Updated on 23th May 2018 – GDPR Compliant
This policy applies to information held about clients and prospective clients, suppliers and prospective suppliers, contacts and all other persons about whom Artisan Plastercraft Ltd holds information. By ‘information,’ we mean personal information about you that we collect, use, share and store.
In this policy, “we,” “us,” and “our” means Artisan Plastercraft Ltd (trading as Artisan Plastercraft Ltd), a company registered in England and Wales with No 6907664, registered office, Holmshaw Business Park, Layhams Road, Keston, Kent, BR2 6AR and “you” means the individual to whom the information relates.
What we collect
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
- when browsing our site, your IP address, your browser type and language;
- information about you that you give us in person by filling in forms on our site: www.artisanplastercraft.com (our site) (e.g. the contact us section or to sign up to our mailing list) or by corresponding with us by phone, e-mail or otherwise;
- your name;
- your contact information that you give us such as your address, email address and telephone number;
What we do with the information we gather
We use your information to:
- keep you informed about news, events, new service offers that we think you may find interesting;
- carry out our obligations arising from any agreements entered into between you and us;
- communicate with you;
- administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- keep our site safe and secure;
- comply with legal and regulatory obligations; and
- for security and to check your identity.
Legal basis for processing
Our processing of your personal information is necessary:
- for the performance of contracts to which you will be a party to and in order to take steps at your request prior to you entering into those contracts;
- for the purposes of legitimate interests pursued by us; or
- in order to comply with a legal obligation to which we are subject
- we are allowed to keep your personal information for 30 days after cease of business and will destroy it after this point – unless you specifically “opt-in” to receiving information after 30 days.
In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent from you at the time unless there is otherwise a legal requirement for us to process such information.
Sharing your information
The personal information you provide to us may be shared with other third-party companies, agents, contractors, service providers or affiliated companies if this is necessary to provide you with our art work or services, respond to your inquiries or for any of the purposes described in this policy.
We may also share your personal information with:
- law enforcement agencies, other governmental agencies or third parties if we are required by law to do so; and
- other business entities should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity.
Transferring Your Information outside the UK
Your personal information may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and may also be processed by staff operating outside the EEA who work for us, or for one of our service providers.
When we, or our permitted third parties, transfer your information outside the European Economic Area, we or they will impose obligations on the recipients of that data to protect your information to the standard required in the European Economic Area or otherwise require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where: (i) the transfer is to a country deemed to provide adequate protection of your information by the European Commission; or (ii) where you have consented to the transfer.
At any time, you have the right:
- to request access to or a copy of any personal data (SAR – Single Access Request) which we hold about you (this will not occur a fee) to do so please contact firstname.lastname@example.org;
- to rectification of your personal data, if you consider that the information we are holding is inaccurate;
- to ask us to delete your personal data, if you consider that we do not have the right to hold it;
- to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
- to ask us to stop or start sending you marketing messages as described below in the marketing section;
- to restrict processing of your personal data;
- to data portability (moving some of your personal data elsewhere) in certain circumstances;
- to object to your personal data being processed in certain circumstances; and
- to not be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
Any request from you for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with data protection legislation. We will comply with our legal obligations as regards your rights as a data subject.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change at the following email address email@example.com.
When opting in to be communicated with we may use your personal information to send you information about events, new services, offers etc. You can unsubscribe from receiving them at any time, details of how to unsubscribe will be included on each electronic mailing we send you.
You also have the option of “unsubscribing” from our mailing list at any time thereby disabling any further such e-mail or other communication from being sent to you by emailing firstname.lastname@example.org.
We will action any opt out request from you without delay.
How long will we keep Your information?
As stated above (legal basis) for the purposes of conducting a service with you, we shall keep your information for 30 days cease end of business and then destroy it (unless you choose to opt-in to receiving further communications from us).
We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us periodically reviewing our files to check that information is accurate, up-to-date and still required.
Where we are permitted to send you direct marketing communications we may retain your contact information necessary for this purpose, for as long as you do not unsubscribe from receiving the same from us. If you opt out from marketing, we will retain your information to enable us to respect your wishes to not be contacted for marketing purposes.
Security of your data
We are committed to ensuring that your information is secure within the confines of our building and outside. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Any personal information held about you on computer hard-drives are password encrypted and encrypted when shared across email platforms. Our network drive is backed up and we have a main server which is backed up overnight on a separate server and an external server which also runs backups.
The data you submit via our website and sitting within our developers hosting service is protected with daily backups with a 1-week retention, weekly backups with a 4-week retention and monthly backups with a 2-month retention.
Backups are uploaded off site and held on secure Amazon S3 cloud servers. The server is running an advanced firewall through CSF. The firewall will block any IP’s that do anything it deems as malicious or out of the ordinary. The server also runs daily scans using CXS – Which checks for any instances of viruses or hacking fingerprints.
Links to Other Sites
Questions, comments and requests regarding this policy are welcomed and should be addressed to: email@example.com.
If you have any concerns about our use of your information, you also have the right (as a UK resident) to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.
Changes to this policy
Any changes we make to our policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy.