Fair Processing Notice – Research
- We respect your personal data and take its security very seriously.
- We only hold what data we need for the purpose for which we obtained it.
- We never share your data with any advertisers.
- We will never use your data as a commodity.
- We delete your data when it’s no longer required to do our job properly.
- You have privacy rights, and we honour them
- We are happy to answer your questions. Our contact details can be found at the end of this notice.
What data we hold
For the purposes of research questionnaire we will ask your permission to retain your email address and name., and we may ask you to answer some optional questions about demographic.
We also generate log files. This may include an IP address assigned to you or to your internet service provider.
References to the legal basis for processing of your personal data (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation. Each piece of personal data that we process must have a legal basis.
How we use your personal data :
For the purposes of research and evaluation
We use Survey Sparrow to compile our online questionnaires. Survey Sparrow are GDPR compliant and the data contained in all questionnaire results is not scanned, processed or shared by Survey Sparrow for any purpose. Results are stored on their servers, and may be exported to other platforms for the use of analysis and review. We use your answers to improve ours and our Clients’ services, and your personally identifying information will not be used unless expressly requested in a particular question.
We may share some details of your answers with suppliers, collaborators or contractors, all of whom will be acting one behalf of Venn creative and will adhere to the principles outlined here.
We never use your information to build an identifiable profile of you. Questions about demographic (age, gender etc) are used to create aggregate pictures. Your data is never sold, monetised or shared beyond the reasonable remit of carrying out brand, design and user experience research.
(Basis: Art. 6(b): we need to use your details to follow up with you and this processing is necessary in order to take steps at your request prior to entering into a contract. Art. 6(f): business planning and staying in touch with you is a legitimate activity for a business)
Sites we use have access logs and other security measures which may record your IP address or personal information if logged in. We use the logs to help with our company’s security as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular).
(Basis: Art. 6(c): we have a legal obligation to protect the data of our clients and our staff. Art. 6(f): strategy planning is a legitimate activity for a business.)
Your data and transfers outside of the EEA
Some of your data may be processed using Google, DropBox, Paypal, Amazon Web Services, Slack, Trello and other digital services which are based in the USA. However adequate safeguards are in place as these organisations are certified to the EU-US Privacy Shield Framework.
As a prospective customer, we will not transfer your personal data to third parties at this stage except the following:
- Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).
- Potential collaborators and contractors required for the completion of the research. We may share your details with third parties to carry out specialised services like SEO, copywriting or to work as freelancers. We will limit the data to the minimum required to operate.
- In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.
Venn Creative use a variety of systems to keep your data secure, including password management and renewal policies, data minimisation, network security and remote working policies. If you’d like to find out more about what we do to protect your data please get in touch.
You have rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.To request that we erase your personal data if:we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
- To restrict our processing of your personal data if it is based upon legitimate interest.
- To object to our processing if our processing is based upon legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
- If you want to exercise any of these rights, please contact us using the details at the end of this notice.
This is the length of time that we will continue to process or store your personal data.
Emails: We store all emails for a maximum of two years. We may keep important emails for the duration of our working relationship with you. We may delete other emails at any time at our discretion, as long as no relevant subject access requests have been made.
Data about clients: We will store your data for 6 years after your contract ends, or 6 years after our last invoice to you has been paid, for accountancy and tax purposes.
Data about enquiries: We keep contact information from enquiries for a period of up to three years.
Content: Content and images supplied to us are kept on our secure server in easily accessible folders for up to three years. These folders may include your personal information or images for which consent is required. After that they are moved into a secure archive to which have limited, password protected access. We keep this content to help us keep work for our clients, or to keep records of the work we have done for posterity. We will never share your previously unpublished work or source files without your permission.
Please note, these archives do not constitute as a backup, and cannot be relied upon as a storage mechanism.
Website Access Logs: We may choose to keep a record of access to websites we manage. These website logs can kept indefinitely for the functioning duration of the website. We feel these logs present limited risk and are more useful being retained.
Venn Creative is registered with the Information Commissioner’s Office
Unit 28, Kernick Industrial Estate
Penryn TR10 9EP