Privacy Policy

This policy is in place for DPA and GDPR compliance. Nevertheless, we believe everyone has the right to privacy, regardless of legislation put in place. We do not want or need any personal information about you unless you choose to give it to us. However, should you provide us with information, you can be assured that it will only be used in accordance with this privacy statement.

This policy is effective from 20th May 2018 and has been updated for GDPR compliance.

What we collect and why

We only collect personal data from people who contact us about a project. This information may include:

Name and job title.
Contact details including email address, telephone number and office address.
Details about your project.

We do not collect personal information from visitors of this website who choose not to contact us directly. In general, server logs are not kept but may be enabled for short periods of time for error troubleshooting. This website sets cookies for basic functionality and traffic analysis but the cookies do not reveal personal information about you. (For more information, see the section How we use cookies.)

We require the information clients and prospects give us for internal record keeping and to communicate with them about their project. Any site traffic data we collect is only used to improve our products and services.

How we protect your data

We have put in place a several measures to prevent unauthorised access to information we collect. These include but are not limited to the following.

All our personal workstations and local servers are enabled with full-disk encryption.
Backups on local storage are encrypted.
Passwords are created with a cryptographically-strong pseudo random number generator.
Passwords are unique and managed using an encrypted password manager.
'Bugs' and 'honeypots' are implanted within our systems to help alert us if we've been breached.
Encrypted communications and file transfers are used whenever possible.
We use a secure email provider that encrypts messages stored on their servers, as well as offering encrypted communications if supported by the receiving party.
Two factor authentication is enabled with third-party providers whenever possible.

We use third party providers who make it possible or more efficient to deliver our services. Their systems require us to enter client contact information so that our clients can use their services. However, we only use providers who are PCI, DPA and GDPR compliant.

The third party providers we use are as follows:

Bahnhof AB for development server hosting.
Basecamp, LLC for project collaboration.
Freshbooks (2NDSITE Inc.) for accounting and invoicing.
Fire Financial Services Limited for payment processing.
Liquid Web, LLC for website hosting.
PayPal (Europe) S.a.r.l. et Cie, S.C.A. for payment processing.
Stripe, Inc. for payment processing.
Teamwork.com for project collaboration.
TransferWise Ltd for payment processing.
UpCloud Ltd for development server hosting.

Sometimes we may partner with a third-party contractor or agency in order to fulfill a project's requirements. They may be based outside the European Economic Area. When we do so, we only give the contact information needed to communicate with our clients about a project. If you are a client, you will be introduced to any third-party contractors at the start of the project and may choose not to work with them for any reason.

How long we retain your data

Database dumps and backups for content migration projects are deleted within 90 days after project close-down.
Contact form entries are saved for five years.
Analytics records are stored for one year.
Client records are retained for fifteen years. This length of time is necessary because many are long-term clients.

Controlling your personal information

We will never sell, distribute or lease your personal information to third parties unless we have your explicit permission or are required by law to do so. You may choose to restrict the collection or use of your personal information in the following ways:

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please contact us.
You may contact us to update or delete any records we hold about you.
I will comply within 30 days to any requests to correct or delete information we hold about you.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Currently, no non-essential cookies are being set on this site.

Visitor tracking

We use Clicky, a privacy-focused website analytics service that does not log any Personal Data. For more information, see the Clicky privacy FAQ.

For your information, Google provides a Browser Add-on that enables you to opt out of all Google analytics: Google Analytics opt out

Links to other websites and embedded content

My website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

DPA registration number

According to the Data Protection Act 1998, we am exempt from ICO Notification. We therefore don't have a DPA registration number.

Contact

You may contact us for questions and requests regarding this privacy policy via our contact form.