Privacy Policy

Privacy and Cookie Policy

The privacy and security of your personal information is important to us at Grain Post Production (’Grain’) and we are committed to ensuring that your privacy is protected. Any personal data collected by us will only be processed in accordance with this privacy policy.

What does this Policy cover?

This privacy policy sets out how Grain processes personal data (that is, information by which an individual can be identified) collected by us in the course of our lawful activities, in accordance with the Data Protection Act 2018, the General Data Protection Regulation and any subsequent legislation in force from time to time (‘the Data Protections laws’). 
This policy has been put in place to protect your rights under the Data Protection laws, and it is important that you understand what we will do with your data and are happy with this. If you want to discuss any matter relating to how your data is used, please call us on 0044 (0)20 3969 8981 or email us at studio@grainpost.com, marking your communication for the attention of the Data Protection Officer. We may be required in certain instances to ask that your request for information be submitted in writing.

References to the processing of information includes the collection, use, storage and protection of data. Grain is the trading name of Grainpost Limited (a company registered in England and Wales with registration number 11007342), which is a ‘data controller’ within the meaning of the Data Protections laws for the purposes of this policy, except where stated otherwise where Grain is a ‘data processor’. This policy extends to those working for and on behalf of Grain and, to the extent set out below, anyone else processing data on our behalf from time to time.

Why do we process your data?

Organisations are permitted to process data if they have one or more legal bases for doing so. Grain processes data on the basis that:

  • Express and informed consent has been given by the person whose data is being processed; and/or
  • Grain has a legitimate interest in processing data; and/or
  • It is necessary in relation to a contract, agreement or ongoing arrangement for the provision of services which someone has entered into with Grain or because someone has asked for something to be done so they can enter into a contract, agreement or arrangement with us; and/or
  • Grain has a legal obligation to process data.

If and to the extent that Grain is relying on solely consent as the basis for processing data, we are required to obtain your explicit consent and you can modify or withdraw this consent at any time by notifying us in writing, although this may affect the extent to which Grain is able to provide services to or interact with you in future.

We may change this policy from time to time and any such changes will be published online at www.grainpost.com. Notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

This policy is effective from 22 January 2019.

What personal data do we process?

We collect the data necessary for Grain to pursue its legitimate commercial objectives as a post-production studio including, in that connection, maintaining a working archive for ongoing reference by clients and to promote our business to past, current and future potential clients and others. Data collected and processed may include, but not be limited to:

  • Names and contact information such as telephone numbers, email and postal addresses for staff, consultants, contractors and clients
  • Photographic images, videos and other information as allows the creators, copyright owners and subjects of such images to be identified for Grain’s commercial purposes
  • Such other information as may be required to run Grain’s business, such as dietary requirements, medical information, photographs and information necessary to ensure that participants, including vulnerable persons, are looked after and safeguarded
  • Records and preferences for and of staff, consultants, contractors and clients including, where necessary, bank or payment details in order to process payments to or from such persons and information about their tax status for the payment of remuneration
  • Such other information as is relevant and necessary for Grain to carry out its activities and legal obligations.

Such information may be collected when you provide it directly or indirectly to us by contacting us through our website or otherwise, or when information about you is disclosed to us by a third party. In such cases, Grain is a data processor acting on behalf of that third party as a data controller and we only process such data on the understanding that those disclosing it to us have the requisite legal authority to do so and have informed data subjects of their legal rights.

How do we use your data?

We process your personal data in order to pursue our legitimate commercial objectives, as stated above, and in particular for the following purposes:

  • For internal record keeping, staff and client management, receiving and making payments, invoicing, communications and administration (legal basis: contractual performance; fulfilling legal obligations) 
  • To maintain records of the work undertaken for clients and an archive of photographic images and videos for future reference and marketing purposes (legal basis: contractual performance; legitimate interests)
  • To let you know about such other matters as pertain directly or indirectly to Grain’s business as we believe may be of interest to you (legal basis: consent; legitimate interests)
  • To manage and improve our operations and communications with clients and to secure new business (legal basis: legitimate interests)
  • To comply with any legal obligations and to protect parties’ interests in cases of dispute (legal basis: to make or defend legal claims)

If you or someone acting on your behalf shares personal data relating to another person, such as photographic images, you warrant that you have the legal authority to share such data with us and have informed such person(s) that their data is being shared and about our privacy policy. In such cases, the data shared will not be used for any purposes other than those referred to in this policy or retained for longer than such purposes require.

Data processed will be retained only for as long as is reasonable and permissible in law. Accordingly, the periods for which we retain data will vary depending on the purposes for which it was collected and relevant statutory or other requirements.

In addition to those circumstances mentioned above, we will only share data with trusted partners and third parties (including those outside of the European Economic Area) to the extent and where necessary for us to engage in the activities referred to above (such for database and client management, online platforms for secure data storage or for email communications), to process payments (including through online payments platforms) and only once we are satisfied that any such use of data will accord with our privacy policy. We will not sell your personal information and will not share it without your explicit consent, except as stated above.

Your rights in relation to your personal data

You, as the data subject, may request deletion of your data at any time in writing, subject to any overriding legal requirement for its retention, such as the need, where appropriate, to comply with the requirements of Her Majesty’s Revenue and Customs or other regulatory authorities, or to prevent the commission of or assist in the investigation of an actual or suspected criminal offence, safeguarding incident or civil proceedings. We may keep certain data on a ‘suppression list’ so we know, if requested, not to contact you or process your data in future until further notice.

You may request details of personal information which we hold about you. Any such request must be submitted in writing and we reserve the right to seek verification of the identity of persons making such requests before we respond, which we much do within 30 days. A small fee may be payable if an information request is particularly onerous.

You may choose to restrict the collection or use of your personal information, but this may impact or limit the way in which we are able to interact with you. You may, at any time, change your mind about what information we hold about you, or if we continue to hold it at all, subject to any legal obligation on us to retain data, and as stated above.

You are responsible for the accuracy of data you have provided to Grain. If you believe that any information we are holding about you or someone else is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.

In the unlikely event that there is any kind of a breach of our duties and obligations under this policy or the Data Protections laws, we will take immediate steps to isolate and rectify the problem.  Should the breach be serious one (where there is a risk of, for example, discrimination, damage to reputation, financial loss or loss of confidential information) we have a duty to report that matter to the individuals affected and to the Office of the Information Commissioner. 

You can obtain further information about Data Protection and privacy laws and your rights by visiting the Information Commissioner’s website at: https://ico.org.uk/for-the-public.

Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure,we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Persons processing data for or on behalf of Grain do so in accordance with this policy and on the basis that Grain is satisfied that they can and will adhere to our high standards for data protection and security.

The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. Please note that, unless encrypted, email messages sent via the internet may not be secure and could be intercepted and read by someone else. Please bear this in mind when deciding whether to include personal or sensitive information in any email messages you send to us.

Web browsing and Cookies

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies help to analyse web traffic and allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Traffic log cookies may be used to identify which pages are being used. This helps analyse data about web page traffic and improve a website to tailor it to users’ needs. Information is only used for statistical analysis purposes and then the data is removed from the system. We may also collect and store information about your browsing device, including, where available, your IP address, operating system and browser type, together with certain anonymous statistical data about your browsing activities and patterns which does not contain any personal data. A cookie in no way gives access to your computer or any information about you, other than the data you choose to share.

However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Links to other websites

Any website may contain links to other websites of interest. However, once you have used these links to leave a website, you should note that those operating the original website do not have any control over that other website. Accordingly, Grain cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.