Rosiest Design is committed to protecting your personal data, and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).
Who’s responsible for data we collect?
Rosiest Design is a Data Controller under the GDPR. Rosiest Design’s Data Protection Officer is Rosemary Galton who can be contacted at firstname.lastname@example.org.
What data do we collect and what do we use it for?
– Website visitors
We do not collect any data (e.g. cookies) about anonymous website visitors.
– Prospective clients
If you contact us through the contact form we collect your name, phone number and email address as volunteered by you. We collect copies of email exchanges, and notes of telephone calls or in-person meetings, in connection with your enquiry. This data will only be stored on a password-protected computer or secure email client.
– Paying clients
If required by the nature of the work undertaken, we may collect information about accounts you hold elsewhere, such as hosting providers and domain registrars. Sensitive data such as passwords are securely stored using a password manager.
We may collect feedback or testimonials that you choose to give us, and will publish these only with your permission.
Do we share your data with anyone else?
We will never pass your details on to third parties for marketing purposes.
We sometimes use third party services to process your data (e.g. Google Drive or Dropbox). We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR.
Are there special measures for children’s data?
We do not knowingly collect or store any personal data about children under the age of 13.
How can you update your data?
You can contact us at any time at email@example.com to update or correct the data we hold on you.
How long we will hold your data?
We will store your data for as long as necessary for the purpose of processing. The data may be deleted in the following circumstances:
- You have withdrawn your consent to data processing
- The original purpose for processing the data is no longer relevant or cannot be performed any more
- The data is no longer up to date or accurate
What rights do you have?
Under the GDPR, you have the right to:
- be informed about what data we are collecting on you and how we will use it
- access – you can ask to see the data we hold on you
- rectification – you can ask that we update or correct your data
- object – you can ask that we stop using your data for a particular purpose
- erasure – you can ask us to delete the data we hold on you
- restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making, including profiling.
To revise your consent, access, amend or remove your records or assert any of your rights set out above, you should send your request in writing to us by email at firstname.lastname@example.org.
You can find out more about your rights on the Information Commissioner’s Office website.
What will we do if anything changes?
If we change our privacy statements or processes, we will post the changes here. If changes are significant, we may also choose to email individuals affected with the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made.