Clients and Potential Client
Fair Processing Notice

We use your personal data to assist us in answering your enquiry and to provide you with information about our products/services. We also process your personal data in order to provide you with the goods or services that you have ordered.
  • We respect your personal data and take its security very seriously.
  • We only hold what data we need for the purpose for which we obtained it.
  • We never share your data with any advertisers.
  • We delete your data when it’s no longer required to do our job properly.
  • You have privacy rights, and we honour them.
  • We are happy to answer your questions. Our contact details can be found at the end of this notice.

 

What data we hold

For an enquiry or for a quote that you do not accept, we will process your name and contact information.

If you proceed and we enter into a contract with you, we will process your name, address, contact details and payment information.

We also generate log files from various servers.  This will include an IP address assigned to you or to your internet service provider.

 

References to the legal basis for processing of your personal data  (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation. Each piece of personal data that we process must have a legal basis.

 

How we use your personal data :
To deal with enquiries or for a quote that you do not accept

If you contact us to ask about how we might be able to work together, we will follow up on your enquiry. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

If you provide us with information for a quote and then do not accept the quotation, we will keep a record of your enquiry.  We keep a record of enquiries received for 3 years. We’d like to occasionally keep in touch with you, but you can opt out at any time.

We may share some details of the enquiry with suppliers, collaborators or contractors, unless explicitly asked not to, either by informal request or NDA (non disclosure agreement).

(Basis: Art. 6(b): we need to use your details to follow up with you and this processing is necessary in order to take steps at your request prior to entering into a contract.  Art. 6(f): business planning and staying in touch with you is a legitimate activity for a business)

 

How we use your personal data :
If you enter into a contract with us

If you choose to work with us, we will need to process your data in order to provide you with the service that you have ordered. We need to process payment details in order to fulfil the contract. We will retain your personal data for 6 years after our contract has ended, or 6 years after our last invoice to you has been paid.

(Basis: Art. 6(b): processing is necessary for the performance of a contract)

Technical data

Sites we manage the hosting for have access logs and other security measures which may record your IP address or personal information if logged in. We use the logs to help with our company’s security as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular).

(Basis: Art. 6(c): we have a legal obligation to protect the data of our clients and our staff. Art. 6(f): strategy planning is a legitimate activity for a business.)

Your data and transfers outside of the EEA

Some of your data may be processed using Google, DropBox, Paypal, Amazon Web Services, Slack, Trello and other digital services which are based in the USA.  However adequate safeguards are in place as these organisations are certified to the EU-US Privacy Shield Framework.

We also use Campaign Monitor for our email lists and to send out emails to existing clients. Campaign Monitor is based in Australia and is preparing for the GDPR.  More information can be found here https://www.campaignmonitor.com/trust/gdpr-compliance/

We use Harvest for accounting purposes to create, store and send invoices – it records email addresses and account history, but does not process any payment. Harvest is preparing to GDPR – information can be found here. https://www.getharvest.com/security

 

Third parties

As a prospective customer, we will not transfer your personal data to third parties at this stage except the following:

  • Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).
  • Potential collaborators and contractors required for the completion of the tender. We may share your details with third parties to carry out specialised services like SEO, copywriting or to work as freelancers, unless prevented by NDA or similar agreement. We will limit the data to the minimum required to operate.
  • In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.

As a customer, we transfer your data to the following third parties:

  • Cloud service & IT providers. We use a number of cloud service & IT providers, such as our CRM, project management systems, accountancy software, email providers and webhosting.  We also share with IT professionals who not only ensure that our systems run smoothly, but are also committed to the highest standards of data protection compliance.
  • Accountants & Bookkeeper. We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.
  • We use photographers, copywriters, freelancers, collaborators and other specialist professionals. If appropriate to your project, we’ll share your information with them.
  • In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.
  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.

Recommendations and Referals

Venn Creative take keeping your personal details secure seriously, and will ask anyone we share your data with to do the same. In some instances we may make recommendations to you, or we may connect you directly with a supplier. In that instance your agreement is with them and we can’t take responsibility for how they handle your data. Always make sure any individual or business you connect with handles your personal information responsibly.

Technical security

VENN Creative use a variety of systems to keep your data secure, including password management and renewal policies, data minimisation, network security and remote working policies. If you’d like to find out more about what we do to protect your data please get in touch.

 

Your rights

You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.To request that we erase your personal data if:we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To restrict our processing of your personal data if it is based upon legitimate interest.
  • To object to our processing if our processing is based upon legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
  • If you want to exercise any of these rights, please contact us using the details at the end of this notice.

 

Retention periods

This is the length of time that we will continue to process or store your personal data.

Emails: We store all emails for a maximum of two years. We may keep important emails for the duration of our working relationship with you. We may delete other emails at any time at our discretion, as long as no relevant subject access requests have been made.

Data about clients: We will store your data for 6 years after your contract ends, or 6 years after our last invoice to you has been paid, for accountancy and tax purposes.

Data about enquiries: We keep contact information from enquiries for a period of up to three years.

Content: Content and images supplied to us are kept on our secure server in easily accessible folders for up to three years. These folders may include your personal information or images for which consent is required. After that they are moved into a secure archive to which have limited, password protected access. We keep this content to help us keep work for our clients, or to keep records of the work we have done for posterity. We will never share your previously unpublished work or source files without your permission.

Please note, these archives do not constitute as a backup, and cannot be relied upon as a storage mechanism.

Website Access Logs: We may choose to keep a record of access to websites we manage. These website logs can kept indefinitely for the functioning duration of the website. We feel these logs present limited risk and are more useful being retained.

ICO registration

Venn Creative is registered with the Information Commissioner’s Office
Ref: ZA394998

Contact us

Venn Creative
The Studio
Unit 28, Kernick Industrial Estate
Penryn TR10 9EP
Cornwall

[email protected]

01327 377105

Contact

Venn Creative, 59-61 Killigrew Street, Falmouth, Cornwall, TR11 3PF

01326 377 105 | [email protected]