Privacy & Cookies Policy
Effective: 4 September 2019
We are a website design company that creates professional mobile-friendly websites.
We want you to know that your personal information (data) is protected and that you have a choice about how it is used. This policy explains
- your rights
- how we use your personal data, and
- how we comply with our legal obligations.
This policy only applies to us and our website. It won’t apply to any third parties, including our distributors and social media platforms, to which our website links, so we advise you to read those privacy policies or notices very carefully.
We regularly review this policy and will:
- put updates on our website, and
- let our distributors, suppliers and our customers know when we make changes.
Our Contact Details
We are iWebServices. Our registered office is at York ECO Business Centre, Amy Johnson Way, Clifton Moor, York, YO30 4AG. The contract responsible for data protection is email@example.com Our website is www.iwebservices.co.uk.
You can contact us about any aspect of personal data, including complaints, by using the details provided above. You can also make any complaints about data protection to the Information Commissioner’s Office (ICO) – visit www.ico.org.uk for more information, including accessing their helpline and current contact details.
Personal Data We Collect
We collect personal data (any information that could identify you such as your name, address, email address and IP address) including:
- Identification information – such as your name and contact details (address, email, telephone)
- Information so that we can provide videos and other products and services – such as identification information to view a video and accounting data which you provide to us when you pay for your order
- Information received from third parties – particularly when you access our website through a third party (including Distributors)
- Surveys and competitions – which we may run from time to time and which you may choose to enter
- Marketing preferences – such as what you want to know about our new videos and services
- Accounting and financial data – relating to payment for your order and our charges
- Technical information and website use data – such as IP address, browser information, location and time-zone settings, operating system and platform and how you use our website, products and services
- Statistical information – such as information about salaries that forms part of the aggregate information
- Publicly-available data – such as information about Suppliers and who holds particular roles within their organisations.
We need to keep personal data accurate and up to date and will periodically contact you about this. If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by emailing or writing to us, using our contact information at in the Our Contact Details section.
How we collect your personal data
We may collect your personal data in the following ways:
- Information that you give to us by email, telephone or post as part of the services you ask us to provide.
- Information (such as placing any order, completing forms, registering or making payment) that you provide when using our website
- Information from third parties, including our distributors, when you visit our website from any other linked website or from social media (such as LinkedIn or Twitter)
- Information about you that is publicly available, such as on online in social media
If you decide not to give us personal data, we may not be able to provide some services to you. For example, without your email address, we can’t email you.
Using your personal data
We use personal data so that we can:
- Supply you with services you have asked us to
- Provide you with any information you’ve asked for and/or consented to receive
- Provide you with any help or support
- Give you the best website user experience
- Analyse and monitor how secure and effective our website is
The lawful basis for using your personal data
The lawful basis enabling us to use your personal data is usually one or more of the following:
- because you’ve asked us to do something before entering into a contract or to fulfil our contractual obligations to you and provide videos and other products and/or services to you
- to comply with a legal obligation
- where you have consented to the processing of your personal data, such for marketing purposes (remember you can change your mind at any time by contacting us – see Our Contact Details)
- when processing is necessary for our legitimate interests or those of a third party, provided those interests don’t override your interests, freedoms or rights
To protect your personal data, we have put the following measures in place:
- security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (including SSL, encryption and restricted access)
- internal policies and procedures (including our data protection policy) to deal with any issues, including notifying you where applicable of any breach
Sharing your personal data
Personal data from a distributor’s customer who is buying or otherwise accessing (for example to see a sample of the contents) videos or our products and services is shared with that distributors so that we can provide access to the videos/services.
Before we share your personal data with any third party for marketing purposes, we’ll always get your agreement (express opt-in consent) to do so. Otherwise, there may be times when we must share your personal data with others, for example, where the law requires us or to enforce our rights or protect others, such as for fraud prevention. In addition, we may also:
- Allow authorised third parties to track and store information about visitors to our website (including IP addresses)
- Disclose your personal data to those who are providing services to us if they have appropriate processes to protect it
- Otherwise, we will only share your personal information if you have consented to this
Aside from the third parties who may receive anonymised data (see the Non-personal Information section) a list of the third parties with whom we share data is can be found below.
LIST OF THIRD PARTIES WITH WHOM WE SHARE DATA
|Media Temple||Hosting the Distributor’s learning portal||https://mediatemple.net/legal/privacy-policy/|
|Campaign Monitor||Email newsletters and marketing||https://www.campaignmonitor.com/policies/|
|Facebook pixel for retargeting||Marketing – To show targeted ads to people who have visited our website||https://www.facebook.com/about/privacy/update|
|Google pixel for retargeting||Marketing – To show targeted ads to people who have visited our website||https://policies.google.com/privacy?hl=en&gl=uk|
|Rackspace||Hosting our website Email||https://www.rackspace.com/information/legal/privacystatement|
|Google Analytics||Web analytics||https://policies.google.com/privacy?hl=en-GB|
|Google Suite||File sharing and document management||https://policies.google.com/privacy?hl=en-GB|
|Morrell Middleton||Accountants||As members of the Institute of Chartered Accountants in England and Wales, they have professional obligations in relation to GDPR compliance.|
|Paypal||Payment providers – when you make payment to us||https://www.paypal.com/uk/webapps/mpp/ua/privacy-full|
|HM Revenue and Customs||Financial records as required by law||https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter|
|SendGrid||Transactional email sending||https://sendgrid.com/policies/privacy/|
We require all these third parties to respect your personal data, to process it on our instructions and comply with current law in relation to data protection.
Your personal data rights
The law gives you certain rights in relation to your personal data and to exercise these rights contact firstname.lastname@example.org. The following rights may apply to personal data we collect and process so that you can:
- Access personal data that we hold about you
- Make changes to your personal data if it is incomplete or inaccurate
- Restrict the processing of your personal data in certain circumstances
- Ask us to erase your personal data and prevent processing in specific circumstances
- Object to processing your personal data in certain circumstances
- Obtain and reuse your personal data for your own purposes across different platforms
Retaining personal data
We only retain personal data for as long as it is reasonably required before it is deleted or destroyed or anonymised. Our data retention periods can be found below.
DATA RETENTION POLICY
|Data Subject||How long is personal data kept?|
|Distributors and our customers (those who buy directly from us)||We will retain personal data for 7 years from the date that you ceased to be a distributor.|
|Potential Distributors/Customers||We will retain personal data for 12 months from the date of our last contact.|
This is one for you to consider, based on PECR.
|Potential Suppliers||We will retain personal data for 6 months from the date of the last time you contacted us.|
|Distributors’ Customers/End Users (who buy from our distributors)||We will retain personal data for 7 years from the date of purchase|
|Suppliers||We will retain personal data for 7 years from the date that you ceased to be a supplier.|
|Employees||We will retain personal data for 7 years from the date that you ceased to be an employee.|
|Potential employees||We will retain personal data for 12 months from the date of the last time you contacted us.|
Transferring personal data
We do try and keep any personal data within the UK, though this is not always possible. Therefore, your data may be transferred or stored outside the EU to countries who may not have the same data protection as the EU but, if we do this, we will have an agreement with the third party who will be using an approved mechanism to keep personal data secure. This means transferring data to providers who:
- adhere to certain agreed codes of conduct or certification approved by the European Commission or
- the European Commission deems to have an adequate level of protection for personal data or
- are based in the USA and part of the EU-US Privacy Shield
If one of these safeguards isn’t in place, we’ll ask for your explicit consent, which can be withdrawn at any time.
So that we can run our website and business more effectively, non-personal information or aggregated information (which doesn’t identify an individual) is collected when you use our website. For example, Google Analytics collects information about our website visitors, but the information is processed so that an individual can not be identified from it because we work in accordance with Google’s guidelines, so personal data should not be used or shared with them. Website searches may be powered by third parties but are anonymised.