- GDPR Policy
What is the General Data Protection Regulation (GDPR)?
Under the General Data Protection Regulation (GDPR), we are required to publish information about what data we collect, why we need to store it, and your rights under the GDPR legislation.
In these matters we are subject to the rulings of the Information Commissioner’ Office (ICO), the UK’s independent authority set up to uphold information rights and data privacy for individuals.
Basis of and scope of data storage:
- We store and process data only as agreed by the client or as required in order to perform services requested by the client. We regard all details we do store as confidential.
- We do not engage in any profiling activities.
- We never share data with 3rd parties (e.g. for advertising, marketing, data analysis or similar).
How we obtain data:
- Data we hold will consist of information that you provide to us (e.g. contact details you enter on forms or correspondence), or is determined through your direct interaction with our website (e.g. your IP address).
- We obtain data through legal purchase from reputable suppliers for the purpose of marketing activities to users and businesses who have expressed an interest in being contacted for the purpose of receiving relevant and interesting information from companies such as ourselves.
Data we hold consists of:
- Contact information:
Your name. Company name and registered number (if applicable). Postal address. Country. Email addresses (if applicable). Telephone number (if applicable).
This is used so that we can contact you when needed (e.g. to send invoices, certificates you have requested, communicate information affecting your account or our service to you, etc.)
- Payment information:
Payee name. Billing contact details (if applicable). Date and amount of payments. VAT and other tax related numbers and registration information.
This data is kept purely to allow cross-checking in the event of accounting imbalance, customer payment enquiries or investigation by tax authorities (i.e. mandatory accounting requirements).
- Information you supply relating to works you have engaged with us (i.e. specific information to facilitate a project or support query).
- Enquiries we have received via email, web-form or post.
- We may also store your IP address for security reasons and to enable us to investigate technical problems if you experience a fault whilst using our site.
- We retain personal data that you supply for as long as you are a client with an active account, and for as long as we are legally required to do so (e.g. by tax and accounting regulations).
- Where data may exist on back-ups, these are regularly changed and expired files (etc.) are securely disposed of when backup media is expired or replaced.
- General enquiries via web-form, email or post; These are generally kept for a number of years so that we can refer back to them if you send a follow up to our reply.
Right of access and rectification
- If you are a client and have need to check any information we hold about you, or need to correct inaccurate information, please contact our Support Desk (firstname.lastname@example.org).
For security reasons we will need to ensure that you are the account holder (and may ask you to provide proof of your identity) before we can release any information.
Right to erasure:
- If you decide that you no longer need our services and want the data we hold to be deleted, you may cancel your account at any time and we will remove your data once we are legally able to do so.
(Note: for VAT invoices, and other financial records, there is a minimum retention period of 6 years specified under Paragraph 6, Schedule 11 of VAT Act 1994 and HMRC Notice 700/21 (December 2007), point 2.4. ).
- If you are not a client, but have contacted us via email/letter, and want any emails, letters, or form submissions enquiries you have made erased please contact our Support Desk (email@example.com) and we will be happy to arrange that.
Please note: for security reasons you must contact us from the address you want removed and we may ask you to prove your identity (i.e. you cannot delete someone else’s data without their consent).
If you take no action, the data will be securely disposed automatically in due course as part of our routine maintenance activities.
Complaints, corrections or objections
- If you have any questions or concerns about information we hold about you, or need to correct inaccurate information, please contact our Support Desk (firstname.lastname@example.org).