Data & Privacy

We’ll always keep your data safe and secure. Here are our policies and documentation in relation to the General Data Protection Regulation (GDPR):

The following policy outlines our practices and procedures when it comes to the collection, handling, storing and protection of your data.

What data do we collect?
In order to deliver our service to our customers, we ask for personal information such as names, email addresses, postal addresses, and any other relevant information required. We are committed to recording data accurately and securely to ensure all communications are limited to the intended recipient.

Why we collect data
We collect data in order to facilitate our business requirements. We only collect data under the following lawful basis:

(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

How it is processed and stored
All of our electronic data is protected by a secure server and our secure environment is password protected. We have anti-virus software in place and our website operates under an SSL Certificate providing a secure connection for its users. Any paper data is held within locked filing cabinets inside a secure office environment which is protected through surveillance cameras and building security.

Access to our data is limited to our internal team who have all been trained on our Data and Privacy Policy.

Third party systems
We rely on AppleMail for storage of our email data.

How we protect your data
We are committed to keeping your data safe and secure. Above and beyond the practices noted in this policy, we have a dedicated Data Protection Officer to ensure our practices are being upheld and adhered to. Should any issues be detected in terms of the use or security of our data, our Data Protection Officer will firstly ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be fully document and we will analyse its severity. If the breach is considered to be of low severity and pose little risk to individuals, we will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence. If the breach is considered of too high severity and has a risk to individual’s rights and freedoms, we will take all measures noted above in addition to notifying the individuals affected and notify the ICO within 72 hours.

How long we keep your data
We will only keep data for as long as is deemed necessary. As our data is used for business purposes ​we will perform​ a ​data cleanse every five years to assess the relevance and purpose of the data we hold. Any data considered to be no longer relevant will be securely deleted and this process will be documented.

Your rights Under GDPR you, as an individual, have the following rights:

  1. The right of access
  2. The right to rectification
  3. The right to erasure
  4. The right to restrict processing
  5. The right to data portability
  6. The right to object
  7. Rights in relation to automated decision making and profiling.

To discuss a subject access request, please contact Marc Shuttleworth. If the request is fair and appropriate, we will provide the requested information within one month of the request, free of charge. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In both cases we will communicate with the individual(s) to explain the reasonings and If a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.

We operate the majority of our business within the EU and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and GDPR practices in mind. Should we need to share your data outside of the EU, we will ensure you are fully consulted.

If you have any queries relating to data or privacy, please contact Marc Shuttleworth.