we gather:

• traffic data about systems and browsers (i.e. network addresses, and types of systems and brokers) through Google Analytics (more details here)
• preferences for the EU cookie banner, mobile view, Captcha completion and a random traffic tracking cookie through the Jetpack application within WordPress (more details here)
• cookie tracking for email engagement from Hubspot (more details here)
• contact information (i.e. title/forename/surname, email address) through enquiries via the ‘contact us’ page (via WordPress), our tools (governed by the terms and conditions of the operating system used) and through our professional activities with clients (i.e. title/forename/surname, email address, phone numbers) (processed within the Microsoft Office 365 Cloud system and various operating systems used by staff
• special category personal data through employment activities and undertaking applications for security clearances.

we use:

• information from Google Analytics to determine how people use our site
• information from Jetpack to track site usage and manage customer experience (i.e. Cookie popups and Captchas)
• contact details entered from WordPress to communicate with individuals/organisations who have made an enquiry
• contact detailed within Microsoft Office 365 to undertake commercial activities related to the provision of our tools and services (e.g. managing projects and sending reports).​

Legal obligations – we will process contact details, special category data (relating to the employment of staff) and financial information in accordance with our legal obligations under:

• Anti-Terrorism, Crime and Security Act 2001

• Borders, Citizenship and Immigration Act 2009

• Bribery Act 2010

• Business Names Act 1985

• Civil Evidence (Scotland) Act 1988

• Civil Evidence Act (Northern Ireland) 1971

• Civil Evidence Act 1995

• Communications Act 2003

• Companies Act 1985

• Companies Act 1989

• Companies Act 2006

• Computer Misuse Act 1990

• Copyright and Rights in Databases Regulations 1997

• Copyright, Designs and Patents Act 1988

• Copyright, etc. and Trade Marks (Offences and Enforcement) Act 2002

• Corporate Manslaughter and Corporate Homicide Act 2007

• Counter-Terrorism Act 2008

• Criminal Evidence (Northern Ireland) Order 1988

• Criminal Justice and Immigration Act 2008

• Criminal Justice and Public Order Act 1994

• Data Protection Act 1998

• Digital Economy Act 2017

• Disability Discrimination Act 2005

• Electronic Communications Act 2000

• Employment Act 2002

• Employment Rights Act 1996

• Enterprise Act 2002

• Equality Act 2006

• Evidence Act (Northern Ireland) 1939

• Fraud Act 2006

• General Data Protection Regulation

• Human Rights Act 1998

• Income and Corporation Taxes Act 1988

• Income Tax Act 2007

• Insolvency Act 1986

• Insolvency Act 2000

• Latent Damage Act 1986

• Limitation Act 1980

• Obscene Publications Act 1959

• Obscene Publications Act 1964

• Police and Criminal Evidence (Northern Ireland) Order 1989

• Police and Criminal Evidence Act 1984

• Privacy and Electronic Communications (EC Directive) Regulations 2003

• Protection from Harassment Act 1997

• Protection of Freedoms Act 2012

• Race Relations Act 1976

• Regulation of Investigatory Powers Act 2000

• Sex Discrimination Act 1975

• Sex Offenders Act 1997

• Taxes Management Act 1970

• Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

• The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011

• Value Added Tax Act 1994

• Welfare Reform Act 2012

• Wireless Telegraphy Act 2006

• Work and Families Act 2006

Contract – where we have entered into a financial contract with you as a result of the sale of a product, we will process contact details and financial information to service that contract.

Consent – we will only process personal information for contact purposes, as a result of consent, when they have been provided from the contact page, or unless they have been provided to us through our applications for that specific purpose.  We use personal information provided by users within our applications for the service the user has requested.

Special conditions – we will only process special category personal data as required for employment of staff.​​

all personal information that is captured as part of the provision of our services are logged within an asset register, subject to risk assessment, application of controls and only handled/retained for the requirements stipulated in legislation, regulation and/or contractual obligation.

For clarity, applicable legal obligations are considered first, then applicable regulations,  contracts and finally consent; in all cases, the most stringent requirements shall apply to information handling and retrieval of assets and where they are captured, processed, communicated and/or stored.

All personal data is processed in alignment with:

• the GDPR 12 Steps guidance from the Information Commissioner’s Office
• the Cyber 10 steps guidance from the National Cyber Security Centre
• the OWASP top ten from the Open Web Application Security Project

We will retain all details of financial transactions for seven years, all personal contact information gathered from our commercial activities will be retained for a year after project completion (or a year after last contact). Any other personal information shall be assessed to determine if there are any other retention requirements from law, regulation and/or contractual obligations relevant to it, and these will be complied with. Where clients request it, we shall immediately securely erase any personal information in our care where the requestor is the data controller and the personal information has come from them.

you have a range of rights with regards to your personal information (detailed within https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/), if you wish to exercise these rights, then please use the contact us page.

we use:

• Microsoft for Cloud hosting of email and Sharepoint
• WordPress for website hosting
• Hubspot for customer details

We do not share any information with either of these organisations, but we do store and process personal data using these services.  We do not engage either organisation as a data processor for your personal data. We will share information as required by law with government agencies, in accordance with those statutes.

we do not knowingly use any service or system that processes personal information outside of the European Economic Area (EEA). We take all reasonable steps to ensure that processing of personal information occurs within this zone.

we do not provide information society services or services for children. As such, we do not take specific measures for children, although this privacy notice is designed to be understood by a child over the age of 13 years of age.