Verbate – (A wholly owned brand of Vimily Pty Ltd) based at Level 14, 210 George St, Sydney, Australia 2000 – hereafter referred to as Verbate) value their customers and respect their privacy. The Data Controller under the UK Data Protection Act 1998 and GDPR is Vimily Pty Ltd, Level 14, 210 George St, Sydney, Australia 2000 and the Data control officer is Mitchel Flindell
Please read the following carefully to understand how we will collect, use and maintain your personal information. It also describes your choices regarding use, access and correction of your personal information.
The provisions of this Policy apply to all such mobile access and use of mobile devices. This Policy will be referenced by all such mobile applications or mobile optimized websites.
We accept that this video and data is private to you, and therefore we take a completely hands-off approach with your privacy at the very core of all our decisions and act as data processors, with you as the Data controller for the purposes of the GDPR legislation. We combine this with a genuine transparency, and if you have any questions at all please don’t hesitate to contact us at firstname.lastname@example.org
- You & your team decide who has access to your questionnaires, what to publish, when to publish and where your content goes.
- Private and secure data.
- Helping you make the most of your video
- What information we do take from our users is used only to better our service to you, and ensure gain the best exposure, support and use of your Verbate account.
- We believe business works best in a world of transparency and understanding, and that trust is imperative to everything we do. Gone are the days of red tape and hidden clauses, so if there is anything at all you would like to know, or need clarifying, please don’t hesitate to get in touch.
- At the heart of all our business process’s is a commitment to customer and respondent support.
- Protection for respondents’ data.
We will use the information that we collect about you in accordance with the following depending on your jurisdiction:
- The Data Protection Act 1998, UK
- The Privacy Act 1988, Australia
- The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which becomes effective from 25 May 2018
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, credit card information or other details to help you with your experience.
- Identity Data includes first name, maiden name, last name, username or similar identifier.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile Data includes your username and password, purchases or orders made by you, settings, feedback and survey responses (where applicable).
- Usage Data includes information about how you use our website, products and services.
- Special Categories of Personal Data – Your participants image, classified as biometric data and data that might reveal your participants’ race and ethnic origins, obtained with their permission when they record video responses to their surveys.
- Marketing and Communications Data includes your preferences in receiving emails and communications from us. This also includes us making a note of conversations we have had with you in person and/or communications you sent to us through our CRM or other platforms. This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
According to the GDPR legislation we will process Special Categories of Personal Data about your participants as an unavoidable consequence of the intrinsic nature of the Verbate service. Specifically your participants’ image – classified as biometric data. In allowing you to send video communication to your recipients we send data that could be used to identify you and your race or ethic background. We do not use this information for any other purpose than the operation of the platform in allowing you to send video messages and fulfilling our contract with you. By opting in to an account and using the Verbate service, you give permission for us to process this information and send videos to your elected recipients that contain images of you. We give you control of the video by restricting download of the videos on the recipient end and giving you complete control to delete any video stored by Verbate at request.
When do we collect information?
We collect information from you, with your permission, when you register on our site, start a subscription, Open a Support Ticket or enter information on our site.
How do we collect information about you:
We collect different information about you in a number of ways:
Information you give us:
Automated technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Information from third parties
We occasionally receive information about you from third parties as set out below:
Analytics providers such as Google
Publicly available data sources such as: ClearBit, FullContact
Advertising networks such as Facebook
Search information providers such as Google AdWords
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To quickly process your transactions.
- To follow up with them after correspondence (live chat, email or phone inquiries)
Specifically the use of your information is almost always used in executing contracted activities for you – i.e. the sending of Verbates to your elected recipients, executing subscription payments, responding to support requests. Please see the table below for more information:
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity||(a) Performance of a contract with you|
|To process and deliver your subscription purchase including:||(a) Identity||(a) Performance of a contract with you|
|(a) Manage payments, fees and charges||(b) Contact||(b) Necessary for our legitimate interests (to recover debts due to us)|
|(b) Collect and recover money owed to us||(c) Financial|
|(e) Marketing and Communications|
|To manage our relationship with you which will include:||(a) Identity||(a) Performance of a contract with you|
|(b) Asking you to leave a review or take a survey||(c) Profile||(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)|
|(d) Marketing and Communications|
|To enable you to use the core platform functionality – send video messages to your elected recipients||(a) Identity||(a) Performance of a contract with you|
|(b) Contact||(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business ,to track interaction on your behalf with your communications and pass that information to and from your account)|
|(e) Special Categories of Personal Data – your image|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
|(b) Contact||(b) Necessary to comply with a legal obligation|
|To use data analytics to improve our website, products/services, marketing and communications with you, customer relationships and experiences||(a) Technical||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
How do we protect your information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider (Stripe) and are not stored or processed on our servers.
Your videos and personal information is stored using a GDPR ready 3rd party provider AWS ( https://aws.amazon.com/compliance/gdpr-center/) in a controlled environment with limited access.
Do we transfer data internationally?
We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us, to which these services may include:
- Payment processing
- Providing customer service
- Sending marketing communications
- Conducting research and analysis
- Providing cloud computing infrastructure
- Video processing and transcoding
For most recipients of your data this involves only your email address, profile photo and the bio you enter into your account settings.
These functions are vital for us to deliver the Verbate service for your use. We have audited these providers and they have all publicly expressed that they are GDPR compliant.
Upon request Verbate will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or by contacting us at the contact information below. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Verbate (Trading as an entity of Vimily Pty Ltd) acknowledges that you have the right to access your personal information. Verbate has no direct relationship with the individuals – primarily our Users nominated Verbate recipients – whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Verbate’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Do we use ‘cookies’?
- Understand and save user’s preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you turn cookies off, some features will be disabled. Some of the features that make your site experience more efficient and may not function properly.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information (PII) unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Voluntary Disclosure of Personally Identifiable Information
When using Verbate, Users elect to send PII to their own nominated recipients in the form of; i) their email address and ii) their likeness in the form of self-recorded video. We will not repurpose this content in any way without authorisation. We do reserve the right to scan video material for abusive, illegal, or other content that violates our Terms of Service. The User cannot hold Verbate accountable for the subsequent use of transmitted PII by the recipient.
Recipient PII handling and disclosure
While using Verbate the system will capture the email address of your recipients, as well as publicly available information from social media and other internet sources. We do not sell, trade, or otherwise transfer to outside parties this information, it is solely for the purpose of providing the service. This information will be retained on our servers, as well as a record of the Verbate sent to the recipient for tracking and reporting. E can delete this information on request.
We do not include or offer third-party products or services on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
- Demographics and Interests Reporting
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together
Track engagement with the site and service
Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Can change your personal information:
- By logging in to your account
How does our site handle Do Not Track signals?
We don’t honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. We don’t honor them because:
It’s required for Account Holders to use the service
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
- Within 1 Calendar Month
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at
- Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
210 George St
Sydney, NSW 2000
Last updated: 2018-05-15