At WEB SHERIFF® we’re committed to protecting and respecting your privacy and, as you’d expect, we fully endorse and adhere to the EU’s General Data Protection Regulation 2016/679 (“GDPR”) and the UK’s Data Protection Act 2018 (“DPA 2018”).
This policy sets out – in plain English – the basis upon which any personal data (ie. any personal information about you from which you can be identified) that we collect from you, or that you provide to us, shall be processed by us. As such, we would kindly ask you to read the following policy carefully in order to fully understand our procedures, the purposes for which we use such information, how it is treated and your choices regarding our use of such data.
2. WHO WE ARE AND HOW YOU CAN CONTACT US
We are Web Sheriff Ltd & Web Sheriff, Inc. (individually and collectively “we”, “us”, “WEB SHERIFF®”). For the purposes of the DPA 2018, the GDPR and all the corresponding legislation and regulations in the United Kingdom and internationally, the ‘Data Controller’ is Web Sheriff Ltd, a company registered in England and Wales under number 4093131 with registered office is situated at 30 City Road, London EC1Y 2AB.
When we refer to “our web-site”, we are referring to our web-site at www.WebSheriff.com.
3. GDPR PRINCIPLES
The GDPR requires that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up-to-date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
4. INFORMATION WE MAY COLLECT FROM YOU
We may process (ie. collect, use and transfer) and store / keep a record of your personal data including but not limited to the following:
- Your name (including your title);
- Your company / organisation name;
- Your contact information (including your billing address, home address, business address, email address and telephone numbers);
- Your financial information (including your bank account and payment card details, as well as transaction details in respect of payments to and from you);
- Web-site user data (including your IP address, browser type, operating system, cookies etc) – see more on the ‘Cookies’ section of this policy; and
- Other information about you, which is openly available via public records and on the internet.
You are not required to provide any of this information but we may not be able to provide you with the requested services if you refuse to do so.
By visiting our web-site, we may keep details of your visits and the resources that you access (strictly as applicable).
5. LEGAL BASIS FOR DATA PROCESSING
In order to process your personal data, we rely on the following legal basis as follows:
- The data processing is necessary for us to enter into / fulfil a contract with you; or
- The data processing is required for compliance with a legal obligation; or
- You consent to the data processing; or
- We have a legitimate interest in carrying out the data processing (ie. when we have a business / commercial reason to use your information) unless this is overridden by your interests, fundamental rights or freedom. This includes but is not limited to, for marketing purposes, customer services, network and information security, communication with you and the data processing for the performance of a task carried out in the public interest.
6. USES MADE OF SUCH INFORMATION
We may process information held about you to do the following:
- To register you as a new client;
- To carry out our obligations or exercise our rights arising from any contracts we may enter into with you
- To ensure that the content from our site is presented in the most effective manner for you and for your computer;
- To share your personal data with third parties – but strictly as detailed in Paragraph 7. further below;
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes (again strictly as applicable);
- To allow you to participate in interactive features of our service, again only when you choose to do so
- To manage payments and collect / recover money that is owed to us; and
- To notify you about changes to our service.
7. SHARING OF PERSONAL INFORMATION
The very nature of some of the services we offer means that we may have to share your personal information for the purposes of providing the services, which you have requested, from us. We will only ever share your personal information with trusted organisations and only after obtaining your written consent – such organisations include, but are not limited to, the following:
- Agents and advisers we use;
- HM Revenue & Customs and other regulators / authorities; and
- Companies, organisations and individuals that introduce us to you or that we introduce you to
We always request of all organisations who we share your data with, that they respect the security of your personal data and to treat it in accordance with the law. You can also find details of how these third parties use your personal information by looking at their respective privacy policies (usually on their web-sites).
We may also disclose your personal data in the following ways:
- In the event of a reorganisation, sale or takeover, with the organisation(s) involved in the reorganisation, sale or takeover; or
- To the extent required by any competent authority or applicable law in which case we shall inform you of such required disclosure prior to processing such disclosure unless prevented from doing so pursuant to applicable law.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will keep your personal information for as long as you are our client.
After you stop being a client, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
At WEB SHERIFF® we respect the lawful and correct treatment of your personal information and, as such, the following are areas in which we shall not use your personal information without your consent:
- We will only collect sufficient personal information for the uses set out above;
- We will endeavour to keep your personal information up-to-date;
- We will not retain your personal information longer than necessary unless required to do so by law;
- We will operate appropriate technical and organisational processes to protect your personal information against unauthorised or unlawful access or processing and against accidental loss or destruction; and
- We will endeavour to put in place safeguards in order to ensure the safe transfer of your personal information to a country outside the European Economic Area in line with the standards that apply within the EEA (please see further below for additional details).
10. IP ADDRESSES
We may collect depersonalised information about your computer, including – strictly where freely available – your IP address, operating system and browser type, again purely for system administration when your visit our website. This is statistical data about our users’ browsing actions and patterns in order to describe our sales, customers, traffic patterns and other site information to prospective partners, advertisers, investors and other reputable third parties and for other lawful purposes and, for the avoidance of doubt, does not identify any individual.
12. WHERE WE STORE YOUR PERSONAL DATA
The data that we collect and process from you may be transferred to and stored at a destination outside the European Economic Area (“EEA” – which consists of EU member states, Iceland, Liechtenstein and Norway). Please note that we will inform you if we transfer your personal data outside the EEA.
We will only process your personal data outside the EEA if / to:
- You instruct us to do so;
- Comply with a legal duty;
- Work with our agents and advisors who we use to help provide services to you.
Please also note that your personal data may be processed by WEB SHERIFF® staff operating outside the EEA (eg. in North & South America).
Although the transmission of information via the internet is never completely secure, we shall nevertheless do our utmost to protect your personal data – albeit that we cannot categorically guarantee the security of data transmitted to our site and all transmissions via the internet are ultimately at the sender’s own risk.
Once we have received your information, however, we will impose and implement strict procedures and security features in order to minimize any risk of unauthorized access. We will also limit access to your personal data to employees, agents, contractors and relevant third parties who has a business need to know. They will only access to your data on our instructions and under strict confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (eg. the ICO) of a breach where we are legally required to do so.
13. LINKING SITES
Our web-site may, from-time-to-time, contain links to and from the web-sites of our partner networks, advertisers and affiliates (again strictly as applicable). As such, this is a reminder that, if you decide to follow a link to any of these web-sites, each will have their own privacy policies and, clearly, we cannot accept any responsibility or liability for these policies on third party web-sites. We would strongly recommend, therefore, that you check these sites’ policies to ensure that you are happy with them before you submit any personal data to such websites.
14. YOUR RIGHTS & ACCESS TO INFORMATION
The GDPR expressly provides you with the following rights:
- Right to access (also known as a “data subject access request”), which enables you to receive a copy of the personal data we have about you and to ensure the correct processing of your personal data;
- Right to rectify, which enables you to have corrected any incomplete / inaccurate data we hold about you;
- Right to restrict the processing of your personal data, which enables you to and remove information held about you. Should we hold personal information, you are of course welcome to exercise your rights in accordance with the GDPR. Any access request may be subject to a modest and discretionary administrative fee to contribute towards our costs of providing you with details of the information we hold about you, although we generally prefer to furnish you with such information free-of-charge.
- Right to erasure, which enables you to ask us to delete the personal data we have;
- Right to request a transfer of data to a third party (only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you).
- Right to withdraw consent to us using your personal data at any time. Please contact us using the details set out further above if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services.
- Right to make a complaint – you have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.ord.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.