Our company Green Square only uses personal data/information to deliver the products and services that you have requested from us, and/or when you use our website, and/or to meet our legal responsibilities.
Green Square directors and staff take the protection, privacy and security of personal data and information very seriously and we acknowledge that we are responsible to both the Information Commissioner and to our customers for the security of personal data and information in our control (as Data Controller, or as Data Processor or Data Sub-Processor) and the protection of the data subjects’ rights.
Personal data, or personal information, means any information about a business or individual from which that business or individual can be identified. You can find out more about personal data from the Information Commissioners Office at www.ico.org.uk
It aims to give you information on how we collect and process personal data when you enlist us to provide design, print and marketing productions and/or services; and/or web and internet related production and/or services.
Where you provide us with your personal information we collect, store and/or use it:
(a) in order to perform our contractual obligations to you;
(b) based on our legitimate interests for processing (i.e. for internal administrative purposes, data analytics, for website services such as website hosting and maintaining automated back-up systems, or for the detection or prevention of crime); or
We responsibly obtain information about you to facilitate trading with you or your business, for general correspondence, and for the sole purpose of effectively managing your account when you:
We do not collect or knowingly collect information from children and under 16 year olds, nor do we target children with our services.
The personal information we collect from you will vary depending on which products and services you engage us to deliver. This might include your name, title/position, address, contact telephone number, contact email address, financial details (if required), your IP address (if you have contacted us via our website), which pages you may have visited when using our website etc.
We may monitor and record our communications with you, including e-mails and phone conversations. Information that we collect may then be used for training purposes, quality assurance, to record details about our website, applications and services you order from us or ask us about, and in order to meet our legal and regulatory obligations generally.
In general terms, and depending on which products and services you engage us to deliver, as part of providing our agreed services we may collect, use, store and transfer different kinds of personal data about you on legitimate grounds and/or with your consent for the following purposes:
We will never sell or rent your data/information to third parties and we will not share your personal data/information with third parties for marketing purposes.
Green Square directors and staff take data security very seriously and adhere to strict Confidentiality and Non-Disclosure Agreements and best practices, and to our robust IT Security Policy (available upon request).
Any member of staff at Green Square with authorised access to your personal data/information have a duty of confidentiality under the ethical standards that our company is required to follow.
The objectives of Green Square’s internal Policies are to preserve:
Confidentiality – Access to data is strictly controlled and confined to only those with appropriate authority.
Security – All data is intelligently secured, and appropriate measures are taken to prevent data breaches; industry standard protocols are in place to mitigate the impact of a breach (out of our control) and for remedial action to be taken.
Integrity – All information is to be complete and accurate. All systems, assets and networks are operated correctly, according to specification. All staff are committed to upholding responsibilities and company ethics.
Availability – Information is available when needed and delivered to the authorised person.
As a reputable digital agency, we strive to keep your information secure with robust, intelligent security processes in place. We take all appropriate technical and organisational measures against any unauthorised or unlawful processing and against accidental loss, destruction or damage.
Our IT systems consistently intelligently monitor 24/7 traffic passing through our internal network. We have various providers for external public facing services and these all have industry high level monitoring systems in place along with vetted staff members to proactively prevent, stop and block any unauthorised or suspicious activity such as scanning possible vulnerabilities and attack methods.
We use safe protocols for communication and transferring data, such as SSL / TLS protocols making sure to only accept clients using only the latest versions with no known security issues, our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
All of our servers are UK based, not for just security purposes but also for speed and management, which means all our services held in the UK are within the European Economic Area (EEA) of operation.
If you have an account with us, where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential and for changing it at regular intervals. We will not share your password with anyone and insist that you do the same and that you do not store this password in a public or unsecure location.
If you believe at any time that your account has been compromised, please contact us at email@example.com or 01206 633429.
A personal data breach is: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service”.
A personal data breach may mean that someone other than the data controller gets unauthorised access to personal data. But a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.
Green Square and its staff will do everything we can within reason to prevent security breaches and to assist authorities should any breaches occur. Whilst we strive to protect your personal information by utilising encryption where possible which is making data unintelligible, even when making use of these security measures, Green Square cannot guarantee the absolute security of your information which is transmitted via our website, applications, services, servers and network to other website, applications and services via an internet or similar connection, and any information you transmit to us, you do so at your own risk.
If we do discover a data breach, we will:
At Green Square we mostly fulfil our business products and services in house and only ever contract third party Sub Processers (agents, subcontractors and other associated organisations) for the purposes of completing tasks and providing additional services to you on our behalf.
Examples may be, so we can fulfil some production, web and internet related products/services; for information and customer relationship management; for software and service compatibility and improvements; for our business banking, financial and auditing services and to provide you with any information, applications, products or services that you have requested.
Green Square do not allow third party Sub Processors to use personal data supplied to them for their own purposes.
If we do enlist a third-party Sub Processor, we follow strict good practice measures to ensure all partner organisations are reputable. We additionally refer to the latest ICO Guides to check that our chosen Sub Processor is processing data in an appropriate manner.
These good practice measures include:
At times we may be forced to provide information to a third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts; government and law related departments or officials; or our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities.
On occasions we may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws.
Any sales/billing information and other information gathered about you is securely stored for as long as needed for accounting purposes or other obligations deriving from law. We automatically destroy all data stored after 6 years unless there is a reason to continue storing this information, for example, if we are still in a business relationship with you, or for legal obligations.
Our websites, applications or services may enable you to share information with social media sites or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.
If you follow a link from our website, application or service to another site or service, this notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
Internet Protocol (IP) addresses are used by your computer every time you connect to the Internet; your IP address is a number that is used by computers on the network to identify your computer.
We may keep a record of traffic data through our networks, which is logged automatically by our servers, such as your IP address. We may also collect some site, application and service statistics such as access rates, page hits and page views although we are not able to identify any individual from traffic data or site statistics.
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make websites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions are cookies are used to differentiate you from other users to a website. In some cases, cookies prevent you from having to log in more than is necessary for security purposes.
Cookies, in conjunction with our Web server’s log files, allow us to calculate the aggregate number of people visiting our website and which parts of the site are most popular. This helps us gather feedback to constantly improve our website and better serve our clients.
Cookies do not allow us to gather any personal information about you and we don’t intentionally store any personal information that your browser provided to us in your cookies.
We retain your personal information for the duration of our business relationship and afterwards for as long as is necessary and relevant for our legitimate business purposes, or as otherwise permitted by applicable laws and regulation (usually 6 years). Where we no longer require your personal information, we will dispose of it in a safe and secure manner (without further notice to you).
You have the right to request a copy of the personal information about you that we hold.
You have the right to ask us to delete personal information about you.
Please contact Linda Green at firstname.lastname@example.org or 01206 633429 if you would like a summary of the personal information that we hold about you or if you wish to immediately delete your data from our records.
We seek to resolve directly all complaints about how we handle your personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Telephone – 0303 123 1113 (local rate) or 01625 545 745.