Creasis Limited is a company registered in England and Wales (company number 08833489). We are registered with the UK Data Protection Registrar, reference number ZA392959.
1.1 In this policy, "we", "us" and "our" refer to Creasis Ltd.
1.2 “Client”, "User", "Visitor" refer to "you", a customer of Creasis Ltd.
1.3 "Services" includes our websites, applications and other platforms such as our CMS.
1.2 This policy applies where we are acting as a "data controller" with respect to the personal data of our website visitors and service users; in other words, why we process personal data and by what means.
2.1 For a detailed breakdown of GDPR related terms please see the following ICO Guidance.
3. Data We Process
3.1 We may process certain types of personal data about you as follows:
- Personal Data which may include your first name, last name, email address, telephone number or username.
- Technical Data which may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- Usage Data which may include information about how you use our website, products and services. Consequently, we process Aggregated Data. However, this does not reveal your identity by itself, therefore, it is not personal data. For example, we review Usage Data to work out the percentage of website users whom use a specific feature of our site. We cannot track that data back to one identifiable natural person i.e. you.
3.2 We do not collect any Sensitive Data about you, neither do we collect any information about criminal convictions and offences.
4. How We Collect Data
4.1 Direct Communication: You may provide your personal data by filling in a contact form on one of our websites or by communicating with us by post, phone, email or otherwise.
4.3 Third parties: We may receive personal data about you from various third parties and public sources, these include:
5. Our Reasons for Processing Data
5.1 We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where there is a contractual obligation between us.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights are not affected.
- Where we need to comply with a legal or regulatory obligation.
5.2 There are 6 legal bases for processing personal data (as permitted by the GDPR). To explore these terms in more detail please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
5.3 We may process Personal Data because it allows us to communicate with you manage our relationship with you. For instance, if you complete a contact form on one of our websites, then you can reasonably expect a response from us.
5.4 We may process Technical Data because it allows us to safeguard our services and technology. This is to ensure that you can receive help should there be a technical problem. Additionally, we need to ensure that the users of our services are genuine and not fraudulent. The purpose of this is for the protection and security of our business and your personal data.
5.5 We may process Usage Data to understand and analyse usage trends and preferences, to improve our services and develop new features and functionalities. All data will be anonymised or aggregated therefore it is not personal data.
6. Disclosures of Your Data
6.2 We require all third parties to whom we transfer your data, to respect the security of your personal data and to treat it in accordance with the law and under our direct instruction.
7. International Transfers of Your Data
7.1 Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
7.2 Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of data protection. We will only transfer your personal data to countries or services providers that adhere to good security practices when processing personal data. For instance, we may transfer data to a company based in the US, such as Google Analytics because they are part of the EU-US Privacy Shield, which requires them to provide a similar level of protection.
7.3 In the unlikely event that this is not the case, we will request your explicit consent or simply not transfer personal data at all. You will have the right to withdraw this consent at any time.
8. Data Retention
8.1 We will not keep your personal data for any longer than necessary.
8.2 We will retain your personal data as follows:
- Personal Data will be retained for as long as necessary following acquisition, namely for as long as it is relevant to our interests and the client's. This could be for the duration of a contract between us and the client.
- Technical Data will be retained for a maximum period of 7 days following acquisition, in order for us to assist users of our services should they experience any technical issues, or ensure the continued availability of our services.
- Usage Data will be retained for a maximum period of 36 months in accordance with our Google Analytics settings. This will allow us to analyse trends and improve our services.
9. Data Erasure
9.1 Data subjects have a right to request the erasure of their personal data, as long as the original legal basis for processing the data, permits the data subject to do so. (See Section 10).
9.2 For access, amendment and erasure enquiries please contact email@example.com
9.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights) providing that your request is not repetitive or excessive.
9.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to those whom have no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex. In this case, we will notify you and keep you updated.
9.6 If you are not happy with any aspect of how we collect and use your data, please contact us.
Our full details are:
- Full name of legal entity: Creasis Ltd.
- Email address: firstname.lastname@example.org
- Postal address: 7 Courtenay Park Road, Newton Abbot, Devon, England, TQ12 2HD.
- Telephone number: +44 (0)1803 500470
- Data Privacy Manager: Mr Craig Mason
- Data Privacy Manager's email address: email@example.com
9.7 Additionally, if you are not satisfied with our handling of your request, you have the right to complain to the Information Commissioner’s Office (ICO).
10. Your Rights
10.1 Under certain circumstances, you have rights under the GDPR in relation to your personal data. These include the right to. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
10.3 Not all rights under the GDPR can be exercised; it is dependent on the lawful basis that was used to process the personal data in the first place. For more information see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
12. Data Security
12.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
12.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach, where we are legally required to do so.
13. Changes and Updates to this Policy
13.1 Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. We'll ensure that it is accessible and indicate the date of the latest revision. For significant changes (and if we hold a current email address) we will notify you by email.
Creasis. Your partner in ideas.