This policy was last updated on 3rd Jul 2020 – updated Sections 8 & 9.
I am Pippas Web – I provide webdesign, web hosting and SEO services.
- I don’t sell or share your data – except with companies who I use to create/maintain/host your website, carry out SEO services at your request or help with my financial accounting.
- I use appropriate security measures on my devices to limit access to your data and / or your websites to anyone but me.
- My website will let me know (if you consent to the cookies) about the number of visitors to my site and what areas you visit but this data is anonymous to everyone including Google.
You can ask to see this data, to amend it, to delete it or to stop me using it for a specific purpose.
If you want more details here is the longer version.
Pippas Web understands that your privacy is important to you and that you care about how your personal data is used. I respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Pippas Web is a data controller and data processor – and I am responsible for your personal data referred to as “I” in this privacy notice
- Information About Me
Pippa Haines – Sole trader trading as Pippas Web.
Registered address: 9 Homend Crescent, Ledbury, Herefordshire. HR8 1AL.
Phone : 01531 579577.
Email address email@example.com
- What Does This Notice Cover?
This Privacy Information explains how I use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
- What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
- What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact me to find out more or to ask any questions using the details in Part 11.
- The right to access the personal data.
- The right to have your personal data rectified.
- The right to be forgotten.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability.
- Rights relating to automated decision-making and profiling.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
- What Personal Data Do You Collect?
We may collect some or all of the following personal data:
- Contact details ( Your address (if it’s where the business is based) Billing Address (if different), Email address, Telephone number(s))
- Company Details (company name, address, web domain, email, phone numbers(s))
- Payment information (business name, address, amount, paid in).
- Technical Data – Logins details, IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Website Usage (via google analytics)
- Reviews of our service – on Google, Facebook (this data is controlled by Facebook and Google)
- How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, or because you have consented to our use of your personal data, Your personal data may be used for one of the following purposes:
- To respond to enquiries regarding services I offer.
- To enable me to set up or access hosting, website or accounts associated with the website. There by supplying my Web design, Hosting or SEO services services to you.
- Communicating with you about a service you have already requested or about services and information which may be beneficial to your business – for example letting you know about new local markets or software.
- Keep record of communications.
- Process Financial transactions between us – Invoice & receipts
- Records of Invoicing or payment transactions.
- We analyse the use of Our Site to enable me to continually improve My Site and your user experience.
- We use your email to send out a Newsletter – only when requested.
- We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. Additionally, for systems administration, detecting usage patterns and troubleshooting purposes, our web servers automatically log standard access information including browser type, access times/open mail, URL requested, and referral URL. This information is not shared with third parties and is used only within this Company on a need-to-know basis. (The lawful basis for holding this would be contractual and by consent for Analytics based data)
- Social media – Facebook/ Twiiter/ Google+ / Pinterest – This may include responding to direct messages. – When instigated by customer or potential customer.
- Communication via systems like zoom or Skype to training purposes.
- How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary to fulfil the purpose we collected it for (including accounting requirements)
Your personal data will, therefore, be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- Website related information – Files, Logins, Emails relating to the creation/maintenance of site – these will be deleted if the site is no-longer required (whether it’s moved to another provider or you decide to close the site altogether) – within 3 months of contract ending or at clients request.
- For tax purposes the law requires to keep information about our customers (Contact, Identity, Financial & Transaction Data for 7 years after you stop being a customer)
- Contact Details : (other than those on finance relate documents will be deleted when you stop being a customer.
- Newsletter until you request to be unsubscribed.
- How and Where Do You Store or Transfer My Personal Data?
For site visitors, your data will only be stored or transferred within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
For clients- as above most services the data will be kept in the EEA. However, some services (storage and accountancy) we store/transfer your personal data to companies in countries whose levels of data protection are deemed ‘adequate’ by the European Commission or are covered by if they are part of the EU-US Privacy Shield. More information is available from the European Commission.
This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
- All Devices used to access details are password protected, with up to date internet security software and where available Two Factor authentication.
- Our website has industry standard SSL to encrypt data from our site.
- Your personal data is not stored on our website, it is merely transmitted to us via email and stored on our email service and our contact management system on devices. With the exception of comments left on the blog.
- Communication Data is stored on our Email servers/cloud storage / Mobile phone
- Payment details – stored on cloud storage Accountancy software – or through payment system such as Paypal.
- Website security – Protects sites from access by anyone without permission to get on the site- and being able to add potentially harmful files on the site.
- Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the exception as stated below and for the performance of services contracted for.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
To enable us to provide a service to you we may need to provide your personal data to the following:
- Hosting Companies / Domain registration – in order to get a hosting account to host your website.
- Companies who will provide a service for your site eg. website security, cookie management, analytics
- Mailchimp – hosts and controls my mailing list.
- Social media (including Facebook, Twitter, Google) Any data entered onto these systems the data is controlled by the platform and not Pippas Web. Please be careful what information you provide on them.
- Cloud storage – to store files and records relating to the website and invoices.
- Online accountancy software
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
- How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses as stated in this Notice.
There is not normally any charge for a subject access request.
We will respond to your subject access request within one month of receiving it.
- How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Pippa Haines)
Email address: firstname.lastname@example.org.
Telephone number: 01531 579577.
9 Homend Crescent,
This policy was last updated on 3rd Jul 2020 – updated Sections 8 & 9.