Effective date: 25 May 2018
References to “you” and “your” are references to the person accessing our Site.
References to “we”, “us” and “our” are references to Forbidden or its subsidiary companies.
Forbidden is a data controller for the purposes of the Data Protection Act 2018.
Information collected and received
We collect data about the users and visitors of our services and
- register on our Site; order or subscribe to any product or service via the Forbidden website www.forbidden.co.uk, Blackbird website www.blackbird.video or through one of our distributors
- contact us (eg. by telephone, email etc)
- website usage data (analytics)
When you purchase a subscription, we will need payment and billing information, often including contact details for accounts personnel to send invoice details. Registering an interest in our services will be used to send information on the service and contact about scheduling demonstrations or for sales.
Forbidden’s Suite is intended as a way to enable clients to work with video content. As a side effect, some personal information on clients is collected and stored, principally name and email address. The primary use of this information is to allow clients to reset their passwords through the automated password reset process. This mechanism is also available for the Company to notify users of updates to the terms and conditions of use and updates and replacements to the Suite.
Clients can also add any other information, including personal information, through the Suite, simply by uploading it or typing it in. Clients are the Data Controllers for this information, and Forbidden is the Data processor. As such, Forbidden endeavours to prevent all access to the information which has not been authorised by the client. Forbidden clients are the Data Controllers for personal information they add to the Suite. As such, they can add a wide range of information to the Suite, including personal information.
The personal data you provide will only be used for the purpose for which it is provided, unless we inform you otherwise at the time you provide this data. You may inform us at any time to correct any details and if you wish us to cease using your personal data.
Information collected through use of our Services
Forbidden will from time to time collect information from you that does not reveal your personal identity. Information may include details of your visit to our Site (including, but not limited to, traffic data, location data, weblogs and other communication data) and any resources you access. We may also collect information about your computer including, where available, your IP address, operating system and browser type. We use this information for our marketing purposes. This information is only used in aggregate form and is not connected to any name, address or other personal identifying information.
Cookies are small amounts of information that are sent to and are stored on your computer. They are used to identify you when you visit our Site, and to make your use of our Site more convenient for you. Cookies are used to remember usernames, passwords and preferences and to deliver a faster and more personalised service. If you do not wish to have Cookies placed on your computer you can disable Cookies on your internet browser. However, turning them off may mean that you will not be able to enjoy our Site to its fullest.
We use the following types of cookies:
- Strictly necessary cookies. These provide required functionality of our site and Suite, such as login and session management.
- Analytical/performance cookies. Thes are used by analytics platforms such as Google analytics and third-party marketing platforms
- Targeting cookies. These include beacon and tracking for marketing website, and not the Suite.
When personal data is collected, (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you (e.g. to deliver the Blackbird Services you have requested), or (c) where the processing is in our legitimate interests.
We may process your personal data for the purposes of our legitimate interests or for the legitimate interests of third parties (e.g., your employer or company), provided that such processing shall not outweigh your rights and freedoms. For example, we may process your personal data to:
- Protect you, us or others from threats (such as security threats or fraud);
- Comply with laws that apply to us;
- Enable or administer our business, such as for quality control, consolidated reporting, and customer service;
- Manage corporate transactions, such as mergers or acquisitions;
- Understand and improve our business or customer relationships generally.
Where it is stored
Information held within the Services reside within UK data centers. We use third-party applications for sales and marketing. Where personal data of EU citizens is held out of the EU, those processors have EU-US Privacy Shield in place.
How personal information is used
Details about your organization and your staff are valuable to you, and Forbidden understands that this data is provided confidentially. This information may have been provided to the Services directly, or via one of its resellers. Forbidden will not sell or otherwise share information about you with other organizations or Forbidden resellers with whom you have not engaged directly. Information about you will only be used by Forbidden to communicate details about our products and services. If you believe that this information has been shared without your approval, please do not hesitate to alert us to this so we can ensure continued privacy of your information.
You agree to Forbidden collecting, processing and storing personal data collected from you in the following ways:
- to provide you with information, products and services you request from us;
- to carry out our obligations arising from any contracts entered into between you and us;
- to contact you with information about your registration details and/or your account details;
- for the purpose of providing a personalised service;
- to ensure the content on our Site is presented in the most effective manner for you and for your computer;
- to tell you about information, products and services we feel may interest you or news or events, in each case provided by Forbidden or one of our strategic partners or distributors (each a “Supplier”) (where you have consented to be contacted for such purposes (including through supplying your personal data to us), have expressed an interest in receiving such information, or are a customer of any Supplier). You have the right to opt-out of these communications at any time;
- to allow you to participate in any interactive features of our Site (should you wish to do so);
- to notify you about any changes to our services.
Where relevant, Forbidden may disclose your personal data to any member of the Forbidden group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
We will not ordinarily make your personal data available to third parties, however, we may disclose your personal data to third parties:
- who are partners of Forbidden and who we require to process personal data in order to provide services on our behalf;
- to our distributors where you are a customer of that distributor;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if Forbidden or substantially all of its assets are acquired by a third party, in which case personal data held by Forbidden’s customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligations or in order to enforce or apply our Terms and Conditions, Blog Policy and/or other agreements;
- to protect the rights, property or safety of Forbidden, our customers or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection);
- if in our opinion a third party has a legitimate reason for requesting the information.
By placing an order for our products or services you may be subject to a standard credit check. You agree that the personal data you provide may be disclosed by us to a licensed credit reference agency which may retain a record of any searches conducted.
We may also transfer your personal data outside of the European Economic Area (EEA) to which you consent (see below: “Storage and transfer of your personal data”).
How we store personal information
Storage and transfer
Forbidden shall take steps to ensure that any storage of your personal data in or transfer of your personal data to a country or territory outside the European Economic Area (EEA), whose laws provide for a different standard of protection for your personal data than that provided under English law, shall be made subject to contractual arrangements which will require that your personal data be processed to at least a standard compliant with the Data Protection Act 2018.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transaction is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we keep information
On expiry of a contract, we will retain contact details of the client associated with the account, as required by the contract and any legal basis for audit purposes. After an account has been deleted, user-identifiable information from the account is deleted after a period of six months. After a user id is deleted, user-identifiable information about the user id is deleted after six months.
There may be links on our Site to third party websites which Forbidden has no control over. Forbidden accepts no responsibility or liability for any third party practices on third party websites. Forbidden advises you to carefully read third party privacy statements prior to the use of any third party website.
Information access rights
Users can access the personal user id account metadata information held in the system.
Information stored in uploaded video, audio, or other files is processed by Forbidden’s servers, but Forbidden is not the Controller. Apart from exceptional cases, Forbidden does not know what this content contains.
Individuals have the right to make a subject access request. If an individual makes a subject access request, the organisation will tell him/her:
- whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
- to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
- for how long his/her personal data is stored (or how that period is decided);
- his/her rights to rectification or erasure of data, or to restrict or object to processing;
- his/her right to complain to the Information Commissioner if he/she thinks the organisation has failed to comply with his/her data protection rights; and
- whether or not the organisation carries out automated decision-making and the logic involved in any such decision-making.
The organisation will also provide the individual with a copy of the personal data undergoing processing, where this is known. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
To make a subject access request, the individual should complete the ‘Subject Access Request form’ and send to firstname.lastname@example.org. In some cases, the organisation may need to ask for proof of identification before the request can be processed. The organisation will inform the individual if it needs to verify his/her identity and the documents it requires.
The organisation will normally respond to a request within a period of one month from the date it is received. In some cases, such as where the organisation processes large amounts of the individual’s data, it may respond within three months of the date the request is received. The organisation will write to the individual within one month of receiving the original request to tell him/her if this is the case.
If a subject access request is manifestly unfounded or excessive, the organisation is not obliged to comply with it. Alternatively, the organisation can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which the organisation has already responded. If an individual submits a request that is unfounded or excessive, the organisation will notify him/her that this is the case and whether or not it will respond to it.
Changes to our privacy and related policies will be communicated to our customers, and further updates will be made to this page.
Forbidden Technologies plc
27-37 St. George’s Road
London SW19 4EU
tel: +44 (0)330 380 1130
fax: +44 (0)20 8946 4871