Webworks-UK Ltd. (“Webworks”) (referred to here as “we”, “us”, or “our”) are strongly committed to protecting personal data.
This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
This policy applies to our websites www.webworksuk.com and www.webworks.london, including our client portal, as well as our own internal systems.
We ask that you read this Policy carefully as it contains important terms about how we will use your information. By accessing or using our websites you agree to be bound by, and comply with, this Policy. Where you create an account on our site you will also be required to indicate your consent to the processing of your Information as set out in this Policy. If you do not agree with or accept this Policy, you should stop using the site immediately.
We may update this Policy from time to time in accordance with the “Changes to this Policy” section below.
Data we may collect from you
We will collect information about you when you visit our websites or do business with us through our client portal (including setting up accounts or ordering services from us). This information may include your name, your contact details (including postal address, email address and telephone number), your payment details (i.e. relating to any payment you make to us in connection with our services), any other information we request from time to time to enable us to provide the site and our service to you, and any other information you provide to us (together the “Information”). Some of the Information may constitute or include Personal Data.
Additionally, we may collect information on your use of the site, such as pages visited, links clicked, non-sensitive text entered, and mouse movements, as well as information more commonly collected such as the referring URL, browser, operating system, cookie information, and Internet Service Provider (“Usage Data”). Our purpose in collecting Usage Data is to better understand how our users use the site.
When collecting and using personal data, our policy is to be transparent about why and how we do it. We hold and process personal data for several purposes, for some of which explicit consent is required from those whose data we process, while for others we have a legitimate and lawful reason for doing so.
The purposes for which we process personal data and for which explicit consent is required from those whose data we process are:
For general communications:
- To provide general updates to our existing or previous clients, prospective clients or partners who have expressed interested in our projects, services, capabilities, insights and business announcements
- To inform our business contacts in the event of important events or warnings such as security incidents or warnings related to systems or services that may impact their own operations
On our website:
We will use your Information for the following purposes:
- to help us identify you and any user accounts you hold with us
- administration of user accounts and any services our users order from us
- research, statistical analysis and behavioural analysis
- to provide insights based on aggregated, anonymous data collected through the research and analysis
- fraud prevention and detection
- billing and order fulfilment
- customising our site and its content to your particular preferences
- to notify you of any changes to the site or to our services that may affect you
- security vetting; and
- improving our services
Cookies and logging personal data:
- provide you with a tailored, enjoyable experience when you access the site
- create and access a login token;
- improve our site; and
- compile statistical reports on visitor activity
- compile statistical reports on visitor activity to make informed decisions about our products and services
Our website will issue cookies to your system when you access and use our site and you will be asked to consent to this at the time (e.g. when you first visit us). Cookies do not affect your privacy or security and cannot read data from your system or read cookie files created by other websites. You can set your system not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted) or you may selectively disable specific cookies on this website, however, some of the features of the site may not function if you remove cookies from your system.
- We routinely record the IP addresses of our website visitors to a security log. None of this data is further processed unless we have a legitimate reason to do so, such as for profiling and blocking threats to our website.
- We also record the IP addresses of our website visitors to raw access and error logs. None of this data is further processed unless there is a legitimate reason to do so, such as troubleshooting. In the case that IP addresses demonstrate malicious or harmful behaviour, we log those addresses by firewall in order to protect our assets.
- Our website uses Strictly Necessary Cookies as part of its core functions. Session data is stored in visitors’ browsers to enable logging in and order processing functionality. These cookies remain active for 12 months. We do not seek consent for session cookies, which expire when you leave our website.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Our websites include contact forms, which mail messages directly to our email servers. We store contact form messages, which include your personal details (email address, name, IP address and any message you submit), which will be recorded on our email servers. We actively require consent to use personal data submitted via our contact forms so that we may engage with the sender via email. This may include marketing emails. Subscribed users may unsubscribe from email marketing at any time.
If you upload images to any of our websites, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images published on any website.
For business purposes:
The purposes for which we have a legitimate and legal basis for processing personal data and for which consent is not required from those whose data we process are:
- To contract, engage, transact and record our dealings with our customers in relation to the services we provide
- To store and routinely move our customers’ website data (backups & database dumps) within our internal infrastructure for the purposes of business continuity, troubleshooting and security.
- To enable us to perform our services effectively, where we are required to be in contact with third parties that are relevant to those services
- To contract, engage, transact and record our dealings with those who provide services to us
- To enable our customers and business contacts to be contacted by us in relation to specific potential opportunities and projects which we reasonably consider to be of legitimate commercial interest to them
- To maintain a record of those who may apply to us for employment or contracting opportunities in order that we can keep in touch with them regarding relevant opportunities that may arise in the future
- To comply with any requirement of law, regulation or a professional body of which we are subject to legal, regulatory and professional obligations; we need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data
- Where consent is required for us to process personal data, we ensure that such consent is freely provided and is clearly specific to the purpose(s) to which the processing relates. This includes making sure that consent is given with specific reference to the activities of our Services.
- When a customer engages our services, they are asked to accept our terms and conditions of service, which includes granting us permission to use their personal data. We maintain customer data on a self-hosted client portal, which is encrypted via SSL certification and user-level authentication. Only staff and contracted administrators have access to this information and access to data related only to their business function is granted.
- On initial engagement with us, a user account is created (and sub accounts if required). These records will include name, contact information, billing & payment information, historical activity and conversations via our ticketing system. Customers deemed to have been inactive for a period of 24 months will be permanently removed from our system, this process is irreversible. Active account owners are able to modify and delete their personal data via our client portal at any time.
- Our Services include web hosting. Our customers’ websites take the form of a database, file and folder structure, which we take precautions to protect from system failure, malicious or harmful threats, and data breach. We are not responsible for the day to day management of our clients’ own customer data privacy. Enquiries regarding personal data held by our customers should be directed to the respective owners of those websites.
- In order to protect our customer’s hosted data, we provide SSL certificate encrypted connections by default and protect our assets by monitoring traffic as outlined above (see Cookies and Logging Personal Data). We also backup to cloud storage facilities. All backup data is encrypted on cloud services and protected by user-level authentication and IP address filtering. We never share backup data with 3rd parties or store them publicly. We maintain up to 5 snapshots of any one website at a time and regularly cleanse our backup repositories. We do not keep backups for longer than 24 months and we remove backups from departing clients within 30 days.
- Accounting information (such as invoices) will be retained for at least seven years in line with current tax legislation. Contractual documentation will be held for at least seven years.
- From time to time, we may be required to migrate our customer’s websites across servers. We do not host our customer’s websites outside of their local geographical boundaries, nor do we host international customers within the EU.
- We will not assist customers in the processing of personal data for marketing purposes unless we are satisfied consent for use of that data has been granted by the data owners. For example, if we are contracted to assist with setting up newsletter services, we will not import bulk contact lists without ensuring they have been gathered legitimately. We may require evidence of the legitimacy of contact data on such occasions
- We use payment gateways to process financial transactions. Respectively, their privacy policies may be found at https://stripe.com/gb/privacy and https://www.paypal.com/en/webapps/mpp/ua/privacy-full. If you pay us using either of those services, you are entering into an agreement with them to use your personal data. If you do not agree with their privacy policies, you should choose an alternative method of payment
We take the security of all the data we hold very seriously and we have internal data protection processes and data storage products with data privacy and security in mind.
Our data storage systems use end-to-end encryption which protects personal data from unauthorised access. We also use other industry-standard platforms on which personal data may be stored, including cloud-based accounting and customer management systems.
Safety of Children and COPPA:
Our services are not intended for and may not permissibly be used by individuals under the age of 13. We do not knowingly collect personal data from persons under 13 or allow them to register. If it comes to our attention that we have collected personal data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact [email protected]
Data locations and sharing:
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We sometimes use third party services located outside of the EU and we provide services to clients that operate internationally. None of our data, including customer information, website content and backups is stored outside of the EU. It is our policy to direct international customers to their own regional privacy legislations, and to host international customer’s websites within their respective privacy zones.
Where we may be required to transfer personal data outside of the EU or to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as defined by the European Commission.
We retain personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence relating to the business engagement and related commercial purposes is 6 years.
Disclosure of your personal information:
We may disclose your Information (including Personal Data) to:
- our agents and service providers who help us to provide our services (with appropriate measures in place to protect your Information);
- third parties you wish to allow to access to your Information through our site;
- law enforcement agencies and/or HMRC in connection with any investigation to help prevent unlawful activity; and
- If our business is sold or integrated with another business your Information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
We may disclose aggregated, anonymous information (i.e. information from which you cannot be personally identified), or insights based on such anonymous information, to selected third parties, including (without limitation) analytics and search engine providers to assist us in the improvement and optimisation of the Site. In such circumstances, we do not disclose any information which can identify you personally.
In the unfortunate event of a data breach, we will notify all potentially affected individuals for who we maintain data within 72hrs of discovery.
What third parties we receive data from:
We do not receive personal data from 3rd parties for marketing purposes.
Occasionally we may receive information about you from other sources, such as credit reference agencies or fraud prevention services, which we will add to the information we already hold about you in order to help us improve and personalise our services to you.
Changes to this privacy statement:
We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on this page, and place notices on other pages of the site as applicable, so that you may be aware of the Information we collect and how we use it at all times.
Individuals’ rights and how to exercise them:
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at [email protected]. We may charge for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (currently 40 days).
If you require a report of any data we hold about you on our website or Customer Portal, or want us to delete your data, you may request it below using your email address:
Amendment of personal data
To update personal data submitted to us, you may email us at [email protected] or by amending the personal details held on relevant applications with which you registered.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw their consent at any time. To withdraw consent to our processing of your personal data please email us at [email protected].
If you do want to complain about our use of personal data, please send an email with the details of your complaint to [email protected]. You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
Other data subject rights
This privacy statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please send an email to [email protected].
Data controller and contact information:
Webworks-UK Ltd. (registered in England & Wales – Company number 09511025)
If you have any questions about this privacy statement or how and why we process personal data, please contact us using the relevant contact details below:
Data Protection Officer
Webworks UK Ltd.
86-90 Paul Street
Company No: 09511025
Email: [email protected]