Videosmart privacy policy

Privacy Policy

Last updated: April 16, 2026

1. Purpose

The organisation is committed to protecting the privacy and security of all personal data we process while providing Print, Digital Communications and related services. This Privacy Policy sets out how we process personal data both as a Data Controller and a Data Processor, in compliance with applicable data protection laws, including the UK GDPR, EU GDPR, the Data Protection Act 2018 and Data Use & Access Act 2025.

We also outline our approach to marketing, cookies, use of Artificial Intelligence (AI), and how we maintain security, confidentiality, and availability of information under ISO/IEC 27001:2022, Cyber Essentials and our AI governance aligned with ISO/IEC 42001:2023.

2. Our role: Data Controller and Data Processor

As a Data Controller

We act as a Data Controller for the personal data of:

  • Clients (contact details, service history, estimates, contracts).
  • Employees and Job Applicants (HR records, qualifications, employment history, copies of photo ID, background checks including references, DBS checks, credit checks, qualifications etc.).
  • Suppliers and Contractors (contact information, contractual documents).
  • Other Stakeholders who interact directly with our organisation (name, company, contact numbers, email addresses, communications).

We collect and use this data for:

  • Contractual performance and business operations
  • Legal compliance
  • Internal HR management
  • Financial processing and audit

As a Data Processor

We act as a Data Processor when handling our clients’ data on their behalf. This includes:

  • Storing, managing, and processing personal data provided by our clients as part of our service delivery.
  • Operating strictly under client instructions and in accordance with contractual Data Processing Agreements (DPAs).
  • Implementing appropriate technical and organisational measures to ensure data confidentiality, integrity, and availability.

3. What Data We Collect and Use

Depending on your relationship with us, we may collect the following categories of personal data:

  • Identity Data: Name, title, date of birth, job title
  • Contact Data: Email address, phone number, postal address
  • Employment Data: CVs, references, payroll info, HR records
  • Client & Supplier Data: Contract details, service records, billing information
  • Marketing Preferences: Opt-in/opt-out status, communications history
  • Technical Data: Cookies, IP address, browser type, device information
  • Usage Data: Website usage, clicks

4. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity – for providing our services
  • Legal obligation – for tax, employment, and regulatory compliance
  • Legitimate interests – for business operations, fraud prevention, and service improvements
  • Consent – for marketing and cookie usage (where applicable)

5. Sharing of Data

It is important to note that the organisation does not sell or share your PII with third parties for third-party use. Any data shared with a third-party is only done so for the organisation’s marketing and sales purposes within the remit of a Data Controller (the Group) and Data Processor (supplier) relationship. In this circumstance, the Group ensures that data protection remains paramount and instructs strict data governance. For more information about our data protection procedures, please read the organisation’s Data Protection Policy

The organisation’s website may contain links to other third-party websites. the Group is only responsible for the privacy practices on this website and recommends you check the privacy policies and security procedures of every other website you visit.

As a Data processor, data will not be shared with any third parties, unless we have authorisation to do so from the Data Controller. We ensure that any third parties with whom we share data are bound by data protection obligations.

Based on the legal basis for processing, we may share personal data with:

  • Service providers (e.g. HR, legal, payroll)
  • Regulatory bodies and authorities when required by law
  • Marketing platforms (with consent)

6. International Transfers

We will not transfer any data outside the UK or EEA unless instructed/authorised to do so and would ensure appropriate safeguards such as:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)

7. Marketing

We may use your information to contact you about:

  • New services
  • Industry updates
  • Events, webinars, or promotions

Marketing Tools Used:

  • Email campaigns
  • SMS campaigns
  • Video campaigns
  • Social Media advertising
  • Analytics tools

8. Use of Artificial Intelligence (AI)

We incorporate AI into our services to improve:

  • Data Processing Efficiency
  • Personalisation
  • Predictive analytics
  • Enhance Digital Solutions

It is important to note that the organisation does not sell or share your PII with third parties for third-party use. Any data shared with a third-party is only done so for the organisation’s marketing and sales purposes within the remit of a Data Controller (the Group) and Data Processor (supplier) relationship. In this circumstance, the Group ensures that data protection remains paramount and instructs strict data governance. For more information about our data protection procedures, please read the organisation’s Data Protection Policy

Where AI is used to enhance digital services, personally identifiable information (PII) is not processed unless explicitly instructed by the data controller, based on their identified legal basis and legitimate interests for processing.

Individuals are advised not to input personally identifiable information (PII) into our digital services which use AI. Any PII that is voluntarily provided remains the sole responsibility of the individual. Such information may be processed by the AI tool to improve its functionality where a lawful basis, including legitimate interests, applies.

9. Security Measures

We maintain the confidentiality, integrity, and availability of data through our:

  • ISO/IEC 27001:2022-certified Information Security Management System (ISMS)
  • Cyber Essentials and Cyber Essentials Plus certification
  • Encryption of data at rest and in transit
  • Access control and authentication policies
  • Regular staff training on data protection
  • Incident detection and response protocols

10. Data Retention

We retain personal data only as long as necessary:

  • To fulfil contractual or legal obligations
  • In accordance with our retention policy
  • Based on guidance from clients when acting as a Data Processor

11. Your Rights

You have rights under data protection laws, including:

  • Access – request a copy of your data
  • Rectification – correct inaccurate data
  • Portability – receive your data in a usable format
  • Objection – object to processing in certain cases
  • Withdraw consent – for marketing or cookies

Should you wish to make a Subject Access Request (SAR), please find contact information below:

External Subject Access Requests: please write to:

  • Chief Compliance Officer
  • MBA Group Ltd
  • MBA House
  • Garman Road
  • London N17 OHW

External Subject Access Requests: please write to:

You can also contact us by using the form on our websites:

https://www.videosmart.com/contact-us

12. Complaints

We retain personal data only as long as necessary:

UK: Information Commissioner's Office (ICO) –https://ico.org.uk

13. Updates To This Policy

We review and update this Privacy Policy regularly to reflect legal or operational changes.



img-signature-samu

Sami Aintaoui