Who we are
This is the Privacy Notice of Obsidian Unmanned Aircraft Systems Ltd. In this document “we”, “our”, “us” refers to the company, its management and persons working on behalf of the company such as pilots, camera operators etc. “UAS” refers to unmanned aircraft systems often commonly called “drones”.
Our website address is: http://www.obsidian-uas.co.uk , referred to as the “website” below.
The Managing Director is responsible for Data Privacy and Protection.
The purpose of this Privacy Notice is to provide you with information about:
- The name of our business and who is responsible for Data Privacy within it.
- Why we hold personal information (our “lawful basis”) and what we do with it.
- How the data is obtained.
- Who we share data with and how we do this.
- How long we keep data for.
- How people can request access to, correction of or deletion of their data.
- How to complain to the Information Commissioner’s Office (ICO).
- To confirm that no automated decisions or profiling is carried out using the data we hold.
- How information is published on websites, brochures, posters or advertisements that we use.
General statements on data privacy and our operations
- Obsidian Unmanned Aircraft Systems captures aerial photographs and video as part its business operations. Some of this imagery will include identifiable pictures of individuals which will constitute “personal data”.
- We take protection of customer and individual data very seriously and wish to provide assurance that measures are employed to protect individual privacy at all stages of our operations from initial contact, through capturing of information by our cameras to processing and release to the intended recipients and subsequent disposal.
- Where it is likely that personal information will be captured by our operations, impacted persons will be made aware of this through various methods appropriate to the circumstances e.g. local signage, verbal warnings and directions to this website where this Privacy Notice can be viewed for more information.
- The unique vantage point of unmanned aircraft (“drones”) combined with the capabilities of their cameras also creates a risk of capturing what could be considered personal data unintentionally or inadvertently. Steps are taken during flight operations to minimise this risk. All footage is subsequently reviewed and steps taken to address any privacy issues identified before the footage is released to the customer or placed on any public location such as a website or promotional material.
- In addition to photographic and video imagery we also capture general information about customers and suppliers such as contact details as required for the normal operation of our business.
- Our Policy complies with the UK Law including that required by the EU General Data Privacy Regulation (GDPR).
- Except as set out in this notice, we do not share, sell or disclose any information collected during the performance of our services or gathered via our website.
Why we hold personal information and its uses (our “Lawful Basis” for processing).
Where we have a contractual obligation with you
Where you engage Obsidian Unmanned Aircraft Systems to provide a service or perform a task for you or otherwise agree to our terms and conditions a contract is formed between you the customer and the company. In order for us to carry out our obligations under that contract we must process the information you give us, some of which may be personal information. The information we gather about you will normally be limited to name and address, location where the services are to be provided and details of the service you require or task you wish us to perform.
We will use this information to:
- Confirm your identity for security purposes.
- Confirm the feasibility of your request.
- Carry out site assessments, flight planning and risk assessments necessary for safe conduct of the flight.
- Provide a quote for the costs of the service or task.
- Obtain location specific insurance cover for the flight.
- Deliver our services to you or to carry out the required task.
- Provide finished products to you.
- Provide any other consultancy related to your requirements.
Under the contract photographic or videographic images will be taken which may also include personal information due to the ability to identify individuals from the footage.
This information will be gathered because:
- It was a specific request of you the customer to capture images of yourself and/or these individuals for your purposes and their consent has been given (for example aerial photographs of a family wedding).
- You desire to have individuals appearing in the footage and those individuals have been informed that their image will be captured and how it will be used (for example promotional materials of a hotel showing guests enjoying the facilities).
The nature of UAS operations and the capabilities of the cameras employed create a risk of images of individuals being captured that were not intended as part of the service or required by the customer. In these circumstances we will review and assess these images against ICO guidelines to consider whether there is a potential for a privacy breach should the images be released publicly or used commercially. Any such imagery will be treated to resolve any privacy concerns before release. Typical methods of treatment could include:
- Notifying the individuals and seeking their permission to use their data for the stated purpose.
- Cropping of photographs and video frames to delete images of persons appearing near the margins of the image.
- Obfuscation or “fuzzing” of images or parts therein so that individuals are not identifiable.
- Dropping frames from video or removing photographs from a set.
- Deletion of footage altogether where it is not possible to resolve privacy concerns.
We operate a Records Management Process which will record any such identified privacy concerns and the treatments used to address them. Original, unedited footage containing potential privacy breaches will not be retained by the company and will not be released to the customer or publicly.
Information we process with your consent
Through certain actions you implicitly provide your consent to us to process information some of which may include personal information even though there is no contractual relationship between us. These actions include visiting and browsing the website, using contact forms, sending us an e-mail to which you would reasonably expect a reply, viewing images on the website, requesting information about our services and capabilities. Where feasible we seek to obtain your consent to process this information.
Except where you have consented to use of your information for a specific purpose we do not use your information in any way that would identify you personally.
We continue to process your information on this basis until you withdraw your consent or until it can be reasonably assumed that your consent no longer applies.
You may withdraw your consent for us to process your information at any time by instructing us via e-mail to firstname.lastname@example.org. However, in doing so it is possible that we may not be able to provide further services to you unless consent is restored.
Information we process for the purpose of Legitimate Interests
Obsidian Unmanned Aircraft Systems may process your information on the basis that there is a legitimate interest to you or to us in doing so.
Where this is the case consideration is given to whether:
- it would be possible to achieve the same objective via another means with less privacy risk or concern.
- Processing your information (or conversely, not processing it) could cause you harm.
- There is an expectation from you that we would process your data and you would consider it reasonable to do so.
Examples of where this would be the case could include:
- necessary administration of our business including proper record keeping.
- Responding to communications from you to which we believe you would expect a response.
- Protecting and asserting the legal rights of any party.
- Obtaining professional advice required for proper operation of the business or managing risk.
- Protecting your interests where we believe we have a duty to do so.
Information we process because we have a Legal Obligation
Obsidian Unmanned Aircraft Systems is subject to UK Law and Laws of any other jurisdiction we operate under. In addition, as an aviation business we are also required to comply with the UK Air Navigation Order and the conditions of our Permission for Commercial Operations (PfCO) issued by the UK Civil Aviation Authority. We may be required to process your personal information in order to comply with a statutory obligation.
For example we use address and location information (which could be your personal address) to carry out site risk assessments, plan flights and obtain location specific insurance as required to comply with our PfCO. Or we may be required to provide information to legal authorities that have the proper authorisation or have a search warrant or court order.
Information to support payments
Payment information is not taken by or transferred through this website. Our normal payment process is to invoice the customer electronically. This invoice will inlcude links to a secure payment site of PayPal or some other reputable payment services provider. This payment website is not controlled by us.
Alternatively payments can be made in cash or via a direct bank transfer in which case us having your payment details will not be necessary.
How data is obtained
Photographic and Videographic data will primarily be obtained via the camera equipment installed on our aircraft. These cameras can be operated remotely and our internal processes require that cameras are switched on and off to record specific imagery rather than be left permanently on. This is to reduce the risk of inadvertently capturing unwanted images while the aircraft is maneuvering or repositioning.
Images are saved to a MicroSD data card installed in the aircraft and “thumbnail” images are stored to the controller or a mobile device which forms part of the controller. On completion of the operation the images are transferred from the aircraft Micro SD card to secure computer storage as soon as is practical after the flight. The MicroSD card is formatted and the controller/Mobile Device are cleared of thumbnail images and local copies of data before being connected back to the internet.
While the aircraft is in flight a video downlink feed from the camera to the controller is in operation permanently and forms part of the flight controls of the aircraft. This is a necessary safety requirement to enable the pilot to accurately position the aircraft, avoid obstacles and for navigation. The video downlink feed is encrypted and is only visible to the pilot. It is not recorded.
In addition some ground based footage using conventional digital cameras and mobile devices may be used in support of our operations. All data is transferred from these to secure computer storage in the same way as the data from our aircraft.
When you contact us about our services either by telephone, through our website or by e-mail we collect the data you provide in order to respond to your request for information and to assess your requirements as set out in the paragraph above relating to our “Lawful Basis”.
Only non-identifiable cookies are stored by our website.
Embedded content from other websites
Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.
Who we share your data with and how this is done
As part of our normal processing we may share your information with trusted third parties. Typically these will be:
- Companies involved in the operation and administration of our business e.g. Insurers, Accountants.
- Companies involved in the billing process e.g. Accounting software providers, banks.
- Specialist service providers such as printers, delivery companies.
- Specialist processors such as companies providing photogrammetry services, data point analysis and 3D imaging capability.
- Companies who have engaged us as part of their services to you e.g. Surveyors, estate agents, agronomists.
We apply the following principles to these organisations to help protect your data and your privacy:
- We maintain a list of approved suppliers and carry out risk assessments of each supplier.
- We provide only the information they require to perform their services either to us or to you.
- They may only use your information for the purposes we specify in our contract with them.
- If we stop using their services we require that any of our customer data they may hold is deleted or anonymised unless there is a regulatory requirement for them to retain it.
In addition we may be required to provide personal data to the police, regulators or other enforcement bodies upon receipt of a valid request to do so.
As part of the contracted service data will be provided to customers and suppliers in a secure electronic format agreed with them. This will typically be via encrypted physical media or via a secure electronic data transfer solution such as DropBox.
Once data has been provided to the customer as part of our services we have no control over what any individual or third party may do with it and we accept no responsibility for their actions or subsequent use or misuse of that information.
Processing of data outside the European Union
Obsidian Unmanned Aircraft Systems is based in the United Kingdom and our normal sphere of operations is the UK. Our website is is hosted in the United Kingdom
Our accounting system including contact details of customers and suppliers for invoicing purposes is hosted in the United States of America by a company which is compliant with the USA-EU Privacy Shield Framework.
How long we retain your data
Customer Photographic and Video data are retained for a maximum of 1 year after they have been delivered to the customer unless prior agreement has been made for us to retain the information for a longer period. For example we may agree with the customer to use parts of their footage on our own website as examples of the sort of services we provide and the output we can achieve.
Where a customer requests us to retain the information longer we will do so. Due to the nature of some of our services we may need to retain footage for longer periods for example for comparison with footage taken in the future. GPS location data for waypoint navigation may be retained for the same timeframe to enable accurate positioning of the aircraft to repeat a task.
There may also be circumstances where we need to retain footage for longer periods, for example where footage would be useful to an accident or incident investigation or as evidence. If this is the case the data will be deleted as soon as it is no longer required. Similarly Incident & Accident records may need to include personal information and will be retained while they support on-going investigations and for a minimum of 10 years after the incident.
Customer and Supplier details are retained while there is an ongoing relationship with that person or organisation and then retained for 6 years after which the data will be deleted in the following year as part of our normal records management process.
Requesting access to, amendment or deletion of your data
As a customer or if you have requested information via our website you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that your data is amended or updated or that we erase any personal data we hold about you. Erasure does not apply to any data we are obliged to keep for administrative, legal, or regulatory purposes.
Requests should be submitted to us via e-mail to email@example.com or be calling our regular contact number 07545 775706.
No automated processing or decision making is carried out by Obsidian Unmanned Aircraft Systems on your data.
Any complaints relating to data privacy, the data we hold about you or this policy should be addressed directly to the managing director in the first instance via e-mail to firstname.lastname@example.org or in writing to our registered address.
We will make every effort in good faith to resolve or remediate your complaint.
However, if you are not satisfied with how we handle or process your personal information you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). Please visit their website at https://ico.org.uk/concerns/