
Website / email marketing / social media
When collected / store | Category of personal data | Purpose of processing | Lawful basis for processing | Retention period |
---|---|---|---|---|
Website visit | Cookies | Essential | Required – legitimate interest | 1 year |
Clients
When collected / stored | Category of personal data | Purpose of processing | Lawful basis for processing | Retention period |
---|---|---|---|---|
ContactWebsiteEmail marketing platform | Name and contact details | To deliver your services to you.For fraud prevention and detectionTo contact you with information, newsletters and marketing materials about our services | Performance of saleCompliance with legal obligationConsent | For three years since you gave consent, or until you withdraw consent if earlier |
Bank transferChequeCard payments | Payment information | To take payment and give refundsFor fraud prevention and detection | Performance of contractCompliance with legal obligation | For six years after transaction |
Emails | Contact history | To provide customer service and supportTo train our staff | Performance of contractLegitimate interests in dealing with complaints or claims | For six years since you last logged on to the Website |
Platform analytics | Browser, device and Site usage information | To improve the Website To protect the Website against fraudTo set default options for you, such as language and currency | Performance of contractLegitimate interest in maintaining our Website | For three years since you last logged on to the Website |
WebsiteTestimonial capture formGoogle ReviewsEmails | Customer comments and product reviews | To improve our products and servicesWhere relevant, to establish, exercise or defend legal claims | Performance of contractLegitimate interest in dealing with complaints or claims and improving our products and/or services generally | For six years |
Client information | NameContact detailsEmails | |||
Filming on behalf of clients | VideoImagesInterviews | As instructed by clients to fulfil a contract | ContractConsent from individuals for filming | Deleted / destroyed once project completed. |
For information collected on behalf of our clients for filmed work, please view their Privacy Policy.