A LITTLE INFORMATION
The Indie Design Co. needs to gather and use certain information about individuals.
These can include clients, suppliers, business contacts, employees and any other people that The Indie Design Co. has a relationship with, or may need to contact. This policy describes how this personal data must be collected, handled, stored to meet the company’s data protection standards and to comply with the law.
WHY THIS POLICY EXISTS
This Data Protection Policy ensures that The Indie Design Co. :
- Complies with data protection law and follows good practice
- Protect the rights of staff, clients, and partners
- Is open about how it stores and processes individuals data
- Protects itself from the risks of data breach
DATA PROTECTION LAW
The Individuals Rights:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision making, including profiling
The Organisations Principles:
Data is collected, used, and stored:
- In a fair and transparent manner
- Is collected for specific reasons, and only used for those specified reasons
- Is adequate, relevant, and limited to what is necessary
- Is accurate, and kept up-to-date
- Kept in an identifiable form for no longer than necessary
- Held securely to prevent inappropriate access, loss, or disclosure
This policy applies to The Indie Design Co., clients, contractors, suppliers, and other people The Indie Design Co. has a relationship with. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Plus any other information relating to individuals
Cat Bentley of The Indie Design Co. is ultimately responsible for ensuring that The Indie Design Co. meets its legal obligations. Cat is responsible for:
- Reviewing all data protection procedures and related policies, in line with the GDPR.
- Handling data protection questions from clients and anyone else covered by this policy.
- Dealing with requests from individuals to see the data that The Indie Design Co. holds about them.
- Ensuring all systems services and equipment used for storing data meet acceptable security standards.
- Performing regular checks or scans to ensure security hardware and software is functioning properly.
- Evaluating any third-party services the company uses/plans to use to store data.
TYPES OF DATA I COLLECT
What are cookies?
Information collected & what it is used for
I may collect information about your computer, including where available, your IP address, operating system and browser type, this is for system administration and to report aggregate information to my advertisers. This is statistical data about The Indie Design Co.’s users browsing actions and patterns and does not identify any individual. Cookies help us to improve the site and to deliver a better and more personalised service. They enable me:
- To estimate my audience size and usage pattern.
- To store information about your preferences, and so allow me to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to my site.
Watch this short animation by The Guardian to learn more about cookies:
As part of the registration process for my monthly e-newsletter, I collect personal information (Your first name and email address). I use that information for a couple of reasons: your first name is to deliver a more personal experience, and your email address is to deliver emails about stuff you’ve signed up to receive; I may also contact you if I need to obtain or provide additional information; to check my records are right and to check every now and then that you’re happy and satisfied. I do not rent or trade email lists with other organisations and businesses.
NOTE: If you are under 16 years of age you MUST obtain parental consent before joining my email newsletter.
**QUOTING, BILLING & INVOICING
If you are a past/current client of The Indie Design Co. and have been invoiced for any work undertaken by The Indie Design Co. then you will have a client profile on my accounting software. This will include your business name, a contact name (of the person to correspond with) and their email address, and may include your physical address and phone number. Absolutely none of this information is shared…EVER.
The Indie Design Co. uses a contract plugin within the website. The contracts are stored on the website which is behind a Secured Socket Layer (SSL). This is accessible by The Indie Design Co. and client at any time. Absolutely none of this information is shared…EVER.
**REQUESTING CONTENT FOR A PROJECT
If you are a past/current client of The Indie Design Co. and have had any work undertaken by The Indie Design Co. then you may have a client profile on my content capture software. This will include your business name, a contact name (of the person to correspond with) and their email address, and may include your phone number. Absolutely none of this information is shared…EVER.
The Indie Design Co. uses an Instant Chat app on the website. This app asks for (but does not require) your email address so that I can contact you back if I have stepped away from my desk, and uses GEO Tracking functionality to gain insight as to where you are located. It does not collect any personal information (unless you have included your email address). The conversations can be stored within the app, however, as a matter of good practice, I delete these after 30 days. Absolutely none of this information is shared…EVER.
Commenting on any posts that I have published on my blog, will save the following information to the website’s database:
the name and email address you enter with your comment
your computer’s IP address and the time and date that you submitted the comment
Your comment and it’s associated personal data will remain on this site until I see fit to either
1.) remove the comment
2.) remove the blog post
Should you wish to have the comment and it’s associated personal data deleted, please email me here using the email address that you used at the time of commenting.
If you are under 16 years of age you MUST obtain parental consent before posting a comment on my blog.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
**CONTACT FORMS & EMAILS
The Indie Design Co. uses contact forms on the website. This feature asks for your name and email address so that I can respond to your message. The information you give within the contact form goes directly to my email account and is not stored on my website. Absolutely none of this information is shared…EVER.
**THIS WEBSITE’S SERVER
This website is hosted by Siteground within a UK data centre.
Some of the data centre’s more notable security features are as follows: All facilities are well protected by 24x7 human security, biometrics, access control man traps, bulletproof lobbies, and video surveillance.
WHAT YOU CAN DO ABOUT THE INFORMATION I HOLD ABOUT YOU
**ACCESSING/AMENDING/DELETING INFORMATION HELD ABOUT YOU
You are entitled to view, amend, or delete the personal information that The Indie Design Co. holds about you. Email your request to email@example.com
Provision of such information will be subject to:
- the payment of a fee (currently fixed at £10.00); and
- the supply of appropriate evidence of your identity
I may withhold such personal information to the extent permitted by law. You may instruct me not to process your personal information for marketing purposes (this would usually take the form of a client brief in my portfolio and would at most include your first name and website link), by sending an email to me. In practice, you will usually either expressly agree in advance to my use of your personal information for marketing purposes, or I will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
**SECURITY OF YOUR PERSONAL INFORMATION
The Indie Design Co. will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. I will store all the personal information you provide on secure (password- and firewall- protected) servers. All electronic transactions you make to, or receive from me, will be encrypted using SSL technology.
Any data stored about you is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on (WordPress). In the near future, I aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. I am committed to keeping it as a high priority and will implement it on this website as soon as I am able to.
Of course, data transmission over the internet is inherently insecure, and I cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential. I will not ask you for your passwords unless you request my help with specific tasks.
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law
- in connection with any legal proceedings or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
I will report any unlawful data breach of this website’s database or the database(s) of any of my third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
**THIRD PARTY WEBSITES
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
**INTERNATIONAL DATA TRANSFERS
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. I cannot prevent the use or misuse of such information by others. You expressly agree to such transfers of personal information.
**MY PROMISE TO YOU
The Indie Design Co. stands by the principles outlined in the GDPR, and as such, ensures that any information held by the organisation is collected, used, and stored securely, and for specific reasons. No information I hold about you is shared, sold, or rented and is accessible by you upon request. If you would like access to your information, please contact me here. For current clients: In order to keep your information accurate and up-to-date, I may send you an email requesting that you check and update any information that I hold.
**POLICY DOCUMENTATION UPDATE
This document was updated on 17 March 2018. If you discover any errors in this document, please contact firstname.lastname@example.org and I will rectify them immediately. Otherwise, this policy will be reviewed next on 17 March 2019 unless any circumstances/laws are changed. I will not explicitly inform my clients or website users of these changes. Instead, I recommend that you check this page occasionally for any policy changes to ensure you are satisfied with my processes.