2. Visitors to our websites
Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you're providing personal data and how we will be using it.
Our website uses our own CMS (content management system) hosted on our own servers.
2.1 Google Analytics
When someone visits our website (https://www.web-project.co.uk) we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
If you click on a link in one of our marketing emails we will place a tracking cookie in your browser which we use to help improve the usability of our web site and also to help determine the services that we believe will be most useful to you.
If you select the option to remember your username on our Customer Secure Area (https://www.web-project.co.uk/clientarea), the username is stored in a cookie, so you don't need to type it again next time your visit. If you don't select this option at login, we will not use the cookie. Your password is never stored (unless you opt to do so via your browser).
2.3. Online forms
If you fill out one of our contact forms on our website a notification email is sent to the relevant team within WebProject, but the data you supply is stored within a database on the same private server network as our website. As our site uses SSL (https) any data you submit is encrypted on its way to the database.
2.4. Online orders
When you place an order via our website we will ask for your name, address, contact information and other information relevant to the order. This information will only be used for the purposes of delivering the services we are providing; however, data may be shared with third party service providers for the purposes of delivering the service (e.g. your details will be shared with a domain registry for the purposes of registering a domain).
Your data is stored on our own servers. This hardware is located, in the following Europeanian datacenters:
OVH Erith - London, UK
OVH RBX1 - France, Roubaix
OVH RBX2 - France, Roubaix
OVH RBX3 - France, Roubaix
OVH RBX4 - France, Roubaix
OVH RBX5 - France, Roubaix
Security of infrastructures: OVH is committed to ensuring optimal security for its infrastructures. This includes implementing a security policy for information systems, and meeting the requirements for multiple standards and certifications (PCI-DSS certification, ISO/IEC 27001 certification, SOC 1 TYPE II and SOC 2 TYPE II certificates, etc.).
As for backups stored in the Microsoft Cloud data centre (also ISO/IEC 27701 certified) in Europe;
None of your data is stored or transferred outside the Europe and therefore not transferred outside the EEA.
We manage the security of our services and therefore your data ourselves. More information about how we manage the security of our services can be found in our GDPR statement https://www.web-project.co.uk/general-data-protection-regulation
3. Customer data
All the data we hold on a customer is available via our Customer Secure Area ( https://www.web-project.co.uk/clientarea ). Personal information is shown under the "Contact Details" section and can be edited here too. Services that we provide to are shown under "Active Services" and all invoice payments are available under the "Billing & Invoices" section. Support Ticket conversations and transactions can be viewed under the "Support" section of the Portal.
4. People who receive our newsletters
We use our own system for delivering our email newsletters, run on our own servers. As noted above we make use of a tracking cookie to track the way our newsletters are read.
Every time you receive our email newsletter we will include a link to enable you to unsubscribe should you wish to stop receiving them. We honour such requests.
5. People who call our office
If you call our support helpline, we will already have your information stored in our customer database. We may use this information to verify your identity before helping with your enquiry. We will update our records with details of your query and how it was resolved.
If you call our sales line, we will ask for the minimal information we need to provide any information relating to your call. The details will be stored in our CRM for the purposes of following up with you further to the discussion; if you become a customer your details will be stored in our support database.
6. People who we email
Any emails we receive are stored locally on our computers within our email client. Access to them is protected via Windows User accounts and we also use Windows Encryption. We also scan the email for viruses when it arrives on our servers and again before it is delivered to our local computers.
7. Our use of social media
We manage our social media ourselves therefore we don't use any third-party providers.
8. Employee data
When someone joins our team, we will only collect and ask for personal information that is required for being an employee. We will keep these records during your employment and for up to 6 years after termination of your employment. We will also keep your payroll records up to 7 years. If we record working time records, we retain these for 2 years and any immigration check information for 2 years. All the information will be stored, within our systems, securely.
If you send us application forms or your CV, we will keep the information for as long as we're considering your application. If you become an employee, the information will be added to your personnel file and kept in line with our policy on keeping employee records. If your application is unsuccessful we will delete the information after 6 months unless you consent to us retaining them for any longer (for example for any future opportunities). All the information will be stored, within our systems, securely.
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
11. Third party processors
The only third-party processor we use is our accountants who are provided with minimal contract information for the purposes of managing our business accounts. They only use the data within their systems for this purpose and will not use your data for any other purpose.
12. Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner's website: https://ico.org.uk/for-the-public/
If you want to make a complaint about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner's Office: https://ico.org.uk/concerns
12.2. How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the "unsubscribe" link at the bottom or the email. Otherwise, you can contact us, using the contact details below.
If you wish to raise concerns about the way we are processing your data and would like to raise an objection, then please email us via email@example.com with your concerns.
12.3. Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.
12.4. Erasure of your data (the "right to be forgotten")
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don't have any legal purpose for continuing to process your data) we will erase it from our systems.
If you wish to exercise your right to be forgotten by our services, please contact us via the contact details below.
Your right to portability allows you to request a machine-readable export of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data (this will be data available via our Customer Secure Area ( https://www.web-project.co.uk/clientarea ))
12.6. Access to your data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.
To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
Alternatively, if you are a customer, you may find the information you need by access your account on our Customer Secure Area ( https://www.web-project.co.uk/clientarea ).
13. Disclosure of information
We do not share any personal data with any third parties unless it is lawful for us to do so or if we are required by law to do so.
14. More information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner's Office website: https://ico.org.uk
15. How to contact us
WebProject, 9 Orchard Road, Steveage, Hertfordshire SG1 3HD
Tel: +44 (0) 2034 328891
Fax: +44 (0) 2036 032006
17. Version Control
Version 2.1 (Last edited 27/04/2018)