This policy was last updated: 9th May 2018
Date to be reviewed: 9th May 2019
This policy explains how Poppy Design Studio will handle the privacy of your information. We are committed to maintaining robust privacy protections for all our users. We will take the necessary steps to ensure that users information is safeguarded and kept in accordance with all applicable laws and regulations.
Our full terms and conditions are available at https://www.poppydesignstudio.com/terms-and-conditions/
What information do we collect?
The information that you provide us with may be collected and processed by us in accordance with the Data Protection Act 1998 and subsequent legislation.
Information you provide to us
We have a ‘Contact Us’ page which enables you to email us. We require you to complete the fields for your name, phone number, email and business name, so that we can contact you and provide details of our services to you, as well as deal with general company enquiries. Data collected is held on the grounds of being for legitimate business interests or to fulfil a contractual obligation.
If you choose our offer of a free website review, we ask you to give us your full name, email address and website URL. This data enables us to carry out the service and to get in touch with you regarding the results of the review. If you do not proceed with any order your details will be deleted in accordance with our data retention policy.
We use social media to engage with users and the Poppy Design Studio website links to our Facebook, Twitter, Google+, Pinterest and Instagram pages. We do not keep any specific data that identifies an individual user but hold details of our followers on these platforms.
When you visit our website or any websites hosted by us, the server collects IP addresses to provide security and prevent brute force or malicious attacks. These IP addresses are not linked to any other personal data. The address for our UK data centre is : Reynolds House, 4 Archway, Manchester M15 5RN
We use ZOHO CRM to hold our client data and provide ongoing maintenance to clients. There cloud servers are based in Dublin and Amsterdam. Full details regarding ZOHO and the data protection can be found here: https://www.zoho.eu/security.html https://www.zoho.com/gdpr.html https://www.zoho.com/general/blog/zoho-data-centers-in-europe.html
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services to users and as permitted by law.
How we use your personal information
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller of your information and undertake to protect your personal and sensitive data in a manner that is consistent with the requirements of the Data Protection Act/General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of your data.
- administer the website;
- improve your browsing experience by personalising the website;
- follow up with correspondence, email enquires;
- send you general (non-marketing) communications;
- send you email notifications which you have specifically requested;
- send to you marketing communications, where expressly agreed;
- provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
- ask for feedback and review products and services;
- deal with enquiries and complaints made by or about you relating to the website.
Users of this website do so at their own discretion and provide any such personal details at their own risk.
We do not share, sell, or distribute your data to third parties, except as provided in this Privacy Notice. Your data may be shared with contractors working on our behalf, who act on our instruction in relation to the management of your data and must adhere to all data protection laws and regulations. Data processors will be required to have a signed agreement with us to ensure accountability.
We will only send you emails about our products and services (i.e. direct marketing) with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent for us to contact you by contacting us at email@example.com
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
Retaining your data
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
Storage of data
Your information may be stored on a cloud-based system whose servers are located within the UK or European Union (EU). All data will be stored so to comply with the Data Protection Act 1998 and as enacted, the General Data Protection Regulation (GDPR).
Poppy Design Studio cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Poppy Design Studio and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Poppy Design Studio uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Data Subject Rights
Subject Access Requests
The General Data Protection Regulation (GDPR) gives individuals, known as ‘data subjects’, the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. We have a formal request form to deal with SAR requests that can be accessed on our website, www.poppydesignstudio.com or by emailing us at firstname.lastname@example.org. You will need to tell us how we acquired the information.
Right to Rectification
Data subjects have the right to request that we amend or change personal information that we hold about you, that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful. Data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to obtain and transfer their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you can contact our Data Controller Nigel Baker by email to email@example.com
Questions and queries
If you have any concerns about how we handle your data, you can contact the Data Controller by writing to Poppy Design Studio, 20 Church View Road, Desborough, Kettering, NN14 2PS or by email to firstname.lastname@example.org
Changes to this policy
If you have a complaint about the use of your data, you can contact us by email to email@example.com
Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
Third Party Rights
Jurisdiction and Governing Law