1. Introduction

    This Data Privacy Notice provides detailed information about the types of personal data we may collect about you, what we do with that information and how we will store that information and keep it secure and safe.

  2. Who are Vermillion?

    Vermillion Graphics Limited (Vermillion) is a company which is incorporated under the laws of England and Wales under No. 05007500 and whose registered office is at Burley Bridge Mills, Viaduct Road Leeds, LS4 2AP United Kingdom.

    The business of Vermillion is the provision of brand media, design, photography and ancillary production services relating to packaging and catalogues for retailers and brand owners, principally for use in relation to mail order catalogues. Further information about our business can be obtained by looking at our website (vermillionbranding.com) (the Website).

    Vermillion is a data processor for the purposes of the Data Protection Act 1988 and the GDPR.

  3. Contacting Vermillion

    You can contact Vermillion by writing to us at the above address, or by emailing us at info@vermillionbranding.com or calling us on 0113 255 5222.

  4. Who is responsible for the management of data protection at Vermillion?

    Chris Milner is responsible for the management of data protection at Vermillion. He can be contacted using the contact details given in sections 2. and 3. above.

  5. What sort of personal data do we hold and collect?

    We hold a number of types of personal data:-

    We hold information that various third parties have given us about themselves. For example in relation to our employees, key customer and supplier contacts we hold information about their names, addresses, e-mail addresses and phone numbers.

    For employees we hold in addition other information relating to their employment such as salary information, date of birth, national insurance numbers, payroll numbers and banking details, employment histories etc, which are necessary to administer pay and HR functions.

    We are a relatively small business with under 25 employees and under 100 active clients and the amount of personal data we hold and process is accordingly relatively modest.

  6. Cookies

    This website uses a feature of your web browser called cookies. A cookie is a file that is placed on your computer’s hard disk that ensures you get the best experience on our website.

    Most browsers accept cookies automatically. If you prefer, cookies can be disabled by amending your browser settings. You can find out more about cookies (including how to disable them) at cookies.insites.com.

    Cookies we use

    Cookie provider Cookie name Cookie description More information
    Google Analytics _utma, _utmb, _utmc, _utmz These cookies are used to collect information about how visitors use this website. The cookies collect information including the number of visitors to the website, where visitors have come to the site from and the pages they visited. Privacy policy
  7. How do we use personal data?

    We use personal:

    • to carry out our obligations arising from any contracts entered into between you and us (for example employment contracts with employees and supply of services contracts between us and our suppliers and customers);
    • to provide our clients and prospective clients with information about other services which we offer that are similar to those that they have already purchased or enquired about;
    • to notify our clients about changes to our services.
  8. The legal basis on which Vermillion processes personal data

    The law on data protection provides a number of different grounds that a company such as Vermillion can rely on to make its processing of personal data lawful.

    Vermillion relies on the following four legal grounds to process personal data:-

    You have consented to our using your personal data

    We can collect and process your data with your consent.

    This will be the case if you have provided your details to us historically for the purposes of our dealing with you for example as an employer or service provider.

    Vermillion’s Contractual Obligations

    In certain circumstances, we can process your personal data to comply with our contractual obligations.

    Vermillion’s legitimate interests

    The law states that in specific situations, Vermillion can process your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests.

    Legal compliance

    If complying with legal obligations upon us requires us to, we may collect and process your personal data.

  9. How we protect personal data

    Whether you are an employee, client or supplier we treat your personal data with the utmost care and take all appropriate steps to protect it.

    All personal information you provide to us, which we store electronically, is stored on our private, secure network of computers. Access to our IT systems is password protected. Our IT security is managed on our behalf by Opal IT of Media Exchange One, 1 Coquet Street, Newcastle Upon Tyne, NE1 2QB. Our IT provider regularly monitors our computer and network systems for possible vulnerabilities and attacks and use state of the art firewalls and anti-virus software, which is regularly updated.

    Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.

  10. Data Breaches

    In the unlikely event that there were to be any unauthorised access to (or an event occurs that creates a real risk of any unauthorised access to) any personal data which Vermillion holds, then Vermillion will, if it considers that the such events give rise to a high risk of affected individuals being adversely impacted, notify the affected individuals as soon as reasonably practicable.

  11. How long will we keep personal data?

    Whenever Vermillion collects or processes your personal data, it will only keep it for as long as it is reasonably necessary for the purpose for which it was collected.

    At the end of that retention period, your data will be deleted completely.

    If we hold your data in relation to the performance of contractual obligations by you or us we will hold that data for no longer than six years after the obligations are performed for legal reasons to do with limitation periods for contractual and tort claims.

  12. Who do we share personal data with?

    We share employee personal data with HMRC and our payroll services provider.

    Vermillion may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

    We may disclose your personal information to third parties:

    • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
    • If Vermillion or substantially all of its assets are acquired by a third party, in which case personal data held by it about the users of this Site will be one of the transferred assets.

    If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Vermillion, our users or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

    We may in addition share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

  13. Where personal data may be processed

    We will only process personal data within the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.

    If personal data is stored on a cloud-based server that may be located outside the EEA. We would only use such a server if our contractual relationship with the cloud services provider ensured sufficient protection of personal data.

    Personal data may also be processed by staff operating outside the EEA who work for us or for one of our business partners. We will take all steps reasonably necessary to ensure that personal data is treated securely and in accordance with this privacy policy and the law.

  14. What are your rights over your personal data?

    You have the legal right to request:

    • Access to the personal data we hold about you, free of charge in most cases.
    • The correction of your personal data when incorrect, out of date or incomplete.
    • That we stop using your personal data for direct marketing.
      • That we stop any consent-based processing of your personal data after you withdraw that consent.
      • That any decision made based solely on the basis of automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision) is reviewed by a human being.
    • A copy of any information about you that Vermillion holds at any time, and also to have that information corrected if it is inaccurate. To ask for a copy of information we hold about you please contact our Data Protection Officer, whose details are set out in paragraphs 2 and 3 above.
  15. How can you stop Vermillion’s use of your personal data for direct marketing?

    There are several ways you can stop direct marketing communications from us:

    Click the ‘unsubscribe’ link in any direct marketing email communication that we send you. We will then stop any further emails and delete your contact details from our direct mail database.

    Write, email or phone our data protection officer, whose details are set out in paragraphs 2 and 3 above.

  16. Third party websites

    The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

  17. Changes to our privacy policy

    Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

  18. Contacting the Regulator

    If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

    You can contact them by calling 0303 123 1113.

    Or go online to www.ico.org.uk/concerns.

    If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

  19. Further Information

    Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@vermillionbranding.com.