Use of private information policy (GDPR)
Last updated: 5 May 2022
Summary
We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.
Why we value your privacy
We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We’re uncomfortable with the information companies, governments, and other organisations keep on file, so we ask for only the bare minimum from our customers. We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by law.
How we collect information
• We ask for contact information including your name, company name if applicable, email address, and phone number, on our website so that we can reply to your enquiry.
• Our website uses anonymous analytics to track your use of our site in order to improve it.
• We collect your name and email address when you sign up to our marketing or for our newsletters.
• We ask for your company/organisation details and contact information when you buy or contract something from us.
• Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you were to give it to us directly.
What information we hold
• When you contact us by email or through our website, we may receive and collect your name, email address, phone number, a social media username, and the company you work for.
• If you sign up for marketing and/or a newsletter with us, we only collect your name and email address.
• When you purchase a service from us, we may receive and collect your name, email address, domain name if applicable, company name if applicable, phone number, company/billing address, and a shipping address if required.
• If you do business with us, we also collect your business details, and keep records of the invoices we send you and the payments you make to us.
• All online purchases with us are processed by Stripe, GoCardless, PayPal, Dell Ecommerce, Apple Ecommerce – our payment gateway providers. We do not store your payment information.
Where we store your information
When you contact us by email or through our website, we store your information in HubSpot, our Customer Relationship Management (CRM) platform. If you sign up for a newsletter, we store your information in Mailchimp, our Electronic Direct Mail (EDM) platform. When you make a payment to us online, your information is processed by Stripe, GoCardless, PayPal, Dell Ecommerce, Apple Ecommerce – our payment gateway providers. And if we do business, we store your information in our accounts platform, Xero. We chose all these platforms partly for their commitment to security.
What we use your information for
We occasionally use your contact information to send you details of our products and services. When we do, you have the option to unsubscribe from these communications and we won’t send them to you again. We might also email or phone you about our products and services, but if you tell us not to do so, we won’t get in touch again. We will use your information to send you invoices, statements, and/or reminders about your active products and services with us.
Who’s responsible for your information at our company
Malcolm Woolliams, our Director and Data Protection Officer, is responsible for the security of your information. You can contact them by email at [email protected] or send a clearly labelled letter to our registered company address.
Who has access to information about you
When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided. Individual employees have access to only what they need to do their job.
The steps we take to keep your information private
Where we store your information in third-party services, we restrict access only to people who need it. We store passwords in an encrypted database. We use different randomly generated passwords for each service, and never use the same password twice. We implement Multi Factor Authentication (MFA) for all our internal platforms and services, with at least a two stage login process (some have a four stage login process).
The computers we use are all encrypted using FileVault (Mac) or BitLocker (Windows) or ESET Endpoint Encryption (Windows), and are protected by a strong password and/or biometric access. These computers ask for authentication whenever they’re started or after five minutes of inactivity. Our mobile devices are also protected by a strong PIN and/or biometric access.
How to complain
We take complaints very seriously. If you’ve any reason to complain about the ways in which we handle your privacy, please contact us by email at [email protected] or send a clearly labelled letter to our registered company address.
Changes to the policy
If we change the contents of this policy, those changes will become effective the moment we publish them on our website at directionforward.com/privacy.