This privacy notice provides you with details of how we collect and process your personal data through your use of our site  By providing us with your data, you warrant to us that you are over 13 years of age.  VT FILMS is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).  The use of the Internet pages of VT FILMS is possible without any collection of personal data by us; however, if you want to use some services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we usually obtain consent from you.

If you have any queries concerning your personal information, please contact us at

Who we are

Richard & Ellen Timbrell trading as VT FILMS

Contact Details: 07793 116608 | | 45 Lime Tree Avenue, Long Stratton, Norfolk, NR15 2TL

Our Server

This website is hosted on a Apache server by 1&1 within a EU based data centre.

Full details of 1&1 data centre can be found here.

Data Protection Information

How we protect your data

We use a multi-layered approach to security –

Perimeter Security – All of our IT infrastructure is stored in a secure location.  Only two key holders exist.

Network Security” – All of the IT is further secured using strong password protection, using a mixture of alphanumeric and symbols. We use Apple iCloud and Google Drive as a cloud storage system for our documents and company files.  iCloud is GDPR compliant (view their privacy policy HERE) as is Google (view their privacy policy HERE). Portable hard drives for use off-site and on location will not usually have personal information stored on them, and where they do they will have password protected encryption at the drive level.  We ensure all servers, routers, laptops, desktops, smartphones etc are kept up to date with the relevant security patches and updates by the manufacturer.

Privilege Based” – Only those who need to access your information will be able to access it.   That is just two persons – Richard Timbrell & Ellen Timbrell. We use multiple alphanumeric passwords for access to all  IT infrastructure. Where access is given to another person then an audit is carried out to ensure that only the required information is accessed and the passwords are changed.

Your data is also held securely off-site with further protection provided by Google and Apple, again using the same three methods outlined above.

User privacy and data protection are human rights and we have a duty of care to our clients and contractors within that Data. The Data will only be collected and processed when absolutely necessary. and this Data will not be distributed or made public.

As per Article 30 for the GDPR this website and business are exempt from some the regulations surrounding the handling of private data.

However, this website will strive to ensure that where possible we comply with the stipulations laid out in GDPR.

All private data (email address, IP address, names, telephone etc) are stored on secure computers.  No personal data will be given or sold without the express written permission of the user.

You may request to see copies of any personal information held and also request that that information is updated or removed in its entirety. You can do that using the contact form HERE

Data Breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

What personal data we collect and why we collect it

Blog Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

We may collect communication data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails).  The website of VT FILMS contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.

Communication data includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

We also collect customer data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details and purchase details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

Please let us know if at any time your personal information changes by emailing us at


We may automatically collect certain data from you as you use our website by using cookies and similar technologies.  If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


This site uses Google Analytics (GA) to track user interaction. We use this data to determine and calculate the number of people using our site, this is so we can better understand how they find and use our web pages and to see their journey through our website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
GA makes use of cookies, details of which can be found on Google’s developer guides. Our website uses the analytics.js implementation of GA and you are able to disable cookies on your internet browser which will stop GA from tracking any part of your visit to pages within this website.

Marketing Communications

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).

Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.

You can ask us to stop sending you marketing messages at any time by emailing us at at any time. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases etc.

Who we share your data with

We do not knowingly share your personal data with any third party for their own marketing purposes without your express consent.

However we use third party communication channels. An example of these are : Social media messaging, email servers,  Whilst this does expose our communications with you to third parties, each partner we have chosen to work with is reputable, and their service to us is understood to be as a carrier or enabler of communication, and not a processor of information.

We have performed fair due diligence to assure that communication channels are fit for purpose, and reasonably secure. We do understand that communication channels are in their nature distributed worldwide and subject to technical change. We regularly review our usage of such channels to ensure the security of both subjects data and our business integrity.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, or have contacted us via email or through a contact form you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.


Social Media & Video Sharing

On this website, the controller has integrated components of the enterprises (FACEBOOK, TWITTER,  GOOGLE +, PINTEREST, INSTAGRAM, LINKEDIN, YOUTUBE, VIMEO) these are all social media and video sharing networks.  VT FILMS shares and posts photos and videos to these social media platforms for business and promotional activities. No personal data that we have obtained is included in these posts.

Photos/Films & Backups

The nature of our business is to take photographs and record film. These files can include data fields. These data fields are known as EXIF data, and can include information like dates, time, location and personal data such as names, content details and job details.


Images and video that VT FILMS creates are subject to copyright, however some subjects/objects within the images can be subject to differing external copyrights. This means that the data and information regarding to a particular image can relate to more than one subject or party. We manage copyright and rights management within a offline database.


As a responsible business, VT FILMS ensures all on-site files and data are routinely backed up off site. This backup may be within or outside of the EU. Where backups contain private data VT FILMS ensures backups are secure and encrypted. The logistics relating to these backups, impose a practical implication when a subject requests data is removed, and as such, removals are subject to a reasonable workflow, and are not instant.

Data Storage

VT FILMS stores data locally (in our offices) in electronic and paper formats. Additionally, along with a paper equivalent, We purposefully store data in multiple locations. We do this to ensure data security and integrity, and to provide an effective, long term backup of image assets.

Backups are for the purposes of business resilience, regulatory compliance, rights management, and to provide customers a long term service.

Your Legal Rights

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at:

If you wish to exercise any of the rights set out above, please email us at

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.