This policy explains how and why we use personal information.
What information we collect
If you purchase services from us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email, fax and telephone number of business contacts).
We also collect information provided if you fill in a form, complete a survey, etc., which may include contact information that we decide to use for marketing purposes (please see ‘Marketing’ below). We do not normally collect sensitive personal data. In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Most of the time this won’t be personal data (for example, we might obtain information about a company’s business and performance), though on occasion we may receive personal data (such as a person’s work email or telephone number, or details of their role within a business).
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
enter into, or perform, a contract with you;
comply with a legal duty;
remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these.
We will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using use personal data to the extent necessary to perform our contractual obligations
We will never sell your personal data or share it with third parties who might use it for their own purposes.
We use personal information (such as email addresses) to market and promote our services to other businesses.
You can choose to ‘opt out’ of Hanky Panky Pancakes marketing communications by clicking the ‘unsubscribe’ link at the bottom of our emails. If you wish to change your contact details or preferences please email us at firstname.lastname@example.org .
Information for email recipients
This policy primarily covers how we use data relating to our customers, prospects, website visitors and people who interact with or do business with us. In these cases we will be the “data controller” for the purposes of data protection law.
We will only hold information about our customer’s contacts for the duration of their contract with us, after which all data will be removed. We may store logs of addresses we have sent email to for up to 12 months after that point for the purposes of compliance and system monitoring.
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it. We take our position as a services provider seriously and believe part of being a leading company involves upholding and developing leading security practices.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
We remove most information provided to us by clients as soon as services are ceased, and data will cycle out of long-term backups up to 3 months later. We store logs of outbound emails for up to 12 months after the email is sent for the purposes handling abuse complaints and compliance monitoring.
We will continue to store limited information about the client (including transaction records) for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the transaction has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
• the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
• the right to have inaccurate data rectified; and
• the right to object to your data being used for marketing or profiling.
If you would like further information on your rights or wish to exercise them, please write to: Stephen Fowler, or email email@example.com
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.i kn
Links to other websites
Any questions about your personal data or this policy should be directed to the following address: 20 Commonhall Street, Chester, CH1 2BJ, alternatively you can email us at firstname.lastname@example.org