At PurplePort Limited we are dedicated to safeguarding and preserving your privacy when visiting our site or communicating electronically with us.
We do update this Policy from time to time, so please do review this Policy regularly.
For the Data Protection Act 2018 and UK GDPR, our data controller is Russ Freeman.
1. Information We Collect
In operating our website, we may collect and process the following data about you:
1.1 Details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data.
1.2 Information that you provide by filling in forms on our website, such as when you registered for information or made a purchase.
1.3 Information provided to us when you communicate with us for any reason.
However, deleting or denying the purpleport.com cookies will mean you will not be able to use large parts of the website
By continued use of PurplePort we will store the following cookies on your computer:
- adult, nsfw, safety - These are the content filter options and can be deleted at any time.
- p, e, phash - These are used to identify you so you can access member-only functions and features of the website. Deleting them will mean you will not be able to access your account.
- signup - Used to display the signup banner to visitors of the website intermittently.
- ASPSESSIONID* - This cookie, which is relatively randomly generated, identifies you while you visit the site. Deleting or denying it will negatively affect your use of the website.
- __ut* - These are placed by Google Analytics, which we [PurplePort] and some members use to monitor traffic to their profile pages. They can be deleted or declined.
3. Use of Your Information
The information that we collect and store relating to you is primarily used to enable us to provide our services to you. Also, we may use the information for the following purposes:
3.1 To provide you with the information requested from us, relating to our products or services. To provide information on other products which we feel may be of interest to you, where you have consented to receive such information.
3.2 To meet our contractual commitments to you.
3.3 To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.
3.4 If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you.
4. Data Protection and GDPR Compliance
This section details the way PurplePort is managing sensitive user data, making sure only relevant data is stored, that it is stored securely and, used in ways that only serve the service that users have agreed to and signed up for, and accessed in appropriate formats. It also defines how data is accessed and what steps are taken to minimise unauthorised and unwanted exposure of said data.
4.1 The information we store
PurplePort stores only information on you that is used to either contact you personally, or regarding displaying your PurplePort profile. This includes, but is not limited to, your name and email address, as well as your general location, [date of birth, stats and sizes depending on account type], images you have uploaded to PurplePort, your public profile notes, links you have provided, on-site messages between you and other members, your PurplePort calendar, group posts, castings and events as well as data on your activity on the site (such as your image albums, image ordering, users you have decided to follow and your image loves and view stats).
Whether an active or inactive member of PurplePort, the information you provide will be stored to maintain the website and for any potential future cooperation with a legitimate legal investigation.
4.2 Sources and uses of the information we store
PurplePort only saves the information provided via the website interface, or from your using the website as a whole (such as image loves and alike). We do not harvest, store or process data on you from third-party sources.
We only process your information to display it coherently on the PurplePort website, that being your profile pages on the site and anything you have contributed to the community in the groups, competitions, castings, events and your inbox on the site. Where relevant, we also use your data on our social media channels (such as re-posting of a member image with a link back to the main PurplePort website, if not opped-out of such use).
If we are required by a government legal authority, such as to aid in a police investigation, if your data is shown to be necessary to such a situation, it will be disclosed confidentially.
4.3 How and where we store our information
We only store information in databases, of which we have two: one for all the user and website data, the second for holding statistics (such as number of profile views, etc.). Both databases are held on European-based servers, including our backups. Our site developers, all of which are employees of PurplePort, also have a limited copy of the database structure on their local, password-protected, development machines for use in creating and testing site features.
If you have emailed us any information or imagery direct, this information is stored in our inbox until read/dealt with and then deleted. The images we store that relate to your profile are all held in European-based Amazon servers; the below contains specifics of our storage infrastructure...
Service: Amazon AWS
Data: Image data
Location: eu-west-1 (EU, Ireland)
Service: Amazon SES
Data: Email data
Location: eu-west-1 (EU, Ireland)
Service: Fasthosts Servers
Data: Database data
Location: Gloucester, UK
Service: Development Staff
Data: Data access
Location: England, UK, Germany
Fasthosts Data Storage Info: https://www.fasthosts.co.uk/blog/press/introducing-our-data-centres-and-their-effect-seo
Amazon Data Storage Info: https://docs.aws.amazon.com/general/latest/gr/rande.html
4.4 How the information we store is accessed
All database data is stored on our servers and is only accessible via those servers. Our image data is stored in the Amazon AWS network on EU-based servers.
Data is provided through the website to anyone that requests it, via the regular use of the site, image data is served from image URL’s and accessible worldwide.
Our data servers are accessible only by us and our UK-based maintenance contractor, who operates jointly with us under a non-disclosure agreement. Servers are also behind firewalls and are monitored 24/7 for activity.
Our image data, with Amazon AWS, is subject to their strict data-privacy guidelines.
Our payment provider, PayPal, upon the purchase of a PurplePort subscription, may be sent the invoice information you have provided, at the point of making a purchase, this is sent securely to the provider and is subject to their strict data-privacy guidelines.
Finally, we use a service called RayGun to track and report server errors, they have their own GDPR policy (https://raygun.com/gdpr) and store data in the us-east-1 region, we do limit the user information stored in their system to only any user ID and email address for our own lookups, and any form fields that may have caused the error, again for our own lookups to see what caused any received error. Access to this system is limited to PurplePort developers only.
4.5 Our data-retention policies
Your data is stored on our servers indefinitely, this aids in historical data being accurate on the site for all visitors, and also historical data aids us if ever there is a legal reason for us to disclose it to the judicial system. Aside from the following specifics:
If images are removed, these are hidden from public view initially and then removed absolutely after 4-weeks, 13-weeks or 26-weeks depending on the deletion method (user deleted, admin deleted, account deactivation).
Permanently deactivated or closed accounts have their login/access information locked down (fields encrypted) so it’s inaccessible thereafter.
Statistic data on profiles is purged after 1-year, specifically a user image-view and profile-view data.
4.6 Giving users access to their data (Data Protection)
Active members of PurplePort can access all of their data through their own profile pages and profile management sections of the website. A request for a data dump of all of their data can also be requested through their account, which will then be provided securely within 30-days.
Inactive members of the site can request access to the personal data we retain for the reasons noted at the beginning of this section, via direct contact with us via a support ticket or email. Upon verifying your identity is valid, we’ll provide a data dump of all of your data, which will then be provided securely within 30-days.
Note that access to your data is free of charge unless the request is deemed to be either unfounded, excessive or repetitive, in which case a related admin fee may be requested. We maintain the right to withhold personal data, if disclosing it adversely affects the rights and freedoms of others, extending to intellectual property rights and trade secrets, this includes confidential reports and relevant information made by other members.
4.7 Data exposure and prevention
Personal data isn’t shared in any form, that data that affects the use of the site is stored in central and backup databases. Passwords are encrypted and tokens used for session data. Aside from that no other forms of anonymization are utilised or required, however, we’re continually investigating and undertaking steps to protect data as much as we can.
Though not certified for ISO27001, we follow the best practices of the policy in our collecting, use and storage of data. Our data is secured on servers based in GDPR-safe regions, we do not sell or share user data with any third parties, and do not undertake any data-sharing schemes.
The main, employed, developers of PurplePort on occasion access the main database remotely for development, or host a copy on their local machines, locked into their individual user account only. Our developers do not have and are not allowed open machines, all have to be accessible through a valid login.
We have firewalls and separate server monitoring software that logs and reports to us. Access to information is only accessible by staff and an NDA-served maintenance contractor, all are made aware of how to handle sensitive data.
All employees work within software-management environments that log development activity.
All company-based communications are required to go through a private, and locked-down messaging service. We don’t share personal member data on this service, simply discuss ideas and development of the site, any administrative information is kept on-site and linked to if required.
We do not discuss personal data outside of the site with anyone, and if a request for profile access, changes or alike comes from outside the site, it is policy to not disclose information, and it is up to the person asking for the information to fully authenticate themselves.
Being a small company, with a mainly family-run infrastructure there’s a strong feeling of unity and it’s easy to guide, monitor and see how employees are operating, all have a deep personal interest in the success of the business, opposed to a larger company that would have issues of staff not being invested in the business as a whole. This we believe adds a large trust and moral undertone to the actions of all involved with the business.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential, as well as the data contained within any request reports sent to you.
5. Third-Party Links
You might find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
6. Contacting Us