PRIVACY POLICY

1. Introduction

1.1. We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your personal data.
1.2. We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website

2. How we use your personal data

2.1. In this Section 2 we have set out:

2.1.1. the general categories of personal data that we may process;
2.1.2. in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
2.1.3. the purposes for which we may process personal data; and
2.2. the legal bases of the processing.

2.2.1. Usage Data

We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent and our legitimate interests, namely monitoring and improving our website and services.

2.2.2. Account data

We may process your account data. The account data may include your name and email address. The source of the account data is you . The account data may be processed providing our services and communicating with you. The legal basis for this processing is consent and our legitimate interests, namely the proper administration of our business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

2.2.3. Service Data

We may process the personal data that you provided in the course of the using our services. The service data may include, your name, contact details, nature of your service request. The source of the service data is you. The service data may be processed for the purposes of providing our services and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

2.2.4. Enquiry Data

We may process information contained in any enquiry you submit to us regarding products and/or services. The enquiry data may be processed for the purposes of responding to your enquiry regarding any offers, marketing and selling relevant products and/or services to you. The legal basis for this processing is our legitimate interests namely the proper administration of our business, providing you with excellent customer services and being responsive to your enquiries.

2.2.5. Transaction Data

While we do not offer any online payment service features on our website, we will process information relating to transactions, for the purchases of services, that you enter into with us through our invoicing system, which gives you choices on how you can make payment for services purchased. Depending on your preferred payment method, transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests, namely the proper administration of our business.

2.2.6. Correspondence Data

We may process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, our business and communicating with our customers.

2.2.7. General Category Data

In the main we have minimized the data we require to provide you with requested and contracted services to this end, we may process, your name, contact details including your address, email address, phone and mobile number. The source of this data is you. The legal basis for this processing is our legitimate interests, namely the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

2.3. In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject.

3. Providing your personal data to others

3.1. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

3.2. We may disclose your name and email address to our suppliers or subcontractors insofar as reasonably necessary for the purpose of fulfilling our contractual agreement with you.
3.3. In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject.

4. International transfers of your personal data

4.1. We do not transfer data out of our office which is physically located in the UK and will not unless deemed necessary due to contractual obligation with you transfer any of your personal data outside of the EEA.

4.2. The hosting facilities for our website are situated in UK and again our hosting company does not transfer any customer data outside of the UK without explicit customer consent.

5. Retaining and deleting personal data

5.1. This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

5.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

5.3. It is not possible for us to specify in advance via this privacy policy the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

5.3.1. If you are an active and ongoing customer your data will be retained as long as your contract with us is active and ongoing.
5.3.2. In the event that your service contract comes to a natural conclusion or is terminated:
5.3.3. Transaction data will be retained for 7-years to comply with UK Tax Law.
5.3.4. All other data will be deleted 3-years after the last service you purchased from us was successfully completed.

5.4. Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or where necessary for managing legal disputes.

6. Amendments

6.1. We may update this policy from time to time by publishing a new version on our website.

6.2. You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3. We may notify you of changes to this policy by email.

7. Your rights

7.1. As an ethical business which primarily provides business to business services the amount of personal data we process in the delivery of our services is tiny, however we do recognize that within our customer base we are dealing with people. We have summarized your rights as they apply in the context of our business. For full and detailed explanation of data subject rights under the GDPR please visit the Information commissioner’s office: https://ico.org.uk/.

Under the GDPR:

7.1.1. You have the right to instruct us to provide you with any personal information we hold about you; the purpose of holding that data, who we might share it with and why. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee, your will need to supply appropriate evidence of identity. For this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address. Request can be made by emailing us at: [email protected]
7.1.2. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
7.1.3. You have the right to be forgotten. For example you may have been a past client of our and might want your records with the exception of transactional data deleted before our standards 3-year retention period. Unless there is a legal dispute pending, your right to exercise your right to be forgotten will be carried out within 3-working days.
7.1.4. Chalkmedia do not market the business and our services to our customers through email marketing platforms and campaigns. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to withdraw your consent to the use of your personal information for marketing purposes.
7.1.5. You have the right to complain to us about any disagreements you might have about how we may need to process your data and also have the right to complain about us to the Information Commissioners Office (ICO)if we can’t come to a mutually agreeable resolution.
7.1.5.1. To complain to us and see resolution email us: [email protected]
7.1.5.2. To complain about us to the ICO visit: https://ico.org.uk/

7.2. You may exercise any of your rights in relation to your personal data by written notice to us in the form of an email.

8. About cookies

8.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

8.2. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

9. Cookies that we use

9.1. We use cookies for the following purposes:

9.1.1. analysis – we use cookies to help us to analyse the use and performance of our website and services. The purpose of using analysis cookies is to improve our website, our services and your customer experience when using our website.
9.1.2. cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally. The use of this cookie used for the purpose of consent to our analysis cookie.

9.2. We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/

10. Website & Cyber Security

10.1. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

10.2. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

10.3. At our office we use a range of cyber security products and services to ensure that any personal information which is stored on our computers is safe and secure. As part of our cyber security strategy we have a restricted access policy which means that only those members of our staff who need to access your data for the performance or a service can do so.

10.4. All our systems are regularly backed up on an isolated drive which is not connected to the internet.

11. Data Breach

11.1. We have done everything humanly possible to protect your data when it comes into us through our website or when you communicate to us in other means.

11.2. In the event of a Data Breach we will notify the Information Commissioners Office and you within 72 hours of discovering such an event to inform:

11.2.1. how and when the breach occurred,
11.2.2. what if any data was stolen or damaged, and
11.2.3. What we are doing to rectify the situation, including providing you with advice on steps you might need to take (if any)

12. Our details

12.1. This website is owned and operated by Chalkmedia Limited.

12.2. We are registered in England and Wales under registration number: 08710025, and our registered office is at 25 Hallmark House, Ramsden Heath, Essex CM11 1PU.

12.3. Our principal place of business is at 25 Hallmark House, Ramsden Heath, Essex CM11 1PU.

12.4. You can contact us:

12.4.1. by post, using the postal address given above;
12.4.2. using our website contact form;
12.4.3. by telephone, on 01268 711205 Monday to Friday between 9am and 5.30pm or
12.4.4. by email, [email protected]

12.5. If you have any questions relating to our privacy policy please do not hesitate to contact us by email: [email protected]