What is GDPR?

The General Data Protection Regulation (GDPR) is important new legislation in the area of data protection. Developed by the European Union, it’s designed to strengthen individuals’ rights regarding the collection, use and storage of their personal data.

The law applies to businesses or organisations in the European Union. Those outside the EU who offer goods and services (whether paid or not) to people living within the EU, or monitor their behavior, must also comply.

In effect, GDPR has become the global standard for data protection.

So what counts as Personal Data?

Any data that can be used to identify a living person directly or indirectly is classed as personal data.
For example:

  • Name
  • Address
  • Email address
  • Social security number
  • Location data
  • IP address

VMI only stores the minimum amount of data necessary for business operations and in depth data is only kept for internal staff.

What information does VMI.TV collect about me?

What information does VMI.TV collect about me?

Summary

VMI collects basic information from you when you create an account, such as name, address, email address and phone number, then more data pertinent to id or references are sought – all with your permission, otherwise we cannot rent to you.  Afterwards, specific order notes relating to individual orders are also kept, as well as electronic data concerning the financial details of your orders.

As well as our internal systems, we also run two external databases – one runs directly from the VMI/VMEDIA websites, which simply collects contact details and email addresses specifically to generate website enquiries and another uses an external cloud-based email marketing tool (Constant Contact), which is controlled by the client by a user interface.

Lastly, we record CCTV data and collect other information which are detailed below as well.

These are detailed in 4 separate sections below:

  1. Internal Systems: this is data collected and used by VMI/VMEDIA using our internal database which we use for conducting business from our UK offices.
  2. VMI/VMEDIA Websites: this is data collected and used by the VMI/VMEDIA website
  3. Cloud-based email marketing: this is data collected and used by our external cloud-based email marketing system.
  4. VMI Employee and Prospective Employee Data Fair Processing Policy: this is the data collected about our staff and prospective job applicants.
  5. Other data provision: CCTV, CVs etc.

1. Internal Systems:

Data collected and used by VMI/VMEDIA using our internal database which we use for conducting business from our UK offices.

In order to function as a rental business and to provide an adequate level of service, VMI will store the following information against an account:

  • Contact Name
  • Company Name
  • Address
  • Phone
  • Email

As part of the account set-up for new business clients, VMI requires, for due diligence, the potential client to supply the names and addresses and phone and email of two trade referees that will be checked by VMI senior staff only for the following information:

  • Regular Customer
  • Trading Record
  • Monthly Credit Limit
  • Payment within 30 days

Individual clients who cannot provide trade referees are required to supply the following information at point of collection:

  • Photo ID
  • 2x Utility bills with supplied address

This information is photocopied and stored in secure filing cabinets for twelve months after the initial hire as the client would have either migrated to a 30 day account or the account lapsed and closed with data being deleted.

When you wish to rent equipment, we may collect additional information from you such as:

  • Hired In Insurance Policy Details
  • Purchase Orders relevant to specific transactions

Once you are accepted as a client, our system also collects and stores the following information from you:

  • Account Status (COD/30 Days)
  • Date of first hire
  • No of hires.
  • Average value of equipment hired per job.
  • Delivery/Collection Address and contact details (if different to the account details)
  • Specific client instructions/preference, where relevant.

Why is this data capture necessary?

This processing of data is necessary for the performance of contract and part of a legal obligation to keep company financial records for five years after a tax return date.

The client consent to store this data is required/implicit at the point of founding the account as the first transaction cannot function without it and will be removed subsequently at the client’s request (i.e. closing the account for new business) or altered ( such as an address or phone number change).

To send periodic emails. The email address you provide for order processing, will only be used to send you information and updates pertaining to your order and VMI’s policy is to email our clients annually to take part in a survey to continually improve our services.

Electronic Data Security

This information is stored under the same electronic security criteria as detailed below.

This data is kept in data format only and this information is deleted when the relevant account is closed at the client’s request. As the third party data for the trade references is supplied by the client, VMI cannot attest to the GDPR compliance or data security of that third party as any interaction between VMI and the third party is restricted to the above information only.

All financial records pertaining to orders are scanned and stored in a secure cloud-based environment and paper records destroyed within 3 months of completion of hire. 

2. VMI/VMEDIA Websites

This is data collected and used by the VMI/VMEDIA website

The VMI and VMEDIA websites contain their own internal databases used for generating website enquiries, so that we can provide quotations for you without you having to enter your data repeatedly in order to save you time.

When you choose to enter an account on our database, the system will collect basic information from you, such as name, address, email address and phone number. 

You can also choose to store multiple addresses if you choose to and the system will allow you to save your shopping card orders for referring to at a later date and also multiple delivery addresses.  The system also permits you to share shopping cart orders with other email addresses if you choose to.

This data is only stored on the website server and does not interface with any other systems and is never shared with any other users or organisations.

Protection and Security of Information

We protect the privacy of your information using highly secure, password-protected servers. Please see our security policy for further information about the online and offline security measures we adopt to protect your information against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data.

Accuracy and Updating Information

We endeavour to keep our information accurate and up to date. Once you have registered online with VMI you can check the information we store for your account by visiting our website and logging-in. Then access the “Update Account” link at the top of the page to display your account information. You can amend any inaccuracies through this facility. Alternatively, you can email us at Email VMI London requesting that we update, modify or delete your account information.

Website Tracking

Like most websites, we use cookies and other internal tracking methods to track the way our website is used by our customers so we understand better how to make the service faster and more user friendly. The information we gather is analysed either in the aggregate or at a customer level, where we feel that the data we collect will help to enhance your purchasing experience.

What Are Cookies?

Cookies assign a unique identification to your computer and store the details on your hard drive via a facility in your web browser. The cookie does not contain any personally identifying information but does permit our website to recognize you each time you return to the VMI website. On arrival your cookie then ‘handshakes’ with our system, which identifies you and makes it faster for you to log in. If you do not want to use “cookies”, most Internet browser programs will permit you to turn them off. Should you do this, you will still be able to access our website as normal.

Cookies on VMI.TV

CookieTypeDurationDescription
cookielawinfo-checkbox-necessaryHTTP1 dayDetermines whether the user has accepted the cookie consent box. Initiator: Webserver Source: uk.vmi20.wearetesting.co.uk Data is sent to: Germany (adequate)
cookielawinfo-checkbox-non-necessaryHTTP1 DayCookie purpose description: Determines whether the user has accepted the cookie consent box. Initiator: Webserver Source: uk.vmi20.wearetesting.co.uk Data is sent to: Germany (adequate)
IDEHTTP1 YearUsed by Google DoubleClick to register and report the website user's actions after viewing or clicking on e of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Provider: doubleclick.net Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
test_cookieHTTP1 DayCookie purpose description: Used to check if the user's browser supports cookies. Provider: doubleclick.net Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
VISITOR_INFO1_LIVEHTTP179 DaysTries to estimate the users' bandwidth on pages with integrated YouTube videos. Provider: youtube.com Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
wc_cart_hash_#HTMLPersistentUsed to store cart's contents. Initiator: Webserver Source: uk.vmi20.wearetesting.co.uk Data is sent to: Germany (adequate)
wc_fragments_#HTMLSessionUsed to store cart's content. Initiator: Webserver Source: uk.vmi20.wearetesting.co.uk Data is sent to: Germany (adequate)
YSCHTMLSessionRegisters a unique ID to keep statistics of what videos from YouTube the user has seen. Provider: youtube.com Initiator: Iframe, page source line number 2225 Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
yt-remote-connected-devicesHTMLPersistentStores the user's video player preferences using embedded YouTube video Provider: youtube.com Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
yt-remote-fast-check-periodHTMLSessionStores the user's video player preferences using embedded YouTube video Provider: youtube.com Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
yt-remote-session-appHTMLSessionStores the user's video player preferences using embedded YouTube video Provider: youtube.com Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)
yt-remote-session-nameHTMLSession
Stores the user's video player preferences using embedded YouTube video Provider: youtube.com Initiator: Iframe Source: https://www.youtube.com/ Data is sent to: United States (not adequate)

VMI.TV/VMEDIA.DIGITAL policies

The foregoing policies are effective for the vmi.tv and vmedia.digital websites. By using our sites, you agree to the terms of this privacy policy. VMI/VMEDIA reserves the right to change this policy from time to time and will update this page accordingly. By using this Site you agree to be bound by any such revisions in effect at the time of use and should therefore periodically visit this page and the Site Terms of Use page to determine the current policies applicable to users of the Site. The policies and terms described above are not intended to and do not create any contractual or other legal rights in or on behalf of any party.

3. Cloud-based email marketing

This is data collected and used by our external cloud-based email marketing system

Constant Contact is an independently run, cloud-based email marketing system, which runs services for VMI/VMEDIA of:

  • Email and Social Marketing
  • Surveys
  • Event Booking

VMI only enters client information of name and email address into Constant Contact, if clients have specifically requested us to.  This permission is kept in electronic or written form, until the client requests that this is removed. See your choice about the data that we collect.

You can also opt-in using the opt-in function on the vmi.tv website or the opt-in function on the vmi.digital website.

Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. You have the right to access and correct your personal information and can opt into or out of receiving promotional materials at any time.

Security of My Data on Constant Contact Servers

The security of our site is managed on multiple levels, including Physical, Network, Host, Software, and User Account Security. Constant Contact maintains internal security policies and procedures in support of its ongoing operations. Access to resources is granted only to those who reasonably require access, based on their responsibilities. We hold EU-US Privacy Sheild certification and comply with the Swiss Safe Harbor framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union and the Swiss Confederation.

For more information, please visit and read over Constant Contact Terms & Conditions.

4. VMI Employee and Prospective Employee Data Fair Processing Policy

VMI is committed to maintaining the accuracy, confidentiality and security of your personal information. This Employee Fair Processing Notice describes the personal information that VMI collects from or about you, and how we use and to whom we disclose that information.

What Personal Information Do We Collect?
For the purposes of this Privacy Policy, personal information is any information about an identifiable individual, other than the person’s business title or business contact information when used or disclosed for the purpose of business communications. Personal information does not include anonymous or non-personal information.

We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were employed by us, including the personal information contained in:

  • CVs and applications;
  • References and interview notes;
  • Photographs and video;
  • Letters of offer and acceptance of employment;
  • Policy acknowledgement sign-off sheets;
  • Training and personal development records;
  • Payroll information; including but not limited to national insurance number, banking and deposit information;
  • Wage and benefit information;
  • Forms relating to the application for, or in respect of changes to, employee health and welfare Benefits; including, short and long term disability, medical and dental care; and
  • Beneficiary and emergency contact information.

In addition to the examples listed above, personal information also includes information such as name, home address, telephone, personal email address, date of birth, and any other information necessary to VMI business purposes, which is disclosed in the course of an employee’s application for and employment with VMI.

As a general rule, VMI collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions). An example of this would be an employment reference.

From time to time, we may use the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us. In that case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.

Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.

Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing, managing or terminating your employment relationship with VMI. Such uses include:

  • Determining eligibility for initial employment, including the verification of references and qualifications;
  • Administering pay and benefits;
  • Processing employee work-related claims (e.g. worker compensation, insurance claims, etc.)
  • Establishing training and/or development requirements;
  • Conducting performance reviews and determining performance requirements;
  • Assessing qualifications for a particular job or task;
  • Gathering evidence for disciplinary action, or termination;
  • Establishing a contact point in the event of an emergency (such as next of kin);
  • Complying with applicable labour or employment statutes;
  • Compiling directories;
  • Ensuring the security of company-held information; and
  • Such other purposes as are reasonably required by VMI.

Monitoring
The work output of VMI employees, whether in paper record, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by VMI.

In the course of conducting our business, we may monitor employee activities and our premises and property. For example, some areas of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of employees and third parties, and to protect against theft, vandalism and damage to VMI goods and property.

Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority. Pursuant to the VMI’s IT Policy and your contract of employment, we have the capability to monitor all employees’ computer and e-mail use.

This section is not meant to suggest that all employees will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information from employees (e.g. through their use of our resources). When using VMI equipment or resources employees should not have any expectation of privacy with respect to their use of such equipment or resources.

How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information.

We may use your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

When Do We Disclose Your Personal Information?
We may share your personal information with our employees, members, contractors, consultants and other parties who require such information to assist us with establishing, managing or terminating our employment relationship with you, including: parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of products or services to you. An example of this is the provision of payroll services by a third-party organisation providing processing services to VMI.

Also, your personal information may be disclosed:

  • As permitted or required by applicable law or regulatory requirements. In such a case, we will not disclose more personal information than is required under the circumstances;
  • To comply with valid legal processes such as search warrants, subpoenas or Court orders;
  • As part of VMI regular reporting activities;
  • To protect the rights and property of VMI;
  • During emergency situations or where necessary to protect the safety of a person or group of persons;
  • Where the personal information is publicly available; or
  • With your consent where such consent is required by law.

Notification and Consent
Privacy and employment laws do not generally require VMI to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating your employment relationship. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

Where your consent was required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent.

All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Managing Director.

How is Your Personal Information Protected?
VMI endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.

How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, VMI will retain your personal information only for as long as it believes is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations).

We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. In most cases your data will be deleted 6 years after you have left the company. If you have applied to work for VMI and have been unsuccessful we will retain your data will be deleted after 6 months.

Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your employment, please keep us informed of such changes.

In some circumstances, we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.

Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Managing Director.  Please note that any such communication may be required in writing.

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.

Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:

  • Right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
  • Right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again, this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations VMI may have;
  • Right to data portability. This is unlikely to apply in the circumstances of employment;
  • Right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). This is unlikely to apply in the circumstances of employment;
  • Rights related to automated decision making including profiling. This is unlikely to apply in the circumstances of employment;

Any questions you may have regarding the processing of your personal data should be directed to the Managing Director of VMI.

5. Other Data Provision

CCTV, CVs and other data stored

All VMI/VMEDIA buildings have CCTV systems which record data which is wiped after 3 months.

Risk Assessments, Call Sheets and other non-sensitive data is deleted after a period of 3 years from our servers.

We keep a record of data destruction logs from 2018 as required by GDPR legislation on our secure servers.

Does VMI share my data with third parties?

We do not share personally identifiable data with any other companies except as provided in this policy or permitted by law. We may provide such aggregate statistics about our sales, traffic patterns, and related website information to trustworthy third parties, but these statistics will include no personally identifying information.

In order to provide you with a service, fulfil a transaction you have requested or in connection with legal process, we may share your personal data with with our agents (such as credit card processing companies, credit reference agencies, outside suppliers, distributors and delivery companies), and group companies for such purpose, relevant authorities or otherwise with your permission and also communicating with you through surveys and interest based advertising, where you have expressely provided your permission.

Where appropriate, we share user experience information or other customer level personally identifiable information with companies within our group as well as our trusted third parties, agents and business partners for the purpose of accomplishing our objectives of customer personalisation and improvement of site design and user experience.

We only share the minimum information necessary, and third parties are prohibited from using your information for any other purpose as indicated in our Privacy Policy.

Your choices about data we collect

We provide you with the tools to control your account information and guidance on how it is used.

Since we have 4 x separate areas of where we store your data, we have different processes for you to access and control this data.

1. VMI/VMEDIA Client Database

This is the main area where we store your data for our essential business activities of VMI/VMEDIA.  This is stored on secure servers at VMI/VMEDIA only and you have to contact us in order to verify and access your account details.  On request, we will delete your account details.

Contact us using our branch contact details using:

  • Telephone
  • Email
  • Mail

2. VMI/VMEDIA Website

This database is only stored on the vmi.tv and vmedia.digital website servers, only used to generate website enquiries for quotation basis and only accessible online by you using secure password access.  As such, we have no access to this database and you are totally in control of this data. Details of the data stored on this website.

To update the area on our website where we store your name, address, telephone data for our website, please visit the Log-in link of vmi.tv or Log-in link of vmedia.digital

3. Email Marketing Data

VMI/VMEDIA uses a cloud-based email marketing system for email and social marketing, surveys and event booking.

VMI only enters client information of name and email address into Constant Contact, if clients have specifically requested us to. 

You can opt-in using the opt-in function on the vmi.tv website or the opt-in function on the vmi.digital website.  Once subscribed, you will receive our regular mailings via email.  Should you decide that you no longer wish to receive these mailings, you can unsubscribe at any time by clicking on the unsubscribe link on any constant contact mailing received, or by replying to these mails with ‘unsubscribe’ as the subject heading.  Alternatively, you can email us at Email VMI London with your preferences.

Once unsubscribed, we cannot resubscribe you – only you are able to do this.

Details of the data stored on this website.

5. VMI Employee and Prospective Employee Data Fair Processing Policy

In this section, we collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were employed by us, including the personal information contained in the following areas:

  • CVs and applications;
  • References and interview notes;
  • Photographs and video;
  • Letters of offer and acceptance of employment;
  • Policy acknowledgement sign-off sheets;
  • Training and personal development records;
  • Payroll information; including but not limited to national insurance number, banking and deposit information;
  • Wage and benefit information;
  • Forms relating to the application for, or in respect of changes to, employee health and welfare Benefits; including, short and long term disability, medical and dental care; and
  • Beneficiary and emergency contact information.

This data is stored on secure servers and paper in locked files at VMI/VMEDIA only and you have to contact us in order to verify and access your account details.  On request, we will delete your personal data, subject to the caveats and limits of statute contained within this section.

4. Other data

We also store other data for our essential business activities of VMI/VMEDIA including staff and cctv data. 

This data is stored on secure servers and paper in locked files at VMI/VMEDIA only and you have to contact us in order to verify and access your account details.  On request, we will delete your personal data.

Contact the Data Protection Officer with clear instructions using the Email VMI London link.

What is Sensitive Personal Data?

Sensitive personal data is a special class of personal data that has to be even more carefully handled. It includes factors such as:

  • Race
  • Health status
  • Sexual orientation
  • Religious beliefs
  • Political beliefs

VMI never stores this type of data.

What rights do data subjects have under GDPR?

As explained by the ICO, data subjects have the following rights concerning their personal data:

  • Information
  • Access
  • Rectification
  • Erasure
  • Restrictions on processing
  • Data portability
  • Objection
  • Revision of automated decisions or profiling

The GDPR refers a lot to data processing. This simply refers to any operation that is performed on personal data – collection, storage, amendment, deletion etc.

VMI’s commitment to GDPR

  • VMI has assigned the Managing Director as the official Data Protection Officer (DPO) and is contactable using VMI London via email
  • VMI is clear to establish a legal justification for all data that it keeps.
  • VMI commits to recontacting all subscribed members of the electronic marketing cloud-based database of constant contact before 25 May 2018 to expressely request their permission to continue to receive regular electronic communications.
  • Any personal data breaches which would significantly harm individuals will be reported within 72 hours to the “relevant supervisory authority”, which in the UK is the ICO.

    If the breach is serious enough, we commit to informing the individuals affected.
  • We will commit to keeping your data safe by using the latest encryption, anonymization and access control systems and techniques.
  • We shall provide individuals with the capability to request access to and updating/delete of their personal data.  We shall ensure that we verify their identity effectively in order to fulfil their request.
  • We shall document all data policies, techniques and systems to ensure GDPR compliance and ensure that we have a GDPR data destruction log, which we shall commit to keeping up to date.
  • We shall provide clear signage in our building and create risk assessments for each part of the business which contains personal data.
  • We shall check all third party processing and ensure that privacy policies and supplier agreements of all third parties comply with current GDPR legislation.

Vmedia are proud sponsors of: