Privacy Notice
This Privacy Policy explains how Net-sites (net-sites.co.uk), a trading style of Schafer Partnership Ltd (Reg. in England & Wales No. 08969942), collects, uses, shares, and protects personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR). We are committed to safeguarding the privacy and security of personal information collected by us in the course of providing our administrative, marketing and hosting services, and only using such personal data in ways that are consistent with our obligations and your rights under the law.
1. Information About Us
- Net-Sites, registered with the Information Commissioner’s Office (ICO No. ZA202168), acts as the data controller responsible for the processing of personal data collected through the provision of our services. If you have any questions or concerns regarding the processing of your personal data, please contact us using the details provided at the end of this policy.
2. Legal Basis for Processing
- Data Protection Legislation states that we must always have a lawful basis for using personal data. We process personal data based on one or more of the following legal bases:
- Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
- Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
- Compliance with Legal Obligations: Processing is necessary for compliance with a legal obligation to which we are subject.
- Consent: Processing is based on your consent, which you may withdraw at any time.
3. Information We Collect
- Depending upon which of our services are used, we collect and process various types of information, including personal data, for the following purposes:
- Contact information (such as your name, job title/profession, email address, and phone number) to communicate with you regarding our services, schedule meetings, and other administrative activities.
- Business information (such as business name, business address, website/social media addresses, phone numbers and email addresses, as well as publicly available online information) to tailor our services to your requirements.
4. Use of Information
- We use the information we collect for the following purposes:
- To provide administrative, marketing and web hosting services and fulfil our contractual obligations towards individuals, businesses and/or other organisations to whom we deliver these services.
- To communicate with individuals, businesses and/or other organisations who are clients regarding projects, meetings, updates and reports.
- To comply with legal and regulatory requirements, such as record-keeping, managing payments, and employment regulations where applicable.
- To improve our services, develop new services, tailoring our services to client requirements.
5. Sharing of Information
- We may share personal information in the following instances:
- If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.
- In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government or legal authority.
- We may share your personal data with other companies when we contract with these third parties to supply services to us, e.g. email marketing platforms, administrative support, payment processors to pursue debts or unpaid fees.
- If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
- If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation.
- We do not sell or rent personal information to third parties for marketing purposes.
- This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymised and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement.
6. Data Retention
- We will not retain your personal information for any longer than is necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The specific retention period for personal data may vary depending on the nature of the data and the purposes for which it is processed. The following factors will be used to determine how long your personal data is kept by us: Business requirements, Legal requirements, Regulatory requirements.
7. Data Subject Rights
- Under applicable data protection laws, you have certain rights regarding your personal data, including:
- Right of Access: You have the right to request access to your personal data and information about how it is processed.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
- Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
- Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
- Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.
- Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw your consent at any time.
- To exercise any of these rights, or if you have any questions or concerns about the processing of your personal data, please contact us using the details provided at the end of this policy.
8. Data Security
- The security of your personal data is essential to us. We implement appropriate technical measures and adopt relevant policies and processes, as an organisation, in order to protect the security and confidentiality of personal information. These measures include access controls (e.g. secure passwords), encryption, 2-factor authentication, and security assessments. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
- In providing our services to businesses we do not collect any ‘special category’ or ‘sensitive’ personal data.
- In the event that there was to be any data breach of any kind (either suspected or known), we will undertake to:
- Immediately take action to assess and mitigate the extent of any such breach.
- Take steps to promptly assess what data has been, or may have been, compromised.
- Inform data subjects of the data breach, using clear and jargon-free language, and also the Information Commissioner’s Office where we are legally required to do so.
- Take any measures that may be necessary in order to prevent compromised data being used by an unauthorised third party (e.g. recommending to data subjects that they change passwords that may have been compromised).
- Where appropriate, we will keep data subjects informed of any change to the level of risk we assess exists as a result of any such breach.
- We will usually only store or transfer your personal data within the UK or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law. However, then we use a third party data processor contracted to perform marketing functions, like Mailchimp, they may transfer and process data outside of the EU. In such cases they have agreed to provide an adequate level of protection for any data processed, in line & accordance with the requirements of EU Data Protection Regulations.
9. How Can I Access My Personal Data?
- If you wish to obtain a copy of any personal data we hold about you, you can ask us for details of it (where any such personal data is held) – it is your legal right. This is known as a “subject access request”.
- We request that all subject access requests be made in writing /by email if possible.
- There is not normally any charge for a subject access request. However, if your request is ‘manifestly unfounded or excessive’ (for example, if you make repeated requests for the same data) a fee may be charged to cover any administrative costs in responding.
- We will respond to any subject access request within 30 days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed if additional time is required.
- Please be aware that to protect your personal data, we will ask you to verify your identity before we release any information. We may refuse your request if we are unable to confirm your identity satisfactorily.
10. How Do You Make A Complaint To The Regulator?
- By writing to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF - By telephoning: 0303 123 1113
- By using their website: https://ico.org.uk/make-a-complaint
11. Changes to this Privacy Policy
- We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on our website. We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us
- If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data subject rights, please contact us at:
- Email address: info@net-sites.co.uk
- Telephone: 01225 240158
- Website: www.net-sites.co.uk