Last updated : 25th May 2018
GDPR has caused a bit of a stir, but it’s really quite simple for most small businesses like ours. The difficulty has been cutting through the nonsense and resisting the temptation to produce a 10,000 word essay full of sentences that are as incomprehensible as most EULAs, making your position less clear rather than more clear.
So this is our attempt at a plain English privacy notice which encompasses the spirit of the GDPR laws. It contains no fake legalese and is an honest statement of intent for which I’ll be happy to answer any questions you may have if you email them to me at firstname.lastname@example.org.
Just like the GDPR rules themselves, this is a work in progress. Let us know if you think anything is missing, and check back regularly to see if there have been any changes. Above all, be assured that we take the security of your personal data - all data in fact - very seriously.
Any data that we hold that identifies you as an individual we call Personally Identifiable Data, or “PID” for short. Some other sites call it "PII" or Personally Identifiable Information, but we're calling it PID.
We store all PID on a 3rd party hosted CRM database which has been vetted and verified by us (there is not yet any formal accreditation) as being GDPR compliant in the way it encrypts, stores and ultimately deletes PID.
We intentionally collect and store contact details sent to us as sales or product enquiries, or as part of our business relationship with you or your company. These details include names, phone numbers, email addresses and anything else contextually relevant. We also store the details of any contact we have with you, so we have an accurate record of any dealings or agreements made.
All this contact data is used for precisely that – to stay in contact with you. For enquiries it allows us to send you the relevant product information, and for our customers it is essential for the successful provision of our services.
Sales enquiry data is considered cold after 3 months of inactivity and will be deleted.
Past relationship data will be considered cold after 12 months, and we may request your permission to keep it on our system then and every 6 months thereafter. The reason for this is that some of our services are used for brief periods every so often, with returning customers requiring the same configurations as before. Keeping this data would facilitate speedy reactivation of such services. If no such permission is granted at any of these points then all PID will be irreversibly deleted.
Any permissions given for the use of your PID can be revoked at any time by emailing us at email@example.com.
You have the right to know what PID we hold for you, and you can request this information by emailing firstname.lastname@example.org.
You have the right to ask us to delete your PID by emailing your request to email@example.com. We may be compelled to keep certain data by law.
Note that revoking permissions or having your data deleted may impact the services we provide to you, and we will always inform you if this is the case before actioning any requests of this nature.
We do not collect or store anything about your sexuality, race, religion, political beliefs, favourite child or anything else which is none of our business. We do not profile you as a person, that's not our business. We do not target you for advertising. Again, that's not our business.
We use 3rd party hosted web services to serve our web pages, and whilst we make every effort to turn off tracking and logging, we cannot assert that they do not still gather data from your browser. We do not download or otherwise view or store any data of this nature. It is of no use to our business.
We use email a lot, as probably do you too. I never delete my emails. If you want me to delete any correspondence via email between us then email me at firstname.lastname@example.org. All I ask is that you appreciate the irony.
We may be compelled to give any PID we have to law or regulatory bodies. We will let you know if this happens, so long as we are not forbidden from doing so.
The bottom line is, if you have any concerns at all with how we use your data then contact us at email@example.com.