Privacy Policy

1. About This Privacy Policy

1.1. This policy sets out, as a business, how we process data both inside the Business and on the Website. This document is primarily for clients, subscribers, website visitors and people who wish to contact us about our services.

1.2. We are committed to protecting your privacy and complying with our data protection obligations under General Data Protection Regulation 2016/679 (GDPR) and any other applicable legislation within the USA, including the Texas Data Privacy and Security Act (TDPSA) and other relevant legislation around data privacy.

1.3. When you interact with us or use the Website, we act as the data controller of your personal data. This means we are responsible for processing and deciding how to use your personal data. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.

2. Contact Information

2.1. If you have any concerns or want further information about our use of data or this policy in general, use the details below to contact us;

Contact Name:  Alyssa Wilkinson
Registered Business Name: Epoch
US registration as :  Non profit 501C3
Registered Address:  5900 Balcones Drive, Austin, Texas 7873
Website: Epochworks.com
Email Address:   Alyssa.wilkinson@epochwork.com

3. Who Do We Collect Information From?

3.1. We collect information from;

  • Visitors to our Website
  • Subscribers to our email list
  • Clients/customers
  • Suppliers and contractors
  • Contacts (Network)
  • Individuals whilst providing services to our clients
  • Individuals who we film on behalf of our clients

4. What Information Do We Collect?

4.1. We collect, store and use the types of personal data set out in the tables at the end of this policy. (Please see the Data Protection Policy and Record keeping policy for employees.)

5. How Will We Use Your Information?

5.1. We will use your personal data for the purposes set out in the table at the end of this policy.

6. How Do We Share Your Personal Data?

6.1. When we share personal data, we do so under the Data Protection Laws. Where necessary, we may share specific personal data with employees, contractors, consultants or advisers to facilitate sales and general commercial purposes.

6.2. We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.

6.3. We also may need to share information externally for legal reasons. These include the HMRC and the police in connection with a police investigation.

7. Sharing Information

7.1. We endeavour to keep as much data within the UK/EU; however, there may be times when this is impossible. Where the platforms we use are outside of the UK or not a country where we have adequacy regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.

7.2. Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.

7.3. A complete list of the information can be requested by email.

8. Where Do We Collect Information?

Website

8.1. The Website may contain links to other websites over which we have no control, usually concerning blogs. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this Website. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.

8.2. The Website does have plugins that we use for third-party platforms.

8.3. We use a number of platforms to deliver our services. For a full list of these, please email us.

Contacts and Clients

8.4. We collect information from contacts and clients (and potential clients) through

  • Name
  • Contact details
  • Contact forms
  • Emails
  • Gender
  • Meetings, trainings
  • Payment details
  • Occupation and role details
  • Age

Suppliers

8.5. We collect information from clients (and potential clients) through

  • Emails
  • Address
  • Contracts
  • Invoicing
  • Notes from telephone calls and meetings

9. Your Rights

9.1. We respect your privacy rights and will respond to requests for access or control over information about you under the Data Protection Law. We may require you to verify your identity before we take any action.

9.2. Depending on the reason we have your personal data, you have a right to:

  • access the personal information we hold about you (commonly known as subject access);
  • request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
  • request that we erase your personal information in some circumstances or object to our processing it;
  • restrict how we use your personal data in certain circumstances;
  • request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services and
  • where we have asked for your consent to process your data to withdraw this consent
  • 9.3. These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

    9.4. If you wish to exercise any of these rights, please contact us.

    Your Right to Object

    9.5.You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

    9.6. If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.

    9.7. Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.

    9.8. At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.

    10. Data Protection Principles

    10.1. We process your personal data under the following principles:

    • We process your personal data lawfully, fairly and in a transparent way;
    • we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
    • we only process personal data that is adequate, relevant and limited to what is necessary to achieve the goal for which it is processed;
    • we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
    • we do not store personal data in a form that identifies you for any longer than is required for our processing; and
    • we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

    10.2. When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide it.

    10.3. Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.

    11. What Is Our Lawful Basis For Processing?

    11.1. We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each data type we process.

    11.2. We will choose one of the lawful bases stated within GDPR and/or TDPSA to justify how we use your personal data. These are:

    • Consent: You have given consent to processing your personal data for one or more specific purposes. As detailed above, you can withdraw your consent at any time.
    • Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
    • Legal obligation: We must process your personal data to comply with a legal obligation.
    • Vital interests: The processing is necessary to protect your or another person’s vital interests.
    • Public interest: Processing is necessary for performing a task in the public interest or the exercise of some official authority.
    • Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

    12. How to Complain

    12.1. If you have any concerns about our use of your personal information, you can make a complaint to us by using the contact details above.

    13. Policy Review

    13.1. We update and review this policy at least annually or when required due to changes in practice and legal updates. An updated version on the Website will make reasonable efforts to bring any material changes to your attention.

    Date reviewed

    Policy changes

    Date completed and ratified 

    Updated by

    Version

    04/10/2024

    New Policy

    1

    Table of Personal Information We Use:

    The table below sets out detailed information about the types of personal information we collect, our purposes for processing, the basis for processing and the retention period for the personal data.

    Website / email marketing / social media

    When collected / stored

    Category of personal data

    Purpose of processing

    Lawful basis for processing

    Retention period

    Website visit

    Cookies

    Essential 

    Required – legitimate interest

    1 year

     

    Clients

     

    When collected / stored

    Category of personal data

    Purpose of processing

    Lawful basis for processing

    Retention period

    Contact

    Website

    Email marketing platform

    Name and contact details

     

    To deliver your services to you


    For fraud prevention and detection

    To contact you with information, newsletters and marketing materials about our services

    Performance of sale

    Compliance with legal obligation

    Consent

    For three years since you gave consent, or until you withdraw consent if earlier

    Bank transfer

    Cheque

    Card payments

    Payment information

    To take payment and give refunds

    For fraud prevention and detection

    Performance of contract

    Compliance with legal obligation

    For six years after transaction

    Emails

    Contact history

    To provide customer service and support

    To train our staff

    Performance of contract

    Legitimate interests in dealing with complaints or claims

    For six years since you last logged on to the Website

    Platform analytics

    Browser, device and Site usage information

    To improve the Website

    To protect the Website against fraud

    To set default options for you, such as language and currency

    Performance of contract

    Legitimate interest in maintaining our Website

    For three years since you last logged on to the Website

    Website

    Testimonial capture form

    Google Reviews

    Emails

    Customer comments and product reviews

    To improve our products and services

    Where relevant, to establish, exercise or defend legal claims

    Performance of contract

    Legitimate interest in dealing with complaints or claims and improving our products and/or services generally

    For six years

    Client information

    Name

    Contact details

    Emails

    Filming on behalf of clients

    Video

    Images

    Interviews

    As instructed by clients to fulfil a contract

    Contract

    Consent from individuals for filming

    Deleted / destroyed once project completed. 

    For information collected on behalf of our clients for filmed work, please view their Privacy Policy.