What data do we collect from you?
We may from time to time collect, use, store and transfer the following personal data about you:
- Your full name (first name and surname)
- Your address
- Your contact details, including email addresses and telephone numbers
- Financial information, including bank account holder details
- Your IP address and other technical data based on that IP address e.g. time zone; location, browser type and settings, operating system and platform and other technology on the device you use to contact us
- Login details including username and passwords for websites we are building, hosting or for domain names you ask us to purchase
- Usage data from our Website, including information about how you have arrived at our Website
- Your communications preferences with regards to receiving marketing and newsletters from us.
We may also collect aggregated or anonymised data (or both) for the purposes of Website performance and engagement analysis. This data may be derived from your personal data but as it does not directly or indirectly identify you, it is not considered ‘personal data’ in legal terms.
If we need to collect any personal data for any legal reason, or under the terms of a contract we have with you, and you do not provide that data when requested, then we may not be able to carry out our obligations under that contract. In such circumstances we may have to cancel our contract with you, but we will notify you if this is the case.
Third party links and websites
Our Website may contain links to third-party websites, plug-ins or applications. By clicking on any of those links or enabling those connections, you may allow third parties to collect or share data about you. We do not control those third-party sites and we are not responsible for what they may do with data they collect about you. We recommend that you read the privacy notices of each third-party site in order to understand how they may collect and process your data.
How do we collect your data?
We collect data from and about you in various forms and circumstances, as set out below:
- When we interact with you directly – you may provide us with data such as names, addresses and email addresses when you correspond with us by post, phone, email or otherwise. This includes data you provide when you:
- engage us to provide our services to you
- enquire about our services
- subscribe to our newsletter
- contact us, request a quote or fill in any other form on our Website
- Via third parties – we collect data about you via Google Analytics, who provide the cookies referred to above.
How do we use your data?
We have set out below the purposes for which we use your data, and the legal basis (or bases, depending on the purposes for which we are using that data) that we rely upon in order to do so. If you need any more information about which legal basis applies to any particular use of data, then please contact us using the details above.
|Purpose/Activity||Data Used||Lawful Basis of Processing|
|To set you up as a client of Roberta Morris /to provide our services once you are set up||Name, address and contact details||Taking steps preparatory to entering into, or performance of, a contract with you to provide our services to you|
|To respond to enquiries about us and our services, quote requests or briefs including those submitted via any of the forms on our Website||Contact details as provided to us||Taking steps preparatory to entering into, or performance of, a contract with you to provide our services to you|
|To send newsletters and updates||Email address||You have given consent for us to do so|
|To manage our relationship with you, including:
(a) notifying you of changes to our policies; and
(b) to collect and recover any monies owed to us.
|(a) Name and contact details
(b) Name, address and contact details
|(a) necessary to comply with legal obligations from time to time
(b) performance of a contract with you – recovering monies owed under that contract
|To process payment of our fees||Name, address, contact details, financial information||Performance of a contract between you and us|
|To administer and provide our Website including performance monitoring, troubleshooting and data analysis||IP addresses and other technical data/ analytics data (anonymised)||The legitimate interests of our business in improving and delivering our service as best as possible|
|To provide our hosting services or other technical support (or both), to transfer your Website to a third-party host or to transfer ownership of a domain name||Contact details provided by you; login details||Performance of a contract with you to provide our services to you|
|To comply with legal and accounting obligations||Name, address and financial information||Necessary to comply with legal and regulatory obligations from time to time|
We will only use your personal data for the purposes for which we collected it, unless we believe that we need to use it for another purpose and that purpose is compatible with the original purpose for which the data was provided to us. You can contact us at any time to obtain more information about this processing. If we need to use your personal data for any other purpose, we will notify you and will explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent if the law requires or permits us to do so.
We only send out marketing information and newsletters if you have opted in to receive that information. We do not share or pass on data to any third parties for marketing purposes.
You can ask us to stop sending you marketing/newsletters at any time by contacting us at email@example.com or by choosing ‘unsubscribe’ at the bottom of any such communication (but, if you do so we will retain personal data provided to us and which we need to process in order to continue providing our services to you).
Disclosure of your personal data and international transfers
We may share your personal data with third parties as set out below:
|Third Party||Location of recipient (if outside EEA)|
|Professional advisors such as lawyers, accountants and auditors, who provide professional services to us and are under a duty of confidentiality||N/A|
|HMRC and other authorities and regulators, whose laws and regulations require us to disclose data||N/A|
|Third-party service providers:|
We require all third parties to respect the security of your personal data, to treat it in accordance with the law and to process and use that data only for the purposes specified by us and in accordance with our instructions.
Some of our external service providers are based outside the European Economic Area (EEA), as set out above, so their processing of your data involves a transfer of data outside the EEA. Wherever we transfer your data outside the EEA in this way, we use our best efforts to ensure that at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We may also share personal data in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of that business or assets; or if any third party acquires Flat White or any part of it, in which case personal data held about our customers will be one of the transferred assets.
We have put in place appropriate security measures for the nature and scale of our business, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those of our employees, contractors and other third parties who have a business need to know, and only on our instructions and subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we use your data for?
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying legal, accounting and reporting requirements.
To determine how long we need to retain data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process that data and whether we can achieve those purposes without keeping the data.
If you are a client, by law we have to keep certain basic information about you for six years after ceasing to work with you, for tax purposes.
We aim to carry out data reviews on an annual basis and will endeavour at such time, where possible, to delete any data held by us and which we no longer require.
Your legal rights
You have the right to request the information we hold on you, to ask us to correct that data and, in certain circumstances, to erase that data. If you would like to do so, or to opt out of marketing and newsletter communications, or you wish to update your details and preferences with us, please email firstname.lastname@example.org.
You also have certain rights to object to us processing your data, to restrict that processing or to transfer your personal data. If you would like any more information about, or would like to exercise, any of these rights please contact us. You will not be charged any fee to do so, unless your request is clearly unfounded, excessive or malicious, in which case we may either refuse to comply or we will charge a reasonable fee.
We will make every effort to respond to legitimate requests within one month. Occasionally it may take us longer to do so, if your request is complicated or you have made more than one request. In this case, we will notify you and keep you updated.
You are entitled to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you feel that our processing of your personal data is not compliant with our legal and regulatory obligations. We would, however, appreciate the chance to address your concerns before you contact the ICO, so we would be grateful if you would contact us in the first instance.
This Privacy Notice was last updated in July 2018.