1.0 Our principles regarding user privacy and data protection
- Only necessary data should be collected and processed
- We hate spam and will never sell, rent or otherwise distribute or make public your personal information
2.0 Relevant legislation
This website aims to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
3.0 Personal information that this website collects and why we collect it
How this website collects and uses personal information:
3.1 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. We utilise Google's 'Anonymise' function so that you cannot be identified by your IP address. We consider Google to be a third party data processor (see below).
3.2 Contact forms and email links
Should you choose to contact us using a contact form or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors mentioned. Instead the data will be collated into an email and sent to us.
This website may set a cookie called ASPSESSIONID which only lasts for the duration of your visit and stores no personally identifiable data.
This website also uses Google Analytics and details of the cookies set can found on Google’s developer guides. These are not enabled unless you accept them via the Cookie Control settings. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website, but may mean that other areas of the website have reduced functionality. The cookies that GA sets may include _ga, _gid, _gat, __utma, __utmb, __utmc and __utmz.
A functional cookie may be set when you accept it via the Cookie Control settings (gridcookie). This is not set until you accept it via the Cookie Control settings panel and can be enabled or disabled at any time.
Should you wish to restrict or block cookies which are set by our website you can do this through your browser settings. More information on cookies, including how to block them on a wide variety of browsers can be found at All About Cookies. Please be aware that restricting cookies may impact on the functionality of this website.
3.4 Server logs
As with most other web servers, when you access these web pages certain information may automatically be recorded. This could include your IP address, browser type, and information relating to the page you last visited. This information may be used in the event of a breach of security to aid detection.
4.0 How we store personal information
We store contact information when you contact us or when you employ us to undertake some work for you. This could be stored in the form of emails, email address books or printed pages. If you wish your data to be removed at any time (or if you would like a copy of the information we hold), please email Labrys Multimedia giving your name and email address. Please be aware that some information may need to be retained to comply with relevant tax/accounting legislation.
4.1 Our role as a Data Processor
If you employ us to build a website for you, we may have access to, and facilitate the processing of, your client/customer data. As a 'Data Processor' we will not be ultimately responsible for making the key decisions about the personal data, but will only be processing the data under the direct, or implied, instructions of the Data Controller (you).
In terms of security we will take reasonable measures to ensure that your, and your client/customer data is safeguarded. These include
- Using hosting companies that take security seriously and have their own data protection policies.
- Performing regular scanning of devices for viruses and malware.
- Moving backups to a password protected, offline device as soon as feasibly possible.
- Password protecting or encrypting sensitive information where necessary.
- Periodically reviewing stored data and deleting unnecessary data where necessary/feasible.
- Installing security plugins to Wordpress based websites (where feasible) to assist in the protection of website data.
- We will only act on the written instructions of the controller (unless required by law to act without such instructions). This will usually be in the form of an email discussion/confirmation.
- We will ensure that people processing the data are subject to a duty of confidence.
- We will take appropriate measures to ensure the security of processing.
- We will only engage a sub-processor with the prior consent of the data controller.
- We will assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
- We will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments. This will be limited to the scope of the website and will not include your own internal systems, storage and processing of data.
- If requested, we will delete or return all personal data to the controller that we are able to, at the end of the contract.
5.0 Our third party data processors
We employ a third party to process personal data on our behalf.
6.0 Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.