Privacy Policy - Green Square - Marketing, Web & Print Designers in Colchester, Essex

Privacy Policy for Green Square Communications Ltd (T/A Green Square) a company registered in the UK (reg no GB 7887621)

Our company Green Square only uses personal data/information to deliver the products and services that you have requested from us, and/or when you use our website, and/or to meet our legal responsibilities.

Green Square directors and staff take the protection, privacy and security of personal data and information very seriously and we acknowledge that we are responsible to both the Information Commissioner and to our customers for the security of personal data and information in our control (as Data Controller, or as Data Processor or Data Sub-Processor) and the protection of the data subjects’ rights.

Personal Data/Information

Personal data, or personal information, means any information about a business or individual from which that business or individual can be identified. You can find out more about personal data from the Information Commissioners Office at www.ico.org.uk

What is the purpose of this Privacy Policy

This Privacy Policy regards any data that we collect and/or hold on your behalf that may be deemed personal data/information, either as the Data Controller or as the Data Processor.

It aims to give you information on how we collect and process personal data when you enlist us to provide design, print and marketing productions and/or services; and/or web and internet related production and/or services.

Where you provide us with your personal information we collect, store and/or use it:

(a) in order to perform our contractual obligations to you;

(b) based on our legitimate interests for processing (i.e. for internal administrative purposes, data analytics, for website services such as website hosting and maintaining automated back-up systems, or for the detection or prevention of crime); or

How we collect information from you

We responsibly obtain information about you to facilitate trading with you or your business, for general correspondence, and for the sole purpose of effectively managing your account when you:

Contact us about our products or services; engage us to deliver our products and services, place an order with us for our products or services;
use our websites, applications or internet services; complete online forms (including call back requests), message boards, post any blogs;
interact with us using social media;
provide your contact details to us when registering to use or accessing any websites, applications or services we make available or when you update those details; and
contact us offline, for example by telephone, SMS, email or post.

We do not collect or knowingly collect information from children and under 16 year olds, nor do we target children with our services.

What type of information do we collect

The personal information we collect from you will vary depending on which products and services you engage us to deliver. This might include your name, title/position, address, contact telephone number, contact email address, financial details (if required), your IP address (if you have contacted us via our website), which pages you may have visited when using our website etc.

We may monitor and record our communications with you, including e-mails and phone conversations. Information that we collect may then be used for training purposes, quality assurance, to record details about our website, applications and services you order from us or ask us about, and in order to meet our legal and regulatory obligations generally.

How your information is used

In general terms, and depending on which products and services you engage us to deliver, as part of providing our agreed services we may collect, use, store and transfer different kinds of personal data about you on legitimate grounds and/or with your consent for the following purposes:

to identify you; to communicate with you;
to provide, manage, maintain, administer, secure, protect and improve any applications, products, services and information that you have requested from us;
to monitor, measure, improve and protect our content, website, applications and services and provide an enhanced, personal, user experience for you;
to undertake internal testing of websites, applications, systems and services to test and improve their security and performance. In these circumstances, we would anonymise any information used for such testing purposes;
to provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
to detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
to provide you with promotional items at your request and communicating with you in relation to those products and services; communicate and interact with you; and notify you of changes to any products or services offered/provided;
to manage our relationship with you (for example, customer services, business related support activities); to enhance your customer experience;
fulfil an obligation under law or contract;
for accounting purposes; to communicate either for sales or invoicing.

Who has access to your information

We will never sell or rent your data/information to third parties and we will not share your personal data/information with third parties for marketing purposes.

Green Square directors and staff take data security very seriously and adhere to strict Confidentiality and Non-Disclosure Agreements and best practices, and to our robust IT Security Policy (available upon request).

Any member of staff at Green Square with authorised access to your personal data/information have a duty of confidentiality under the ethical standards that our company is required to follow.

The objectives of Green Square’s internal Policies are to preserve:

Confidentiality – Access to data is strictly controlled and confined to only those with appropriate authority.

Security – All data is intelligently secured, and appropriate measures are taken to prevent data breaches; industry standard protocols are in place to mitigate the impact of a breach (out of our control) and for remedial action to be taken.

Integrity – All information is to be complete and accurate. All systems, assets and networks are operated correctly, according to specification. All staff are committed to upholding responsibilities and company ethics.

Availability – Information is available when needed and delivered to the authorised person.

Security of your data at Green Square

As a reputable digital agency, we strive to keep your information secure with robust, intelligent security processes in place. We take all appropriate technical and organisational measures against any unauthorised or unlawful processing and against accidental loss, destruction or damage.

Our IT systems consistently intelligently monitor 24/7 traffic passing through our internal network. We have various providers for external public facing services and these all have industry high level monitoring systems in place along with vetted staff members to proactively prevent, stop and block any unauthorised or suspicious activity such as scanning possible vulnerabilities and attack methods.

We use safe protocols for communication and transferring data, such as SSL / TLS protocols making sure to only accept clients using only the latest versions with no known security issues, our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.

All of our servers are UK based, not for just security purposes but also for speed and management, which means all our services held in the UK are within the European Economic Area (EEA) of operation.

Passwords

If you have an account with us, where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential and for changing it at regular intervals. We will not share your password with anyone and insist that you do the same and that you do not store this password in a public or unsecure location.

If you believe at any time that your account has been compromised, please contact us at security@greensquare.me or 01206 633429.

Data breaches

A personal data breach is: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service”.

A personal data breach may mean that someone other than the data controller gets unauthorised access to personal data. But a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.

Reporting data breaches

Green Square and its staff will do everything we can within reason to prevent security breaches and to assist authorities should any breaches occur. Whilst we strive to protect your personal information by utilising encryption where possible which is making data unintelligible, even when making use of these security measures, Green Square cannot guarantee the absolute security of your information which is transmitted via our website, applications, services, servers and network to other website, applications and services via an internet or similar connection, and any information you transmit to us, you do so at your own risk.

If we do discover a data breach, we will:

if a breach occurs with personal data we will notify any customer, subscriber or user involved immediately with details of the breach; and inform them of our actions taken to mitigate any adverse impact;
in all cases notify the ICO within 72 hours of becoming aware of the essential facts of the breach via their Breach Notification Form following all protocols stipulated;
record details in our breach log of the facts surrounding a breach; the impact of the breach; and all remedial action taken.

Third Party Service Providers/Sub Processors working on our behalf

At Green Square we mostly fulfil our business products and services in house and only ever contract third party Sub Processers (agents, subcontractors and other associated organisations) for the purposes of completing tasks and providing additional services to you on our behalf.

Examples may be, so we can fulfil some production, web and internet related products/services; for information and customer relationship management; for software and service compatibility and improvements; for our business banking, financial and auditing services and to provide you with any information, applications, products or services that you have requested.

Green Square do not allow third party Sub Processors to use personal data supplied to them for their own purposes.

If we do enlist a third-party Sub Processor, we follow strict good practice measures to ensure all partner organisations are reputable. We additionally refer to the latest ICO Guides to check that our chosen Sub Processor is processing data in an appropriate manner.

These good practice measures include:

ensuring a contract is in place that states the third party Sub Processor may only use and disclose personal data in accordance with our explicit instructions and that the third party has appropriate security measures in place to protect the data;
checking their GDPR policy, security processes, policies and guarantees relating to how they collect, store, use and destroy personal data;
only disclosing personal information that is necessary to deliver the service/s they have been contracted to deliver;
ensuring their employee checks / training are appropriate to the service they provide;
ensuring they understand how to report any breaches or other issues in line with our own policies and legal requirements/legislation.

At times we may be forced to provide information to a third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts; government and law related departments or officials; or our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities.

On occasions we may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws.

Sub Processor we use for our business accounting

Our processing partner for our business accounting software is Xero Limited and their Privacy Policy can be viewed at www.xero.com

Any sales/billing information and other information gathered about you is securely stored for as long as needed for accounting purposes or other obligations deriving from law. We automatically destroy all data stored after 6 years unless there is a reason to continue storing this information, for example, if we are still in a business relationship with you, or for legal obligations.

Other sites and social media

Our websites, applications or services may enable you to share information with social media sites or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.

Links from our website

If you follow a link from our website, application or service to another site or service, this notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.

IP Address and traffic data

Internet Protocol (IP) addresses are used by your computer every time you connect to the Internet; your IP address is a number that is used by computers on the network to identify your computer.

We may keep a record of traffic data through our networks, which is logged automatically by our servers, such as your IP address. We may also collect some site, application and service statistics such as access rates, page hits and page views although we are not able to identify any individual from traffic data or site statistics.

Cookies and other technologies we use

A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make websites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions are cookies are used to differentiate you from other users to a website. In some cases, cookies prevent you from having to log in more than is necessary for security purposes.

Cookies, in conjunction with our Web server’s log files, allow us to calculate the aggregate number of people visiting our website and which parts of the site are most popular. This helps us gather feedback to constantly improve our website and better serve our clients.

Cookies do not allow us to gather any personal information about you and we don’t intentionally store any personal information that your browser provided to us in your cookies.

We use cookies for the following purposes:

Essential cookies – these cookies are required for you to be able to use some important features on our website, such as remembering your cookie preference. These cookies don’t collect any personal information.
Non-essential cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in forms, so you don’t have to re-enter this information next time when commenting. These cookies also track the use and performance of our website and services.

We do use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review by visiting Google Analytics and finding the privacy policy for the service.

How to manage your cookies

Browsers on most computers are set up to automatically accept cookies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about cookies, visit www.allaboutcookies.org

Your rights and deleting your data

We retain your personal information for the duration of our business relationship and afterwards for as long as is necessary and relevant for our legitimate business purposes, or as otherwise permitted by applicable laws and regulation (usually 6 years). Where we no longer require your personal information, we will dispose of it in a safe and secure manner (without further notice to you).

You have the right to request a copy of the personal information about you that we hold.

You have the right to ask us to delete personal information about you.

Please contact Linda Green at privacy@greensquare.me or 01206 633429 if you would like a summary of the personal information that we hold about you or if you wish to immediately delete your data from our records.

Changes to our Privacy Policy

Green Square reserve the right to change our Privacy Policy from time to time. However, we will not reduce your rights under this Privacy Notice.

We will always update this Privacy Policy on our website, so please try to read it when you visit the website (the ‘last updated’ reference tells you when we last updated our Privacy Notice).

This Privacy Policy was last updated on 21st May 2018.

Contact information

If you have any questions regarding processing your personal data, your rights regarding your personal data or this Privacy Policy, contact – Green Square’s Privacy department at privacy@greensquare.me or call 01206 633429.

Complaints

We seek to resolve directly all complaints about how we handle your personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Telephone – 0303 123 1113 (local rate) or 01625 545 745.

Website: https://ico.org.uk/concerns