Spa Web Design Limited
General Data Protection Regulation (GDPR)
This privacy notice is in line with the data protection legislation (known as General Data Protection Regulation – GDPR).
- The data that we hold
- How we use it
- Why we need it
- Who has access to it
- What your rights are
- New details of who to contact with any queries
Spa Web Design Limited is committed to protecting the data it collects in accordance with relevant information and applies the current laws, which are known as the General Data Protection Regulation (GDPR).
Spa Web Design will be what’s known as the ‘controller’ of the personal data you provide to us. We can be contacted via our registered office 1623 Warwick Rd, Knowle, Solihull B93 9LF. Our Data Compliance Officer is Roger Green and can be contacted via our contact form.
We are an ICO registered company
Spa Web Design Limited is registered with the Information Commissioner’s Office ico tier 1 certificate ZA914675
How the law protects you
Your privacy is protected by law. This section explains how this works.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside Spa Web Design.
The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information although even then it must not unfairly go against what is right and best for you.
Information we collect about you
We may collect personal data about you, including for example if you have supplied it to us your name, phone number and email address.
Examples of the sources of data we collect about you:
- Contact form
- When you talk to us on the telephone, personally or communicate with us via our website
- In emails and letters
- When you use our website
- From contracts between us
- Payment and transactional data
How we process your data
GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties.
We may process your personal data for the following purposes, if relevant;
- Responding to your enquiries
- Provide you with information about the products and services we offer
- To build a website for you
- Notify you about changes to our terms and conditions
- To access your domain names and social media accounts as part of the work we do for you
- Tailor your experience on our website
- Respond to complaints and seek to resolve them
We process this data on the basis of our legitimate interest to run the Spa Web Design Limited in an efficient and proper way for the benefit of our business. This includes managing our financial position, planning, audit, communications and business capability. We also process your personal data where required to comply with laws and regulations that apply to us.
How we will use the information about you
Data is stored on a secure server to prevent unauthorised access. No data held by the Spa Web Design Limited will be supplied outside the European Economic Area (EEA) other than to companies that are signed up to the Privacy Shield. https://www.privacyshield.gov
There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn’t an over-riding legitimate need.
Unless we explain otherwise to you, we’ll hold your personal information based on the following retention periods for personal data:
- When we carry out work for you, we’ll keep the personal data you give us for as long as we have reasonable business needs so we can comply with our legal and contractual obligations.
When we may share your information
We will treat your personal information as private and confidential, but may disclose it outside of Spa Web Design if:
- You consent
- Needed by third parties to help manage your records (such as our server company).
- HM Revenue and Customs or other statutory authorities who require it
- The Law or the public interest permits and requires it
- Required by us or others to investigate or prevent crime
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. For example, payment handling.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
Examples of the kind of third parties we work with are:
- IT companies who support our business
- Sub-contractors who we may use to carry out work on your behalf
- PayPal for handling website payments
- Direct marketing companies such as Mail Chimp who help us manage our electronic communications with you.
We do not share data with third parties for their own purposes.
What are your rights?
You have the right to ask us to provide you with access to and rectification or erasure of your personal data. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.
You have the right to object to certain purposes for processing, in particular general information email messages.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Compliance Officer who will investigate the matter further.
If you wish to stop us from providing you with information via email then you can opt out at any time by ticking the appropriate unsubscribe box within an email or contacting us directly using our contact form.
Should you be unhappy with our processing of your personal data, you have a right to complain to the Information Commissioner’s Office, which is the regulator for data protection.
Changes to this policy
Any changes we make to this policy in the future will be available on our website (www.spawebdesign.co.uk) as well as available on request by contacting our Data Compliance Officer.
In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner’s Office within 72 hours and will inform the affected members as soon as practically possible there afterwards.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the Data Compliance Officer, you can contact us by going to the contact section of our website. Alternatively, you can write to the Data Compliance Officer via our registered office, 1623 Warwick Rd, Knowle, Solihull B93 9LF.
This notice was last updated on 06/05/2021