Table of Contents
- Why we value your privacy
- How we collect information
- What information we hold
- Where we store your information
- What we use your information for
- How long we store your information for
- Who has access to information about you
- The steps we take to keep your information private
- How to complain
- Changes to the policy
We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how Element Studio Limited (we) collect and treat any information you give us. Where we hold any personal data we are the data controller. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.
This policy covers;
We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We’re uncomfortable with the information companies, governments, and other organisations keep on file, so we ask for only the bare minimum from our customers. We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by law.
We ask for contact information including your name, email address, and phone number, on our website so that we can reply to your enquiry. We ask for your account and contact information when you hire or buy something from us. Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you give it to us directly.
When you contact us by email or through our website, we collect your name, email address, phone number, and the company you work for, if you’ve given us that. If you do business with us, we also collect your business name and bank details and keep records of the invoices we send you and the payments you make. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we need to comply with a legal obligation.
We use Google Apps for our emails, so email correspondence we have with you will also be stored in Google Mail and occasionally in Google Calendar. If we do business, we store your information in our accounts software, Xero. To the best of our knowledge these systems are all GDPR-compliant.
We use various third-party services in the course of our business, some of which can access personal data, either manually or automatically depending on the service. To the best of our knowledge, all the third-party service we rely on are GDPR-compliant.
We use Google Mail to run our email services, and as such, client contact information is stored on Google's servers as part of any ongoing correspondence sent through our Google Mail accounts.
We use Google Analytics to monitor our website's traffic and gain insight into user trends over time. Google Analytics does capture the IP address of our visitors for the sake of determining geolocation, however this information is anonymized and can in no way be used to identify you personally.
We will use your information to keep in touch over the course of a project, and to send you invoices, statements, or reminders. If you engage us for any of our retained services or hosting we may contact you with important notifications relating to your purchased service. Occasionally, you might need something additional on your project involving skills outside our core offering. With your permission, we will pass your details on to one of our partners who we feel could fit your requirements.
We keep your details on file for the duration of your project. If we don't hear from you or do any further business with you for four months EL-30 - Need to add rule to delete contacts To Do , we'll remove your details from our Google Mail (email). If you've done business with us, we're required by law to keep all bills and invoices on file for six years for tax purposes - as such, your details may continue to be stored in Xero (our book keeping system) on any relevant invoices for that length of time.
When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided, but individual employees have access to only what they need to do their job. We do not share your information with anyone other than our partner services, with your permission.
Where we store your information in third-party services, we restrict access only to people who need it. We store passwords an encrypted password manager, use a different, randomly generated password for each service, and never use the same password twice. The computers we use are all protected by a passcode or fingerprint access. These computers ask for authentication whenever they’re started or after 30 minutes of inactivity. Our mobile devices are also protected by a fingerprint or facial recognition. If one of our computers or mobile devices is lost or stolen, we can wipe all data from the device remotely.
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We take complaints very seriously. If you’ve any reason to complain about the ways we handle your privacy, please contact us by email at firstname.lastname@example.org or by phone on 01242 651 111. If you’re the letter writing type, send your envelope to Element Studio, 16 Imperial Square, Cheltenham, Gloucestershire, GL50 1QZ
If we change the contents of this policy, those changes will become effective the moment we publish them on our website.