Cazinc Ltd (“Cazinc Digital”, “Cazinc”, “we”) respects your privacy as a visitor to our website and as one of our clients, and recognises the need for transparency with regard to what information we collect and the importance of providing tools designed to help you manage your personal information — in fact we often build these tools for our clients. This policy sets out what personal information we collect and how we use it.
Yes, we are a Data Controller
We are a data controller for the purposes of data protection legislation such as the GDPR in respect of the personal information that we hold about you and, if applicable, your clients. If you have any questions, comments or requests regarding your personal information you can contact us by post at FAO Data Protection Officer, 13/1 Spottiswoode Road, Edinburgh, EH9 1BH, by email at info AT cazinc.co.uk or by ringing us on 0131 202 6499.
If you are unhappy with how we handle your personal information, you can contact us and / or notify the Information Commissioner’s Office (ICO) by calling their helpline on 0303 123 1113.
“Personal information” relates to a living individual who can be identified from that information, either by that single piece of information or by combining it with another piece of information that we hold or might hold in the future. Personal information could include things like your name, address, email address or internet protocol (IP) address. For the purposes of our working relationship with you, this may also include details of your employment and organisation.
How and why we collect your personal information
The type of personal information we collect depends on the relationship that you have with us.
1) If you or your organisation is currently a client of Cazinc Digital or were previously a client of Cazinc Digital:
|INFORMATION||WHY WE COLLECT IT||LEGAL BASIS|
|Information you provide to us: We collect personal information when you become a client of ours and during the course of your working relationship with us. This includes your name, organisation, details of others within your organisation, job titles, bank details and contact details.||We collect this information to provide you with our development, consultancy and other services and for our internal purposes of managing your relationship with us, such as invoicing and VAT reporting.||We collect this information on the basis that it is necessary to fulfil our contractual obligations to you.|
|Retention of your information|
|Information you provide to us:||We will retain your personal information for the duration of your relationship with us. Following termination of your relationship with us, we will consider you a “stakeholder” and will retain your information on the basis of ours and your legitimate interests to allow us to continue to contact you as set out in the table below.As a stakeholder and according to GDPR and ICO requirements we will retain your personal information for up to 6 years following the termination of your relationship with us. This may include records of services rendered, email and other correspondence, invoices, project data including any digital files provided by you to us and other information created during the provision of services to you, but typically does not include full copies of your website and/or backups of the website.|
|Information we collect about you:||For details of how long we keep this information please see the Cookies section below.|
2) if you are not currently a client of Cazinc Digital but have used our website or receive emails from us:
|INFORMATION||WHY WE COLLECT IT||LEGAL BASIS|
|Information you provide to us: We collect personal information which you give to us. This may be for example when we meet you at an event or when you contact us by phone or email. This includes your name, email address and contact details.||We collect this information in order to contact you by email, phone or post about our latest news, events and services.We do not (as of 7 February 2018) send out any form of regular correspondence such as a newsletter.||If you work for a corporate body and give us the email address provided by your employer e.g. email@example.com, we will process this information on the basis of our and your legitimate interests, our interests being that we wish to share our news and details of our services with you.If you provide us with a personal email address e.g. firstname.lastname@example.org, we will only process this information where you have provided us with your consent to do so.
If you provide us with your phone number or postal address, we may contact you by phone or post on the basis of our legitimate interests being that we wish to share our news and details of our services with you.
Each time we contact you, we will provide you with the option to opt out of receiving further correspondence of this nature from us.
|Retention of your information|
|Information you provide to us:||Where you have provided us with consent to process your information, we will retain this information for a period of 24 months after which time we will ask you to renew your consent to allow us to continue processing your information.Where we process your information on the basis of ours and your legitimate interests, we will retain this information until you ask us not to you. As noted above, we will give you the option to “opt out” when we contact you.|
|Information we collect about you:||For details of how long we keep this information please the Cookies section below.|
Your duty to inform us of changes
It is important that the personal data we hold about you and/or your clients is accurate and current. Please keep us informed if any personal data changes during your relationship with us.
Disclosure of personal information
We share your personal information with the following third parties:
- Google – we use the Google services Gmail, Google Groups, Google Drive and Shared Contacts for Gmail – our email service, storage of contact details and data storage are hosted by Google. Personal information which is transmitted to or by us by email will therefore be hosted by Google.
- Backblaze – Backblaze provide data backup services and are used to backup our physical data processing devices.
- FastMail – we use FastMail’s email services for cazinc.co.uk
- DigitalOcean – we use Digital Ocean’s virtual hosting services for hosting of our client’s websites and for hosting our development platform, as well as for backup of our physical data processing devices in some cases.
- Apple – some of the mobile devices used by our staff and contractors are backed up to Apple’s iCloud service.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Please note that the above list of third parties may be incomplete or may change at any time without prior notice, depending on the requirements of a specific project and/or other business needs. We will always do our best to keep this list up-to-date however.
Where we store your information
The information we collect from you may be stored inside the UK, the European Economic Area (“EEA”) or outside the EEA.
If you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to correspond with you. Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
We also transfer data outside the UK or the EEA where our service providers host, process, or store data outside the UK or the EEA. Where we do this, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The country to which the personal data will be transferred has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to non-EU countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Your rights and your personal data
You have certain rights under data protection legislation which can be exercised by contacting us at: FAO Data Protection Officer, 13/1 Spottiswoode Road, Edinburgh, EH9 1BH, by email at info AT cazinc.co.uk or by ringing us on 0131 202 6499, including:
- the right to access the personal data held about you by making a subject access request in accordance with data protection legislation;
- the right to have your personal data rectified if it is inaccurate or incomplete;
- the right to request to have your personal data deleted in certain specific circumstances;
- the right to request to restrict the processing of your personal data in certain specific circumstances;
- the right to ask us not to process your personal data for marketing purposes or for purposes based on our legitimate interests;
- the right to ask us to not undergo automated decision making;
- the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
- where you have provided consent, to request to withdraw such consent at any time.
There are some exceptions to the above rights that are permitted under the data protection legislation. Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to provide you with a full service.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may update this Privacy Notice & Disclaimer from time to time to reflect changes in the law, best practice or a change in how we treat personal information. If you do not agree with the changes, you can choose to no longer use our website or remain as our client. You should check this page frequently for updates. This notice was last updated.
Disclaimer of Liability
The content of all pages on this website is Copyright © Cazinc Digital unless otherwise noted. Reproduction is prohibited other than in accordance with the following full notice of copyright and limited reproduction permissions.
This web site contains links to web sites operated by parties other than Cazinc Digital (“Third Party Web Sites”). These links are provided for your convenience only. When you activate one of them, you leave the Cazinc web site, and Cazinc has no control over, and will accept no responsibility or liability in respect of, material on any web site that is not under the control of Cazinc Digital. The inclusion of links to Third Party Web Sites does not imply any endorsement of the material on them or any association with their operators. Cazinc Digital is not responsible for the privacy or data protection practices of Third Party Web sites. By following a link from this web site to a Third Party Web Site you may be supplying data directly to a third party.
If you believe copyrighted material exists on this site that has not been correctly noted, please contact us.