PRIVACY POLICY
We’re committed to protecting your information and privacy.
Last updated 13th Sep 2018
OVERVIEW
In order for us to operate our business and provide our services to you, it is sometimes necessary for us to collect and process certain information about you. In general, this consists of:
- information that you provide directly to us where you complete an online form for example, or send us a message via our website;
- information that is sent to us automatically by your computer when you visit our website, such as your computer’s IP address or browser type;
- information about how you use our website, such as which pages you visit or how frequently you visit and so on.
Please read this policy carefully to fully understand how we collect, use and protect your information.
OUR COMMITMENT
We are fully committed to protecting your privacy and keeping your information (‘personal data’) secure.
We operate a ‘data minimisation’ principle, collecting only the information necessary to provide our services efficiently.
We aspire to comply to the fullest extent with applicable data protection regulations, in particular the European Union’s General Data Protection Regulation (‘GDPR’) and ePrivacy Directive, where applicable.
WHO WE ARE
This website is provided byNumeraki Limited is a registered company in England and Wales (08485878) registered office: 33 Abbotsford Park, Whitley Bay, NE25 8AT, UK. ICO Registration: ZA460653.
Numeraki Limited is the ‘Data Controller’ of this website.
YOUR PERSONAL DATA
When we refer to ‘personal data’ we mean any information that allows us to identify you personally.
Obvious examples include your name, address, email and phone number. We will always seek to gain your explicit consent to providing this information before we collect it from you, although this may not be the only legal basis on which we collect the data.
Other information, such as your computer’s IP address, location or use of this website, generally does not allow us to identify you directly.
WHO WE SHARE YOUR DATA WITH
We share data on a strict ‘need to know’ basis, and that is particularly true for any personal data. The following parties may be granted access to your data:
- employees;
- freelance contractors, providing design or support services;
- web hosting suppliers, providing the physical servers our website(s) operate on;
- cloud storage suppliers, providing our secure backup and email facilties;
- legal and regulatory authorities, where necessary under UK law.
Before any access is granted, Data Privacy Agreements are usually signed detailing the respective responsibilities for data security.
All hosting and storage servers reside within EU. No data is transferred to data centres outside the EU.
HOW YOUR DATA IS PROTECTED
We take data security very seriously, we use strict procedures and security features to protect your data:
- access control: Access to personal data is limited to those outlined above on a strict ‘need to know’ basis. Access is controlled via individual user accounts with a strong password enforcement;
- dedicated security software: We use dedicated security scanning and access control software on our websites to help block any potentially malicious attempts to access our data and services;
- data encryption: We use SSL encryption to ensure all traffic to and from our servers is encrypted and where data is stored in a cloud facility, that data is encrypted both ‘in transit’ and ‘at rest’;
-
service provider vetting:Security is a key factor in our selection of any third party service providers.
-
ICO registration: We are registered with the Information Commissioner’s Office (ICO), the UK’s data regulator, ensuring that our data privacy record and reputation is available in the public domain.
Unfortunately, the transmission of information over the internet is not completely secure. Although we do our utmost to protect your data, we cannot guarantee the security of your data transmissions and you undertake them at your own risk.
YOUR RIGHTS OF ACCESS
In the situation where you have provided personal information to us directly, for example by completing an online form, you have the right to:
- obtain from us, confirmation about whether any such data is being held;
- require that we provide you with whatever data we are holding/processing about you, including the right for that data to be transferred to another data controller;
- withdraw any consent given for us to hold/process your data;
- require us to rectify any incomplete or incorrect information held about you;
- require that we erase all personal data held about you (the ‘right to be forgotten’).
In the situation where we have collected personal data automatically, such as from your internet browser or via internet Cookies, you have the right to:
- object to the legal basis upon which we are collecting your data and we have an obligation to consider and respond to your objection;
- request that we cease any further processing of your data while your objection is being considered;
- make a complaint to the relevant data protection authority, which in the UK is the Information Commissioner’s Office (ICO).
In most circumstances, you can exercise these rights without paying any fee to us.
Types of data we collect
Types of data we collect
WEBSITE CONTACT FORMS
When you fill out a contact form on our website, we will ask you for some personal details, such as your name and email. We may also request your address or phone number. This information is required for us to efficiently respond to your request.
If you do not submit a contact form on our website, no such data will be collected in that regard.
Legal Basis:
Consent (GDPR Art 6(1)(a)): Generally, we will ask for your explicit permission to process this data before you are able to submit the contact form. We will also give you a link to our Privacy Policy (this document) that you may review before submitting your details.
Intent to contract (GDPR Art 6(1)(b)): Additionally, the information that you provide to us here is necessary for us to fulfil your request prior to entering into a contract.
Types of processing
- We will store the information you provide us in our website database and/or our Customer Relationship Management system. Such storage allows us to efficiently access your data and respond to your request(s);
- To maintain the integrity of our systems, we may also store this data in our system backups. These backups are encrypted and password protected;
- We may use this information to contact you about other services we believe may be of genuine interest to you;
- We will not use this data for any other purpose, without your express consent;
- We will never sell your information to any third party.
Data minimisation:
We will only ask you for the minimum amount of information appropriate to fulfillling your request. This will usually be your name, email and specific information pertinent to your request.
Retention
If we do not enter into a further contract or agreement with you, we will retain this data for a maximum of 12 months. If you choose to engage our services and we enter into a contract for work, we will retain the data for the length of our agreement plus a maximum of 12 months.
ACCOUNT LOGINS
Some website functionality may require you to operate a ‘user account’. This is a personalised password protected area of our website reserved for clients. For example, if you commission us to design some materials for print; the finished artwork will be uploaded to your user account for easy access and retreival. User accounts enable us to protect your personal and perhaps commercially sensitive data behind login security. They also help us to protect the integrity of our website and the servers that run it.
At a minimum, the data retained will be your name, email (account username) and a password, but may also include other personal or commercially sensitive data depending upon the services you engage.
All passwords are encrypted before storage and cannot be viewed either by our employees or third party technology providers.
If an online user account is not required, then no such data will be collected or maintained in this regard.
Legal Basis:
Protecting your interests (GDPR Art 6(1)(d)): User accounts are often necessary for the purpose of providing you the services you request, and we consider that protecting the integrity and security of your data is protecting your interests under the GDPR.
Our Legitimate interest (GDPR Art 6(1)(f)): User accounts are vital to the protection of your personal data and to the provision of the services we offer. We consider that it is in our legitimate interest to process your account data to this end.
Types of processing
- We will store the information you provide us in our website database, as this data is strictly necessary for your user account to function, when you visit our website;
- We may also store files pertaining to the services you commission on our website servers, as this is required for you to easily retrieve them, when you visit our website;
- To maintain the integrity of our systems, we may also store your data and files in our system backups. These backups are encrypted and password protected;
- We will not use your data or files for any other purpose, without your express consent;
- We will never sell your information to any third party.
Data minimisation:
We will only ask you for the minimum amount of information appropriate to operating a user account. This will usually be your name, email and a password. We will only store the minimum number of files required to fulfil and maintain the services you request.
Retention
We will retain this data for as long as you maintain an active account, plus a maximum of 12 months.
Technical data
When you visit our website, our systems will record your visit in our server logs. This will typically include technical data such as the ‘IP’ address associated with your device and details of your browser.
Such server logs are very common practice. They are used to monitor technical resources, server activity, and importantly to detect and prevent malicious or fraudulent activity on our systems. This data can also be used to diagnose technical issues and help us identify patterns of malicious behaviour.
‘IP’ addresses, in and of themselves, do not allow us in any way to identify you as an individual, especially given that it is very common for ‘IP’ addresses to be dynamically allocated and routinely change.
Furthermore, we do not and will not use the content of server logs to attempt to determine you as an identifiable individual. We therefore do not consider the data held within the logs to fall within the scope of ‘personal data’, and accordingly we do not seek your consent to collect it.
Legal Basis:
In the event that such anonymous data is considered to fall within the scope of the applicable data protection regulations, the legal basis for processing such data is:
Our Legitimate interest (GDPR Art 6(1)(f)): The integrity, security and performance of our systems and infrastructure is a vital part of the services that we offer. We consider that it is in our legitimate interest to maintain and protect our systems to this end.
Types of processing
- We will store the information you provide to us in our website server logs;
- For the purpose of maintaining the integrity of our systems, we may also store this data in system backups;
- We will not use this data to attempt to identify an individual person.
Retention
Server logs are automatically rotated on our systems, and are retained for a maximum of 12 months following the closure of the relevant log file.
Cookies AND similar technologies
We have included cookies, web beacons and similar technologies into one section because they all perform similar functions; though from a technical perspective they work slightly differently. All of these technologies allow us to better understand how you engage with our website and other related services. They can also help us to provide certain online functionality.
Cookies and similar technologies are essentially small data files placed on your device. They allow us to monitor for example, when you visit a particular page or perform a certain action like clicking a button. These technologies are used by most websites as they provide useful insights, improve performance, aid security and enable the personalisation of user experience.
Cookies
These are small text files placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser. There are several types of cookies:
- Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
- Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.
- First-party cookies are set by the site you are visiting.
- Third-party cookies are set by a third party site separate from the site you are visiting.
There are a number of ways that you can influence how cookies are used on your particular device. Most commercial browsers (such as Chrome, Safari, Edge, Internet Explorer, Firefox etc) allow you to set preferences for whether to allow or block website cookies. They also provide tools that allow you to remove any cookies that have already been set.
When you first visit our website, a box will be displayed informing you of our use of Cookies and asking you to read and agree to our Privacy Policy (this document).
By continuing to use our site beyond this cookie information (by scrolling the page, clicking links etc) then you are consenting to the use of cookies, and we will set other non-essential cookies as described in this Privacy Policy.
allowing you to choose whether to allow cookies or not. Only Essential cookies and those that do not contain/track any personal data will be set when you first visit our site.
Additionally, we have incorporated specific cookie functionality on our website that allows you to easily indicate when you first visit the site whether or not you are happy for cookies to be set on your device.
Perhaps ironically, for our site to remember your preference for whether to allow cookies or not, it is necessary for us to set cookies for this specific purpose.
WEB BEACONS
These are small graphic images (also known as ‘pixel tags’ or ‘clear GIFs’) that may be included on our website and related services that typically work in conjunction with cookies to help identify our users and their behaviour.
[render_cookies_list]
Legal Basis:
Protecting your interests (GDPR Art 6(1)(d)): User accounts are often necessary for the purpose of providing you the services you request, and we consider that protecting the integrity and security of your data is protecting your interests under the GDPR.
Our Legitimate interest (GDPR Art 6(1)(f)): User accounts are vital to the protection of your personal data and to the provision of the services we offer. We consider that it is in our legitimate interest to process your account data to this end.
Types of processing
- We will store the information you provide us in our website database, as this data is strictly necessary for your user account to function, when you visit our website;
- We may also store files pertaining to the services you commission on our website servers, as this is required for you to easily retrieve them, when you visit our website;
- To maintain the integrity of our systems, we may also store your data and files in our system backups. These backups are encrypted and password protected;
- We will not use your data or files for any other purpose, without your express consent;
- We will never sell your information to any third party.
Data minimisation:
We will only ask you for the minimum amount of information appropriate to operating a user account. This will usually be your name, email and a password. We will only store the minimum number of files required to fulfil and maintain the services you request.
Retention
We will retain this data for as long as you maintain an active account, plus a maximum of 12 months.
[render_cookies_list]