General Data Protection (Privacy) Policy
Privacy is important to us
Woollybear Design is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Woollybear Design may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What we collect
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode and address
- user role on a specific site, such as editor, admin etc
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping. We use Trello to manage our clients, projects and tasks
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Log in / Registration – Where we provide log in mechanisms for site users a cookie is created at login, for the duration of the session. Each cookie contains a unique reference number only (no personal information) which is used to confirm you are authorised to adjust / update your details.
Google Analytics – to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Find and control your cookies
All of the major browser providers offer advice on setting up and using the privacy and security functions for their products. If you required technical advice or support for a specific browser / version please contact the provider or visit their website for further details: www.microsoft.com / www.mozilla.com / www.apple.com
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information please write to: Woollybear Design, 29-31 Monson Road, Tunbridge Wells, Kent TN1 1LS.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.
What personal information do we hold, why and where?
Enquiries: – Website, Email and Telephone
- First Name
We only take and record the information required to action the specific enquiry. Data within website form completions (via email) and direct email enquiries is stored on the central email account of the team member(s) handling. This data is held on a secure mail server and is retained in order to allow us to manage the inquiry. Enquiry data is not stored on the website web server. Personal data recorded during telephone conversations is not stored but may be communicated internally via email. Data records can be deleted by providing a written request to firstname.lastname@example.org
We only take and record the information required to create user profiles for clients to access their WordPress sites. A unique username and password are generated for each user for each of their sites, and this password can be changed to one the user chooses. The username and initial password are communicated via email, but we do not keep a record of any reset passwords.
Name, email, username and password information is kept on the server(s) used to host the client websites. All client data entered into their WordPress sites, including content such as copy, images and videos, are stored in the WordPress database for as long as the site is live. When the site is closed, the client can request a copy of this content should they wish it. If no copy data is required, it is deleted.
User names can be deleted by providing a written request to email@example.com
Newsletter sign ups
- First name
We retain the first name and email addresses of those customers who have opted in to receive our newsletter, special offers and other marketing information. We use Mailchimp to manage our marketing communications. Users are given the option to opt in when they are provided with their usernames and initial passwords.
Signup records can be deleted by selecting to unsubscribe on the mailing, or by providing a written request to firstname.lastname@example.org
We use other third-party data analytics service providers in order to improve the Services Management Events may use tools from third-party service providers, such as Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Woollybear Design may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services do not have access to certain personal Data provided by Users of this Website.
How we communicate
We will not share personal information with unknown parties including those using email addresses not supplied during our time working with you. We will only communicate using the contact details previously supplied taking care of our clients personal data at all times.
We take commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorised access, disclosure, alteration, and destruction.
All our data capture platforms including email and WordPress are encrypted using secure server licences (HTTPS), the web servers operate behind a secure firewall and emails are held on a secure exchange server. We use a third party payment processor Stripe that is the controller of your credit card information. Our contract with this party that receive your credit or debit card account information requires them to keep it secure and confidential.
Our staff all receive regular training on the importance of protecting our clients personal information and follow our procedures when communicating with third parties and users.
Any incident will be assessed on by case basis with the following being considered:
- Whether there are any legal/contractual notification requirements;
- Whether notification would assist the individual affected, could they act to mitigate risks?
- Whether notification would help prevent the unauthorised or unlawful use of personal data?
- If a large number of people are affected, or there are very serious consequences,
- whether the Information Commissioner’s Office (ICO) should be notified, guidance on when and how to notify ICO is available at https://ico.org.uk/media/1536/breach_reporting.pdf.
Notification to the individuals whose personal data has been affected by the incident will include a description of how and when the breach occurred and the data involved.
Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks.
Individuals will also be provided with a way in which they can contact us for further information or to ask questions on what has occurred.