My Commitment to GDPR
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.
The GDPR imposes additional requirements upon organisations to strengthen the security and enhance the protection of personal data of EU residents.
I recognise the importance of passing regulations to advance information security and data privacy for citizens of the EU, and all citizens, regardless of their location.
I am firmly committed to GDPR compliance.
Definition of Data Controller and Data Processor
A data controller is the person or organisation that decides the purpose for which and the way in which any personal data is processed. A Data processor refers to the person or organisation which processes personal data on behalf of the controller.
The data controller is Mark Wingrove (Wingrove-Media)
The data protection officer is Mark Wingrove who can be contacted directly at email@example.com .
My Services relate to the design and development of websites, management of hosting and in some cases email systems. The majority of information I deal with on a day to day basis is destined for websites and as such are open to public scrutiny.
Information I hold, which is subject to confidentiality, relates to client details, names and addresses, email addresses, telephone numbers and where issued passwords to accounts.
This Privacy Notice is meant to help you understand what Personal Data I might collect, why I collect it, and what I do with it. It also describes the choices available to you with regard to the use of your Personal Data and how you can access and update this information.
I am committed to protecting the privacy of websites visitors (“Visitor”), individuals/charitable and non-profit organisations /businesses that purchase or make a contribution towards my services (“Customer”) and individuals who register with my website (“User”).
I have adopted the following principles to govern the use, collection, and transmittal of Personal Data, except as specifically provided by this Policy or as required by applicable laws:
- Personal data will only be processed fairly and lawfully
- I do not collect any more personal data than is necessary to provide the services
- I only use your personal data for the purposes I specify in this Privacy Notice, unless you agree otherwise
- I do not keep your personal information if it is no longer needed
- I do not sell, distribute or share your personal information with third parties
- You can have your data updated at any time
- You can remove your data at any time
- You can request a copy of the data I store on you at any time
- Personal data is securely stored and managed
What Is Personal Data?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, can also constitute personal data.
Personal data is subject to the protection requirements set out in the GDPR.
Examples of data considered as personal data:
- a name and surname
- a home address
- an email address such as YourName@company.com
- telephone numbers
- an identification card number
- location data (for example the location data function on a mobile phone)
- an IP address
- a cookie ID
Examples of data not considered as personal data:
- a company registration number
- an email address such as firstname.lastname@example.org
- anonymised data
What and How I Collect and Maintain Information
I collect and maintain information about my Customers and Users, which may include:
- First and last name
- Postal address
- Phone and fax numbers
- Website URL
- E-mail address
- Other billing information, i.e. order details, subscriptions and license information
In order to communicate with me or to use my services, you may be prompted to provide certain personal data in the following ways:
- By filling in forms (i.e. a “Contact Us” form) on my websites
- Contact directly (i.e. by phone, SMS, email or post)
- By downloading or accessing my services
- When you register to use my website (https://wingrove-services.co.uk) this will include your email address, name and organisation’s website address. This is effectively signing up to a newsletter which you can unsubscribe yourself from at any time.
- When we enter into a relationship for the intended delivery of services. I will require your name, address, email address and contact numbers. This information is generally exchanged through email and forms part of a business record for maintaining contact and accounts.
- By corresponding with me by phone, e-mail or otherwise using my contact details
Typically, the personal data you give me may include name and email address, and any personal details required to resolve any enquiries or complaints.
Customer Support and Service
When Customers or Users contact me for support or other customer service requests, I maintain records related to the requests through email, including any information provided by Customers or Users related to such support or service requests.
How I Use Personal Data
I use personal data provided by you to provide services and for business purposes such as delivering services, marketing, billing and for other general purposes.
I will never share your personal data, or otherwise make your personal data available to any third parties for the purposes of marketing or targeting you. I will not sell, rent, or exchange your personal data with any third-parties.
I use your personal data to:
- Conduct and develop my business with you
- Operate, maintain, improve and develop the websites
- Monitor, carry out statistical analysis and benchmarking (i.e. Google Analytics for sites pages tracking), provided that in such circumstances it is on an aggregated basis which will not be linked back to you or anyone else
- Engage and educate you about my services
- Provide you with documentation or communications which you have requested
- Correspond with you to resolve your queries or complaints
- Provide you with any services you request
- Send you marketing communications
- Protect and ensure safety of the all data collected
Definition Data Processing
The meaning of data processing is defined as any operation performed on personal data whether by automated systems or not and includes collection, use, recording etc.
The extent of “data processing” performed on the personal data I hold is limited to the management and maintenance of existing business relationships and financial accounts. I do not use it for any other purpose.
Change of purpose
I will only use your personal data for the purposes for which I collected it. Where I need to use your personal data for another reason, I will do so only in circumstances where I reasonably consider it is compatible with the original purpose. In the event I use your personal data for a different purpose, I will notify you of the legal basis that allows us to do so before commencement.
How I Protect Your Personal Data
All of your Personal Data remains private and confidential. The security of your Personal Data is extremely important to me. I follow generally accepted standards to protect personal data submitted to me, both during transmission and once it is received. No method of transmission over the Internet, or method of electronic storage is 100% secure.
My email communications are sent over, and received from, an encrypted connection to the mail systems. Provided you ensure your email communications settings in your email application are also configured to use security you should be assured of the secure communications between us.
I use password controlled accounts on the various computer systems I use on a day to day basis. Systems will also time out requiring password re-entry. The locations where your information is stored are also encrypted. Should I need to carry personal data with me for any purpose, the media that is used is also encrypted.
I ensure that my computer systems are up to date and are using the latest security patches.
I use ESET Smart Security Premium on my Microsoft Windows devices to provide additional layers of security to detect intrusion attempts, viruses and monitor network activity.
On the websites I develop, these are generally protected by at least one security plugin. The sites also send me messages to a special email account so I can monitor any unusual activity on sites. I also work closely with 20i Ltd the hosting company based in the UK where your website and email (if it is associated with the website hosting account) is located.
Default logins on websites and other devices are never left at their default settings, and passwords to sensitive areas such as websites are extremely cryptic and complex.
I will never request your hosting, email or website account credentials except where I am moving something from one location to another, or to change some settings. This will be done transparently and with your full knowledge. You will also be expected to change your password after the changes have been made to maintain the integrity of your account.
You should never share your account information with anyone else, including your username and password. I recommend that you use unique passwords for your website, control panel and email. You should check your account regularly to ensure that your Personal Data has not been tampered with or altered.
Any suspicious activity regarding your account, including automated messages from parties you cannot identify, should be reported to me using the contact information at the end of this document.
Location of Personal Data
Systems I use that contain data may be in one of the following locations:
- On a local encrypted drive attached to a computer system
- On a local encrypted server
- On a DropBox Professional Account (also encrypted)
- In the hosting system used by 20i Ltd which is based in the UK (this will be hosting account details such as name, address and contact number of the client only where one has been set up for you).
- On a portable encrypted device
Use of Third Party Services for Fault Detection, Management and Resolution
I use various 3rd party services when resolving problems on or related to websites. During the course of identifying a problem and investigating it access may be permitted to your website in order to locate the problem. This is usually the hosting company 20i. On some occasions I may need the help and support of a third party whose plugin or theme is being used on your site. I may grant access to these people as well.
When the work has been completed the login account to the site is deleted
My commitment to data protection and information privacy demands the use of 3rd party services that are also committed to the same end.
All my 3rd party services will be GDPR compliant and will themselves have their own applicable privacy policies.
If you have subscribed to my Newsletter (only you can do this, I will not subscribe anyone without their knowledge, and nobody else can subscribe you without your knowledge) you will receive an email from me generally once per month, and on rare occasions when there is something important relating to the security or integrity of your site an Alert communication which is sent out on an ad hoc basis. You may unsubscribe to these at any time. You will not receive any further newsletters after you unsubscribe.
Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session ID” cookies. Persistent cookies remain on your computer when you have gone offline, while session ID cookies are deleted as soon as you close your web browser.
The websites I develop and the associated plugins and themes use both session and persistent cookies.
In general, cookies are used to retain user preferences, store information, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
I will not use any hidden marketing or targeted advertising on my websites (Wingrove-Media.Com and Wingrove-Services.co.uk). All of the cookies that are used are legitimate for the delivery of the service.
I cannot take responsibility for any interaction you have with 3rd parties or services that are not directly my own.
Your Rights under the Personal Data Protection Laws
As my Customer or User, you have the right to:
· Request access to your personal data (known as a data access request). This enables you to receive details of the personal data I hold about you and to check that I am lawfully processing it.
· Request Correction of the personal data that I hold about you.
· Request erasure of your personal data. This enables you to ask me to delete or remove personal data where there is no good reason for me to continue processing it.
· Object to processing of your personal data where I am relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where I am processing your personal information for direct marketing purposes.
· Request the restriction of processing of your personal data. This enables you to ask me to suspend the processing of personal data about you, for example if you want to establish its accuracy or the reason for processing it.
· Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible. I do not believe that any circumstances exist where this right would be exercised due to the very small amount of data held.
Your Responsibilities under the Personal Data Protection Laws
Within your rights under privacy laws you are entitled to ask for a copy of the data (access request) that I hold in my systems. I will follow a process to make sure that before any personal data is transmitted to the requester, that they are legitimately entitled to receive it.
If you do not co-operate in this process to establish the legitimacy of the request, the information will not be released. Any requests on my part to verify your request will be undertaken solely to protect both you and I against a breach of your personal information.
Should this situation occur and not be resolved to your satisfaction, you should write or contact the ICO office to escalate the matter.
You may withdraw your consent at any time by contacting me at email@example.com .
Automated Decision Making
I do not carry out any Automated Decision Making based on the data I hold about you.
Data Retention Period
I will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
- Data retention periods will depend upon a number of factors such as :
- The requirements of our business relationship and services provided;
- Relevant statutory or legal obligations;
- The purposes for which the data was originally collected;
- The lawful grounds upon which I based the processing;
- They types of personal data collected;
- The amount and categories of your personal data;
- Whether the purpose of the processing could be achieved by other means.
My normal data retention period for data received in connection with my operations and services will be 7 years in line with regulatory requirements unless there is a legitimate interest for retaining that data for a longer period.
Subscribers wishing to unsubscribe themselves from my newsletter will be unsubscribed within seven days of an email request to firstname.lastname@example.org . Or they may choose to unsubscribe themselves online through the link in the bottom of every newsletter. They will not be contacted any further and their details will be removed from the database within six months during my next maintenance cycle.
Example of long-term data retention
I am required by law to be able to record sales and tax information for up to 7 years. In this case I must retain any pertinent information on these transactions.
Changes to this Privacy Notice
I may change this Privacy Notice from time to time by updating this page in order to reflect changes in the law and/or my privacy practices. I encourage you to check this Privacy Notice for changes whenever you visit one of my websites. Each privacy notice will note the date it has been released, I will also inform you of changes through my newsletter.
How to Contact Me
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Chesire, SK9 5AF
Telephone 0303 123 1113 (local rate) or 01625 545 745 (national rate).
Website – https://ico.org.uk/concerns