Effective and Last Updated: 4th February 2020
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual (e.g. a list of staff may contain personnel ID numbers rather than names but if you use a separate list of the ID numbers which give the corresponding names to identify the staff in the first list then the first list will also be treated as personal data).
The processing of personal data is governed by legislation which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
Information We Collect
We collect two types of information from you: i) information that you voluntarily provide to us (e.g. through our contact form or by leaving comments); and ii) information that is derived through automated tracking mechanisms (Cookies).
We collect personally identifiable information when you choose to use certain features of the Site, including: i) contacting us via our website ‘contact me’ form, ii) commenting on blog posts. When you choose to use these additional features, we require you to provide some “personal data”.
The personal data maybe some or all the following:
- Company name, and website URL;
- Contact details such as email addresses, IP address, contact name, addresses, and telephone numbers;
Before sending you will have the option to consent to allisonwhitehead.co.uk using and storing this personal data for the explicit use as intended.
How We Use Your Information
allisonwhitehead.co.uk only uses your personal information for the original purposes it was given. Your personal information will not be sold or otherwise transferred to third-parties without your approval.
allisonwhitehead.co.uk will not disclose, use, give or sell any personal information to third-parties for any purposes other than the need to know in order to deliver services on behalf of allisonwhitehead.co.uk or unless required to do so by law (Legal Obligations).
We may use personal data in the following circumstances:
- Contacting you regarding job specifics;
- Creating and sending quotes for jobs;
- Forming a contract between parties;
- Maintaining our schedule of jobs;
- Emailing with any queries;
- Keeping our own digital job records;
- Sending completed jobs via email;
- Creating and sending invoices and statements;
- Keeping in touch with previous clients via email;
- Where we need to carry out our legal obligations;
- Sharing your personal data
This section provides information about the third-parties with whom allisonwhitehead.co.uk may share your personal data with. These third-parties have an obligation to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data. It is likely that we will need to share your data with some or all of the following:
- Wave Financial Inc. (Cloud Accountancy Software – OLD) https://my.waveapps.com/privacy/
- Pandle (Cloud Accountancy Services – NEW) https://www.pandle.com/uk/privacy-policy/
- PayPal Services (Online Payment Processing) https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
- Stripe Inc. (Online Payment Processing) https://stripe.com/gb/privacy
- Amazon Web Services, Inc (Secure Cloud Storage) https://aws.amazon.com/privacy/?nc1=f pr
If we and the other data controllers listed above are processing your data jointly for the same purposes, then the company and the other data controllers may be “joint data controllers” which mean we are all collectively responsible to you for your data.
Where each of the parties listed above are processing your data for their own independent purposes then each of us will be independently responsible to you.
If you have any questions, wish to exercise any of your rights (see below) or wish to raise a complaint, you should do so directly to the relevant data controller.
We may permit certain trusted third-parties (see the ‘Cookies’ section above) to track usage, analyse data such as the source address that a page request is coming from, your IP address or domain name, the date and time of the page request, the referring Web site (if any) and other parameters in the URL. This is collected in order to better understand our Web site usage and enhance the performance of services.
We use a third-party to host the Site; setup and operate various features available on the Site and send emails.
Also, we may share personally identifiable information within our partnership.
How We Protect Your Information
We are committed to protecting the information we receive from you and we comply with the General Data Protection Regulation 2018.
We take appropriate security measures to protect your information against unauthorised access to or unauthorised alteration, disclosure or destruction of data.
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we maintain appropriate physical, electronic, and managerial procedures to safeguard and secure the information and data stored on our system.
These procedures include but are not limited to:
- Password protection on all electronic systems (ie laptops and/or mobile devices);
- All digital personal data is stored encrypted;
- Daily, weekly and monthly on and off-site backups of all digital personal data held;
- Any personal data held in paper form is security locked away and never left unsecured;
- Personal data that is to be destroyed will be security shredded both physically and electronically;
While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
What is the legal basis for processing your personal data?
allisonwhitehead.co.uk has certain obligations. Most of your personal data is processed for compliance with legal obligations which includes the discharge of the company’s statutory functions and powers. We will always take into account your interests and rights.
This Privacy Notice sets out your rights and allisonwhitehead.co.uk’s obligations to you.
- We will use your email and name to reply to a job enquiry from you;
- We will use your personal data for the creation of a quote for you;
- We will use your personal data for the creation of a contract between us;
- We will use some of your personal data to maintain our work schedule;
- We will use your email and name for any job queries we may have;
- We will use your email and name to send the completed job to you;
- We will use your personal data for the creation of an invoice for you;
- We will use your personal data to maintain our accounts and records;
- We will use your email and name to contact you regarding additional work and special deals we may offer;
How long do we keep your personal data?
We may keep some records for an extended period of time if we are legally required to do so. For example, it is currently best practice to keep financial records for a minimum period of 6 years to support HMRC audits and provide tax information.
The personal data require to meet our legal obligations will not be deleted, even if you request us to do so, until the recommended data retention time has been met.
We may have legal obligations to retain some data in connection with our statutory obligations. allisonwhitehead.co.uk is permitted to retain data in order to defend or pursue claims. In some cases, the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain certain personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavor to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within 30 days.
Alternatively, you can click on the Data Request (GDPR) link which is found in the footer of allisonwhithead.co.uk and following the instructions to gain access to the personal data we hold for you.
Requests which are manifestly unfounded or excessive may be subject to an administrative fee.
The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, you can inform us, and your data will be updated within 30 days of the request.
The right to have your personal data erased
If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
When we receive your request, we will confirm within 30 days whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
Under the Data Request (GDPR) link (which is found in the footer of allisonwhithead.co.uk,) once you have gained access to your personal data there will be further instructions on how to request your data is deleted.
The right to object to processing of your personal data or to restrict it to certain purposes only
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request, we will contact you within 30 days and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
The right to data portability
You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within 30 days of receiving your request.
The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
You can withdraw your consent easily by email, or by post (see Contact Details below).
The right to lodge a complaint with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
When exercising any of the rights listed above, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights
Transfer of Data Abroad
Any long or short-term storage of your digital data off-site is stored within the UK and occasionally within a region under the EU and GDPR guidelines. All storage is secure and encrypted at all times.
Children’s Privacy and Parental Controls
allisonwhitehead.co.uk is not intended for children.
We do not solicit any personal information from children. If you are not 18 or older, you are not authorised to use the Site. Parents should be aware that there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Disclaimer to Security
Notification of Changes
The Data Controller, 44 Burnt Oak Terrace, Gillingham, Kent ME71DR