This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhere to.
The DPA & GDPR May 2018
We and this website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which comes into effect from May 25th 2018.
We will update this policy accordingly after the completion of the UK’s exit from the European Union.
The data controller and data officer for FLANK is Ben Rowland. You can contact him in writing 96 Station Studios, 96 Ethel Street, Hove, BN3 3LL or by email firstname.lastname@example.org.
Our Company number is 10937233. Our company registered address is 96 Station Studios, 96 Ethel Street, Hove, BN3 3LL.
If you have any questions about how we deal with your data please get in touch with Rupert on the details above.
Information that we collect
What are cookies?
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
You can use the Cookie Tool to select which Cookies you want to accept and to better understand them.
Below you will find a list of all cookies:
How do I turn off my Cookies?
To turn off cookies you can read instruction here: https://www.computerhope.com/issues/ch000509.htm.
Website Visitor Tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Specifically we use Google Analytics to track user behavior on site. This does not capture any personal information about the individual but monitors how the site is used i.e.: time spent, most viewed pages etc.
You can opt out of this at any time using the cookie tool or by using the information above.
Web server log information
Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.
Please read more here about United Hosting and their compliance with GDPR https://www.unitedhosting.co.uk/
Contact & Communication With us
Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in ‘The policy’ above.
Our site is hosted with United Hosting – further information here https://www.unitedhosting.co.uk/
Their data centres are all in the EU, located in the UK.
Our email is hosted with Google (G Suite) – further information here
Their data centres are outside of the EU in the USA.
We don’t record calls but we do have a record of when calls are made and their duration.
If you contact us by post, we will collect any information you provide to us in any postal communications you send us.
We will contact you on your preferred method. You can opt out of communications at any time by emailing us email@example.com
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Interaction with our website
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Sharing of your information with third parties
We use a number of third parties to provide us with services which are necessary to run our business or to assist us with running our business and who process your information for us on our behalf.
Your information will be shared with these service providers where necessary to provide you with the service you have requested, whether that is accessing our website or ordering goods and services from us.
We do not display the identities of our service providers publicly by name for security and competitive reasons. If you would like further information about the identities of our service providers, however, please contact us directly via our contact form or by email and we will provide you with such information where you have a legitimate reason for requesting it (where we have shared your information with such service providers, for example).
We disclose your information to other third parties in specific circumstances. These third parties include our accountants, business partners, independent contractors etc. We do not display the identities of all the other third parties we may share information with by name for security and competitive reasons. If you would like further information about the identities of such third parties, however, please contact us directly via our contact form or by email and we will provide you with such information where you have a legitimate reason for requesting it (where we have shared your information with such third parties, for example).
If we suspect that criminal or potential criminal conduct has been occurred, we will in certain circumstances need to contact an appropriate authority, such as the police. This could be the case, for instance, if we suspect that we fraud or a cyber crime has been committed or if we receive threats or malicious communications towards us or third parties.
We will generally only need to process your information for this purpose if you were involved or affected by such an incident in some way.
We may share the information we collect as follows:
- Related to Business Transfers. If we are acquired by or merged with another company, if all or a portion of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
- In Response to Legal Process. We may also disclose user information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court summons.
Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest relied on: where we share your information with these third parties in a context other than where is necessary to perform a contract (or take steps at your request to do so), we will share your information with such third parties in order to allow us to run and manage our business efficiently.
How we secure your information
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
- only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
- using secure servers to store your information
- verifying the identity of any individual who requests access to information prior to granting them access to information;
- using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website via our website;
- only transferring your information via closed system or encrypted data transfers;
Sensitive Personal Information
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.
Children Under 13
Our Services are not designed for children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.
This Policy is current as of the Effective Date set forth as October 10th 2019.
We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site.
If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on our Site.
Resources & Further Information
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003