Digital Compliance Hub Privacy Policy

25-May-2018

Introduction

We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it.

Visitors to our website

Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.

Google Analytics

When someone visits our website https://digitalcompliancehub.co.uk/we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Other cookies used, tracking pixels or similar tools

We also use a number of essential cookies that are required if you have an account with us. If you have subscribed to the Hub or downloaded a pack, then you will have been asked to register an account and a number of cookies will be used to manage your account, when you’re logged in.

Online forms

If you fill out one of our website forms a notification email is sent to the relevant team within our company. No copy of the data you submit is stored anywhere. As our site uses SSL (https) the data you submit using the contact form will be encrypted once your press the “Submit” button.

Hosting

Our website is hosted with an EU based hosting provider. This means that any data we store about you, as a member/user of our site, is stored on servers hosted within the EU, where EU standards of data protection and privacy apply.

People who receive our newsletters

If you have subscribed for our updates email, your name and email address will be stored within our email package. You will have the option to unsubscribe from the email list at any time, either by contacting us or using the unsubscribe link at the bottom of the emails we send.

Our mailing list provider is not based in the EU and therefore your subscription details will not be stored or processed within the EU, however, we have confirmed that they apply EU standards of data protection and have demonstrated they meet the adequacy tests required by European law.

People who subscribe to the Digital Compliance Hub

Subscribers and members

The Digital Compliance Hub is a subscription-based service providing information, guidance, toolkits and a helpline. To be able to use the service you will need to sign up for an account and will be asked to provide a range of minimal information required for us to set up your account and manage your membership.

All information you provide is required for the purposes of delivering the service to you, whether you sign up for just the free trial or the full subscription. The information is stored within our membership database which is managed within the website.

We use a third-party to collect subscription payments. We do not hold any billing or financial information relating to your subscription, only notification that a payment has been made. Any information you provide to our payment gateway provider is provided by you according to their own privacy and data protection compliance (see here for more information: https://stripe.com/gb).

Also, when you subscribe to our service you will be added to two email lists. One for general notices, as a subscriber, to our service – we only use this email list for the purposes of notifying you of any system-wide notices; you will also be added to our news and alert email list, which means that whenever we post an update or alert you will receive a daily update email. You can unsubscribe from either list at any time by contacting us or clicking unsubscribe from the emails. Our mailing list provider is not based in the EU and therefore your subscription details will not be stored or processed within the EU, however, we have confirmed that they apply EU standards of data protection and have demonstrated they meet the adequacy tests required by European law.

Purchases of specific content

From time to time we will also offer downloadable content and services for purchase from our website. If you purchase such a product or service you will be asked to set up an account and you will be asked to provide a range of minimal information required for us to set up the account so you can complete your purchase.

All information you provide is required for the purposes of delivering the product or service to you. The information is stored within our membership database which is managed within the website.

We use a third-party to collect subscription payments. We do not hold any billing or financial information relating to your subscription, only notification that a payment has been made. Any information you provide to our payment gateway provider is provided by you according to their own privacy and data protection compliance (see here for more information: https://stripe.com/gb).

To log a support request or customer services enquiry

As part of the service we provide email and phone support.

If you email us, your email will be stored via our email provider’s platform (1&1) and are accessible on our computers via our email client which uses a local copy of the emails (as well as them being available via the 1&1 web application). Access to them is protected via device and email-service passwords.

When you book a phone support call, you will do so using an online system integrated into the Hub. This system is provided by a third-party and records minimal information required to book the appointment. We will receive an email from the system to confirm you have booked the support call which will be used to contact you about arrangements for the call.

The appointment system is a third-party application. The application provider is not based in the EU and therefore your details will not be stored or processed within the EU, however, we have confirmed that they apply EU standards of data protection and have demonstrated they meet the adequacy tests required by European law/

People who contact us by email

If you email us, your email will be stored via our email provider’s platform (1&1) and are accessible on our computers via our email client which uses a local copy of the emails (as well as them being available via the 1&1 web application). Access to them is protected via device and email-service passwords.

Our use of social media

We run a number of social media channels, but do not collect or process any information outside those channels.

Retention

Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

Third party processors

We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations to support our business.

In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.

Your rights

Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: https://ico.org.uk/for-the-public/

Complaints

If you want to make a compliant about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/

How to withdraw consent and object to processing

Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email. Otherwise, you can contact us, using the contact details below.

If you wish to raise concerns about the way we are processing your data or would like to raise an objection, then please contact us, using the details below, with your concerns.

Keeping your data up to date

It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.

Erasure of your data (the “right to be forgotten”)

Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems.

If you wish to exercise your right to be forgotten, please contact us via the contact details below.

Portability

Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data.

Access to your data

You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.

To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.

Disclosure of information

We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.

More information

For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk

How to contact us

If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact: Mark Gracey via mark@digitalcompliance.co.uk

Changes to our privacy notice

We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at https://digitalcompliancehub.co.uk/privacy-policy/