The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. It also details how we use and store your information should you engage in our services.
We DO NOT give any data to third parties for marketing purposes. We do not sell data. We do not share data unless compelled by law. We collect only the data which we think is necessary for us to provide you with the best service.
Who We Are
We are With Hindsite Ltd. References in this policy to “I”, “our”, “we”, “us” are referring to With Hindsite Ltd.
The Owner and Director is Sarah Hind who can be contacted on 01994 484430 or via our Contact Form. Our company number is 08237912.
We are registered with the ICO (Information Commissioner’s Office) under the Data Protection Register, our registration number is: ZA367628. You have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
Data Collected Whilst Using This Website
Under the GDPR (General Data Protection Regulation) we control and/or process any personal information about you electronically using the following lawful basis:
- Consent: We will collect your data when you have given us clear consent to use personal data for a specific purpose, in order for us to carry out the services you have requested.
- Legitimate Interest: We will process your data to enable us to deliver the best service for you & your business.
If you complete any Contact Forms or Quote Forms on our website, we collect identity data (first and last name, company name), contact data (email and phone number) and any informative data that you choose to give us, such as details on the services you require or your budget for our services. We do not share your information with third parties.
We use Google Analytics in order to optimise user experience on our website. This involves the use of ‘cookies’ which provide us with technical data such as the pages you visit, time spend on each page, your general location, browser, etc. Google has its own GDPR information which you can view on Google’s website. Our Google Analytics data is stored (on Google Analytics) indefinitely. You can choose to hide your identity in your browser and can also turn off cookies should you not wish to be tracked.
We also use Google Adwords which tracks traffic to the website as with Analytics. We occasionally use Google remarketing. Google may show ads across websites that you are visiting. These ads shown across other websites are based on your past visits to our website by using cookies. You can opt out of remarketing campaigns by visiting Google’s Ads Settings page.
We DO NOT give any data to third parties for marketing purposes. We do not sell data. We do not share data unless compelled by law. We only ask for personal information if it’s needed to provide a service. We collect only the data which we think is necessary for us to provide you with the best service.
Data Collected Once Contract is Formed
Written agreement (via email) to services being commenced by With Hindsite surmounts to formation of a contract. If you have agreed to using our services, in addition to the above, we may also collect professional data and aggregated data.
Information and correspondence emails may be stored until the contract between us is terminated, or if you request (in writing) to have them amended or deleted.
Stored data may include:
Name, address, phone numbers, email, date of birth (when required to set up third party accounts such as Google accounts), third party login details including website access, Google Analytics, Google Adwords, Mailchimp, business Social Networking accounts. If we host your website we store login details. If we host your email account we store login details. If we are accessing your website we store login details (such as WordPress login). Payment details are never stored.
Please see our Clients’ Terms & Conditions page for further details of Terms & Conditions once you have agreed to using our services.
How Is Your Personal Data Collected?
- Direct Interaction – You give us your information directly by completing a website form, or via correspondence with us by email, phone, etc.
- Automated technologies – As explained in ‘Data Collected Whilst Using This Website’, we may collect analytical data to help us optimise our website’s user experience.
How We Use Your Data
We use your data in order for us to provide the services you have requested. We use your data for analytics purposes, for example to gauge which pages of the website you view. We never give out your data to third parties other than when necessary for the running of our services (eg. if the website host needs to access the website to fix an issue). We never give out any data for marketing purposes.
Where We Store Information
We may store your personal information on our email programmes (Gmail), on Google Drive, in Documents on our own computers, in our accounting software (Quickfile), in a physical card indexing system and on Mailchimp (the latter stores name and email only). We also use Amazon Storage, Dropbox & Updraft for storing website content and performing backups.
Who Has Access To Your Information?
There is very limited access to your information. There are only two staff members, who are security aware. Other access is from essential third parties/sub-contractors who have access to limited information. They only process your personal data on our instructions and they are subject to a duty of confidentiality. For example, our accountants (Bronsens) can access our accounting software which contains invoices, names, addresses, emails and phone numbers. Our website hosts (Siteground) are GDPR compliant. Google’s support teams are often given access to your Google Analytics and Adwords accounts in order for them to help optimise the accounts. We are very security conscious and do not give out any details for third party marketing purposes.
Data Security and Protection
Our website is SSL secure (https). We ensure the security of any personal information we hold by using secure data storage technologies & precise procedures in how we store, access & manage that information. This includes strong password protection, encryption software & up to date anti-virus protection.
Should we ever be made aware of a data breach, we will inform all affected clients. We will also inform the ICO (Information Commissioner’s Office) within the specified 72 hours, if it is likely that there will be a risk to people’s rights and freedoms, for example, if personal data has been stolen or passed on to an unauthorised party.
If you have login details to accounts such as domain, hosting or website login, email accounts, Google Analytics or Adwords, it is your responsibility to make sure all login details are held securely and not passed on. Passwords should be strong, secure and hard to guess. They should be changed regularly for additional security. If someone guesses your password and logs into your admin console or email accounts without your permission, then it is your responsibility to inform the ICO.
How Long We Keep Your Data
Since we often need to refer to past emails, we often keep correspondence emails indefinitely. However, in order to be GDPR compliant we are striving to delete unnecessary correspondence, including data from contracts that have ended. Please contact us should you wish us to delete/confirm deletion of correspondence.
We keep technical data regarding website usage indefinitely, to help us grow and analyse our website and business performance over the years.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that some cookies are required to enjoy and use the full functionality of this website.
Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Your Individual Rights
Under the GDPR your rights are as follows:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right to withdraw consent
To summarise, you can contact us to see what personal data we store about you and how we use it and store it. You can request for any of your details to be changed or removed. If you would like to implement any of the rights above, please contact us. You can read more about your rights in detail here.
You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
We try to be fully transparent in how we collect and store your personal data. If you have any queries at all, please contact us.