We take our data protection responsibilities very seriously; implementing appropriate technical security and making every effort to comply with relevant legislation including the GDPR. This Privacy Notice tells you what you can expect when we collect your personal information.
1. Lawfulness and Purpose of Processing
We process information under the legal bases set out in Article 6 of the GDPR for the following purposes:
1.1. Performance of a Contract: this is the legal basis under which we process:
- client data - to provide our services to existing and prospective clients
1.2. Legitimate interests: this is the legal basis under which we process:
- client data - to provide updates on our services and occasional details of additional services that are deemed beneficial
- partner data - to maintain working relationships with other organisations, for example suppliers of goods and services
- networking contact information - to promote our services and secure future opportunitiesI
2. How we use your information
This Privacy Notice applies to information we collect or access, including:
2.1. People who purchase or enquire about services
We need to hold the details of the people who have requested services to provide them with the service and/or related information. We only use these details to provide information relating to the service requested and for other closely related purposes.
2.2. E-mail recipients
We send out occasional e-mails to make existing and prospective customers aware of updates in our services and/or guidance and to provide information about our services. People can opt-out of this type of contact at any time and are given an easy way of doing this.
We may gather statistics around email opening and clicks using industry standard technologies.
If we receive a complaint, we will make up a file containing the identity of the complainant and any other individuals involved. We will only use the personal information collected to process the complaint and to check on the level of service provided. We may have to disclose the complainant’s identity to partners where, for example, we are taking professional advice. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect this. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information in complaint files for two years from closure in line with our retention policy. This will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
We may keep an overview of complaints received, but not in a form which identifies anyone.
2.4. Client information on customers, employees, contacts, complainants, etc
It may be necessary to access and/or take a temporary copy of client data to provide our services. Where this is necessary, we will only use this information to provide our services to the client, this may include limited processing of the information on behalf of the client; for example: liaising directly with an employee who requires specific advice, or a client customer who submits a subject access request, etc.
Where this is necessary, the data will be appropriately secured. We will not process this information for any personal reason and will ensure it is fully and securely deleted when it is no longer needed.
2.5. Visitors to our website
When someone visits our website www.richwhitedesign.com a third-party service, Google Analytics, collects standard internet log information and details of visitor behaviour patterns. This is done to monitor things like the number of visitors to the various sections of the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do want to collect personally identifiable information through our website, we will be up front about this; making it clear what is being collected and explaining what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. For more information on the cookies we use, please contact us at the address below.
Links to other websites
This privacy notice does not cover the links within my website to other websites. We encourage you to read the privacy statements on the other websites you visit.
Our website search and decision notice search is powered by our own internal content management system. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either ourselves or any third party.
Online contact form
We collect information volunteered by visitors to our website using an online reporting tool hosted by VidaVia Media S.L. using servers located within the EU. This company only processes personal information in line with our instructions and does not use this information for any other reason.
Security and performance
We use a combination of Drupal and third party Drupal modules to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to the website.
We publish our own website, blog, and other online aspects. These sites are hosted on servers at Rackspace UK, located within the EU. We use a standard Apache web service and Drupal website to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Drupal requires visitors that want to post a comment to enter a name and email address but this information is retained by ourselves.
2.6. People who contact us
When you call, email or contact us by online form, we may log relevant details to enable an effective response. These details will be securely destroyed / deleted when no longer needed.
We may or may not use Transport Layer Security (TLS) to encrypt and protect email traffic in line with industry standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We monitor any emails we receive, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
3. Your rights
Under UK Data Protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
3.1 Access to personal information
We try to be as open possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the legislation. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to; and
let you have a copy of the information in an intelligible form.
You must put the request in writing to us using our online contact form on this website.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct mistakes by contacting the address below.
4. Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, when we investigate a query or complaint for example, we may need to share personal information with our professional partners and with other relevant bodies. We will not share information without having a justifiable business need or your explicit consent and we will never share your data for third-party marketing purposes.
5. Deletion of personal information
We adhere to appropriate legislation and industry standards when retaining information. Generally, information is only retained for as long as it is needed for the purpose/s for which it was collected. When information is no longer required, electronic records are securely deleted and hardcopies are shredded in line with best practice.
6. This Privacy Notice
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to us using our online form on this website.
We keep this privacy notice under regular review; it was last updated on 13th July 2018.
7. How to contact us
If you want more details, to request access to your information or to make a complaint about the way we have processed your personal information, please contact us using the online form on this website.
You can also contact the Information Commissioners Office in their capacity as the statutory body overseeing data protection law – www.ico.org.uk/concerns.
Information Commissioner's Office