privacy

INTRODUCTION
Dirty Looks takes privacy very seriously. In the film industry this is imperative. The way we collect and store your data is of the utmost importance, from the picture and sound content of our clients’ projects through to our customers’ contact and billing details. This privacy notice outlines our privacy policy and commitment to compliance with the regulations outlined in GDPR.

The services this notice includes are our post-production services, website, marketing communications, banking activities and day-to-day email.

If you are working with us please read this policy carefully and contact us with any questions regarding our privacy practices.

WHO WE ARE
Please see the CONTACT page of the website to get in touch. The data controller is the managing director, Tom Balkwill.

WHAT INFORMATION DO WE COLLECT?
When working on projects we will collate collaborator’s names, email addresses, postal address, company details, invoicing and any other information offered during the cycle of the project. This information is typically inputted into our project management systems.

Data is also collected from visitors to dirtylooks.co.uk with Google Analytics. Any analysis of this data is anonymised before use.

When receiving invoices with customers’ banking details these are stored in email and inputted into our online banking account with Lloyds.

Aside from personal and financial information above, we also receive picture and sound data relating to projects, which include filmed rushes, sound recordings, visual effects, graphics, music, project files and credit roller information. Data relating to creative work is stored on our servers for the duration of the project then backed up and archived onto LTO storage mediums.

HOW DO WE USE PERSONAL INFORMATION
There are a number of systems that we use for running projects with our clients, and also Mailchimp to manage our marketing database.

Through the lifecycle of a project (and to provide our post production services) a client’s name an email address maybe manually inputted into our filesharing systems, Sohonet FileRunner and Digital Pigeon, project management systems Google Docs, Dropbox, Teamwork and Airtable. In addition to these cloud systems we also use our own asset management database (for hard drives and tape tracking) Knack.

These systems use two-factor authentication when available.

To deliver marketing and event communications we use a managed mailing list stored and sent in Mailchimp. We try to ensure that our mailing list is limited to existing clients that we have done business with, collaborated with on a creative or technical level or have made enquiries to our website or via email.

WHAT LEGAL BASIS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA?
When choosing to work with Dirty Looks we assume consent to use your data in the ways outlined in this policy.

When making business enquires with Dirty Looks we see this as legitimate interest and we may occasionally send marketing emails to people that have initiated communications. Any mailing list communications we send out will have an un-subscibe link, and we will not re-subscribe anyone who opts-out.

WHEN DO WE SHARE PERSONAL DATA
Dirty Looks will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent.

Some of our service providers may have access to your data in order to perform services on our behalf – payment processing is a good example of this.

HOW WE HANDLE YOUR PERSONAL DATA
We use MailChimp to store our marketing recipient lists – all data is stored on a secure server in the USA for the purposes of email newsletter distribution. Under the terms of their Privacy Policy, they endeavour not to, under any circumstances, contact people on our lists, market to people on our lists, sell our lists, or share our lists with any other party, except as required by law or, regarding contacting, except in response to a complaint or other communication directly from an individual on one of our lists. If you would prefer that your data is not stored in this manner, you have the right to opt out from further communications at any point.

Dropbox is used as a secure service to store various documents relating to Dirty Looks’ business activites. Under the terms of the Dropbox Privacy Policy, they participate in and comply with the EU-U.S. Privacy Shield Framework. All dropbox accounts are password protected.

HOW WE PROTECT AND SECURE YOUR DATA
Dirty Looks is committed to protecting the personal information you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use e.g. our own network is protected by Sohnet’s managed firewall services and we use two factor authentication on cloud based services outlined in this policy.

We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose, backups of project files for example will be held well-beyond the date that we delivered the project.

Accidental data loss and disaster recovery systems are in place based on daily LTO backups, and data held on these tapes may be held beyond the project delivery date.

LINKING TO OTHER WEBSITES
Links on our website (for example to Youtube or Vimeo) are not endorsed, we take no revenue from this traffic. Nor do we take any responsibility for external website’s content.

YOUR RIGHTS AND CHOICES
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. If you have subscribed to our mailing list, you can amend your personal details and email contact preferences at any time. Simply click on the link at the bottom of our emails.
Or, if you prefer, you can contact us by phoning, emailing, or writing using our contact details on this website.

If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere with such requests.

This notice was updated on 25 May 2018.

Updates to this policy will be posted on this page – please check back from time to time. We may also inform you of any changes where we hold an appropriate email address for you.

Further information on data protection regulations and laws can be found here:
Data Protection: https://ico.org.uk/for-the-public