Privacy

How we look after your privacy and the information we collect.

Our Privacy Policy

Mind’s Eye Design Ltd is committed to respecting and protecting your privacy.

Our Privacy Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.

We may update this Privacy Policy from time to time so please check frequently to ensure you’re happy with any changes. By using our services, including this website, you’re agreeing to be bound by our this, and future updates to our Privacy Policy.

Any questions regarding our Privacy Policy and our privacy practices should be sent by email to Christopher Halls via our Contact page.

Date: 24th May 2018
Next Review Date: 25th May 2019
Author: Christopher Halls

1. Who are we?

We are Mind’s Eye Design Ltd, a company providing website design, web development, graphic design, branding and photography services to clients in the UK and abroad.

Mind’s Eye Design Ltd is a company limited by guarantee, registered in England & Wales, number 04587959.

Our registered address is 4 Further Field, Staplehurst, Tonbridge, Kent TN12 0SX United Kingdom. Please, do not send any post to our registered office.

Our actual office address and contact details can be found here: https://mindseyedesign.co.uk/contact/.

2. How do we collect information from you?

We collect information about you when you correspond with us via contact forms on this website or via phone, SMS, email, social media or otherwise. This includes but is not limited to enquiries about products, general enquiries, services, support requests, ongoing projects and blog comments.

If you are perusing this website, depending on the Cookie Settings you apply, we may collect anonymised analytics data using Google Analytics. Unlike others we also anonymise your IP address for further privacy. Please see Section 5 below regarding our use of cookies.

3. The information we collect & how it's used?

The information we collect allows us to fulfil our obligations to our clients, respond to business enquiries and build a better website for your needs. The ‘Accordion’ tables in section 3.3 outline what information we collect and for what purpose.

The types of data we collect or collect through 3rd parties, may include but is not limited to: email address, Cookies, usage data, first name, last name, mobile and landline phone numbers, VAT number, company name, address, country, state, province, ZIP/Postal code, various types of data, username, password, tax ID, fax number, city, number of employees, user ID, user password, website, billing address, house number, prefix and data relating to the point of sale.

Subjects are responsible for any third-party data supplied, obtained, published or shared via Mind’s Eye Design Ltd and confirm that they have the third party’s consent to provide the data to us.

3.0 Sensitive data

We do not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us.

3.1 Children

Our services are not directed to children under the age of 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

3.2 Our use of 3rd parties

We do not sell or rent any personal data we have collected to 3rd parties.

We may share collected data with:

  • 3rd party service providers who we engage for the purpose of completing tasks and providing services.
    For example, we may provide contact details to a VA or a web development company to help us complete the work requested. We only disclose the information necessary to deliver the service requested.
  • 3rd party services, such as, but not limited to project management tools, accounting systems, website hosting providers, website management services, printers, accountants, cloud sharing and backup service providers.
    For example, we use Freshbooks for invoicing and Trello for project management.

We will share collected data:

  • In the event we sell any business or assets, in which case we will disclose personal data associated with the business or assets to the buyer.
  • If our business, or substantially all of our assets are acquired by a 3rd party, in which case personal data held by us about our clients will be one of the transferred assets.
  • If we have to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements.
  • To protect our rights, property or safety, or those of our clients or others.

The data we collect is processed at our offices and in any other places where our staff or 3rd parties involved in the processing are located, including outside the European Union.

Depending on your location, your data may be transferred to a country other than your own. We have endeavoured to verify that our 3rd party processors are GDPR compliant (or are working towards GDPR compliance), are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU. If you have any questions or concerns, contact us via our Contact page.

3.3 Details

The ‘Accordion’ tables below outline the data we collect, and for what purpose. The tables also outline the 3rd parties processors who process the data and how long the data is stored for. Click titles for details.

What

Website visitor behaviour (anonymised on collection – full IP address is NOT stored).

Legal Ground

Legitimate interests

Purpose

To analyse use of website and visitor statistics etc, so we can further improve our services.

Where

Google Analytics: We have signed EU model contract clauses & anonymise IP addresses.

Data Retention

14 months. NB: no personal data is collected.

What

Name, pseudonym, email address, website and any data left in Subject’s comments. Note: IP address is not collected.

Legal Ground

Legitimate interests.

Purpose

To allow website users to comment on and discuss blog posts or ask questions etc.

Where

Website database on SiteGround.

Data Retention

Until a request for deletion. To maintain the flow of conversation comments may not be deleted on request, but all personally identifying information will be removed.

What

Client project files such as images and text etc.

Legal Ground

Contract

Purpose

To ensure we have copies of client projects in the event of hardware failure, destruction or theft.

Where

iDrive – Data files are encrypted before transfer and stored using AES 256-bit encryption.
Amazon AWS – Data files are encrypted before transfer and stored using AES 256-bit encryption. 

Data Retention

Until request for deletion.

What

Completed projects and quotes.

Legal Ground

Legitimate interests

Purpose

So we can access files if required by client, for our records or for legal reasons in the future.

Where

All project files are individually AES 256 encrypted, stored, hidden and backed up on external AES 256 encrypted hard drives.

Data Retention

Indefinitely for project records and legal purposes or until request for deletion. Note that not all projects are stored indefinitely.

What

All data relating to client and client’s current projects.

Legal Ground

Contract

Purpose

Data is AES 256 encrypted and duplicated to two different Cloud storage services to protect against hardware failure, ongoing reference and project security.

Where

Apple Inc. – iCloud
DropBox

Data Retention

Indefinitely or until cessation of contract/business activities or request for deletion or archived as a completed project. Note that not all projects are stored indefinitely.

What

Including but not limited to name, email, address and telephone number.

Legal Ground

Contract

Purpose

To enable registration and re-registration of domain name(s) on client’s behalf.

Where

1and1
123Reg
Kualo

Data Retention

Until a request for de-registration or transfer of domain name to their own registrar.

What

Any data sent to us by email via our website contact forms, social media accounts, apps or otherwise.

Legal Ground

Legitimate interests

Purpose

To allow initial and ongoing contact with prospects, clients, suppliers, etc.

Where

Google Mail. We have signed EU model contract clauses.

Data Retention

We retain data for current clients for as long as they remain active or until a request for deletion is received.

If you cease to become a client, we will anonymise, copy, encrypt and backup to an encrypted external drive, any data that may be useful should you decide to re-activate your working relationship with us. No personal, domain registration, hosting account or website access data is kept.

Who

Accountants, printers, IT support, couriers, virtual assistants and other service providers required to run Mind’s Eye Design Ltd.

What

Data we collect, store and share within our business or with our 3rd party suppliers may include, but is not limited to: email address, first name, last name, phone number, VAT number, company name, address, country, state, town city, province/county, ZIP/postal code, various types of data, invoices, usernames, passwords, tax ID, fax number, user ID, user password, website address, house number etc.

Legal Grounds

Depending on the use: Contract and Legal Obligation. 

Purpose

From delivering product to a Subject’s address or having our accounts completed or programming a bespoke plugin or using a VA to help run a social media marketing campaign.

Where

Accountant – Seal & Associates Ltd
Printer – Varies
Courier – Varies
Virtual assistant – UK based – Varies
IT support – EU based – Varies

Data Retention

Accounts are kept for a minimum of six years. All other 3rd parties are requested to delete data supplied once the project or service has been completed.

What

Name, address, email, mobile and telephone number.

Legal Ground

Legal obligation

Purpose

For sending quotations, invoicing and keeping records.

Where

FreshBooks
Clients can create their own account to view invoice history and also store their credit card details for repeat invoices. We do not have access to credit card details.

Data Retention

Indefinitely (minimum of six years), for on-going invoicing and accounting records.

What

Including but not limited to name, address, telephone number and log-in details for various services, including hosting and domain registration.

Legal Ground

Contract

Purpose

Provide AES 256 encryption for sensitive data in order to provide support services.

Where

1Password

Data Retention

Until cessation of contract/business activities.

What

IP address.

Legal Ground

Legal obligation

Purpose

To help prevent DoS (Denial of Service) attacks; for website security and diagnostics.

Where

SiteGround – Server located in the EU (Amsterdam).

Data Retention

Server logs are stored until the end of the month and then deleted to make way for the next month.

What

Client email address and login access to website admin area. Offsite website backups.

Legal Ground

Contract

Purpose

To provide website maintenance, backup services and email customer reports.

Where

ManageWP – Offsite website backups to Amazon AWS in Europe.

Data Retention

Until request for account deletion / cessation of website care contract.

What

Including but not limited to name, email, address, telephone number, hosting account details and website admin details.

Legal Ground

Contract

Purpose

To provide website hosting and email account services.

Where

SiteGround – Server located in the UK (London).

Data Retention

Until request for account deletion / cessation of hosting contract.

What

Including but not limited to name, telephone numbers, address, email address, notes and address based location.

Legal Ground

Legitimate interests

Purpose

To allow us to maintain communication with clients about their services.

Where

Apple Inc.
Office computers and mobile hardware.

Data Retention

On our computers and mobile hardware until cessation of contract/business activities or request for deletion.

What

Some of the content you interact with on this website is hosted on external platforms. These platforms might use Cookies and collect web traffic data for the content we display, even if you do not use the platforms themselves.

Legal Ground

Legitimate interests

Purpose

Allows us to incorporate the content from these platforms on this website.

Where

YouTube – Videos
Google – Fonts
Google – Maps
Google reCAPTCHA – Anti-spam form filter
Buzzsprout – Podcasts

Data Retention

Please refer to the individual platform’s Privacy Policies.

What

Name, address, email, telephone number, signature and signed contract.

Legal Ground

Contract

Purpose

Legal records

Where

Contracts are created, sent from and digitally signed on our website. Pdf copies AES 256 encrypted, stored, hidden and backed up on AES 256 encrypted drives and on our cloud storage providers who also encrypt the data.

Data Retention

Indefinitely for legal purposes.

What

Cookies placed if Subject accepts them.

Legal Ground

Legitimate interests

Purpose

If accepted, used to analyse popular content, website performance and visitor numbers etc. Helps us improve our website. Cookie settings cookie remembers Subject’s choices.

Where

Google Analytics – No personal data collected (See Analytics).

Data Retention

If Cookies accepted when Subject disables them.

What

Name and email address.

Legal Ground

Explicit consent.

Purpose

To send newsletters to Subjects who have consented to receive them.

Where

MailChimp

Data Retention

Subjects may unsubscribe at any time.

What

The 3rd parties we use may collect, but not be limited to, name, address, email, credit/debit card and payment information. We receive paper account statements from Bank of Scotland for our records.

Legal Ground

Legal obligation

Purpose

For collecting payments, banking and accounting purposes.

Where

PayPal
Stripe
Bank of Scotland

Data Retention

Please refer to individual 3rd party privacy policies. We retain paper statements for a minimum of six years.

What

Email address.

Legal Ground

Contract

Purpose

To help provide and manage client services.

Where

Trello

Data Retention

Until cessation of contract/business activities or request for deletion.

What

Contact information and content when supplied via a private message.

Legal Ground

Legitimate interests

Purpose

To allow us to communicate with Subject about their enquiry.

Where

FaceBook
Twitter
Instagram
Pinterest
Google+
Any personally identifiable data gathered on these platforms is in response to Subjects interacting out of their own volition. Please consult their Privacy Policies.

Data Retention

If Subject becomes a client then until cessation of contract/business activities or request for deletion. Other enquiries are deleted at the close of conversation.

What

Telephone numbers. We receive paper and digital records of calls.

Legal Ground

Legal obligation

Purpose

Telephone numbers are kept by 3rd parties for seven years or as long as required under ‘Legal Obligation’. We keep paper records for accounting purposes.

Where

123Telecom – Landline
British Telecom – Mobile

Data Retention

Indefinitely (minimum of six years), for accounting records.

What

Including but not limited to name, telephone number and message content including images.

Legal Ground

Legitimate interests

Purpose

To allow us to maintain communication with clients about their services.

Where

Apple Inc.
BT Group plc
Office mobile hardware

Data Retention

On our mobile phones until cessation of contract/business activities or request for deletion.

What

Name, voice and any details given in and for sound recording.

Legal Ground

Explicit consent.

Purpose

Content created for sharing on the internet, websites, social media platforms so we need to keep for future use.

Where

Including but not limited to:
Skype – Face-to-face messaging
FaceTime- Face-to-face messaging
BuzzSprout – Podcast host
iTunes – Podcast distribution
FaceBook – Social media platform
Twitter – Social media platform
YouTube – Video media platform
Google+ – Social network
Internal office network
iDrive – 3rd party data storage
Amazon AWS – 3rd party data storage
DropBox – 3rd party data storage
Apple iCloud – 3rd party data storage

Data Retention

Indefinitely.

Links to 3rd party processor privacy policies

4. Controlling your personal information

You have certain rights concerning the personal information we hold about you, as defined under the General Data Protection Regulation (GDPR).

4.0 Requesting a copy of your information

You may request a copy of the personal data we hold about you . It’s called a Subject Access Request (SAR). Upon request, we will provide a PDF file (which you may open in a program such as Adobe Acrobat) containing the personal data.

In order to make sure you are the real owner of the data you are requesting, you will need to supply identification before we can proceed with the SAR. We will then collect the personal data we hold about you and release it to you within 30 days of your request and satisfactory identification being produced.

Your first SAR is free. Subsequent requests will be chargeable.

If you wish to exercise these rights, please contact us.

4.1 Updating or correcting your information

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.

4.2 Deleting your information

You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.

4.3 Automated decision making

We do not use any personal information for automated decision making or profiling; your data is not subject to automated decision making or profiling.

5. Use of Cookies

Like many websites, this website uses Cookies. Cookies are small pieces of code that are stored on your computer or mobile device when you visit a website.

First & 3rd party cookies

First-party cookies are cookies that belong to Mind’s Eye Design Ltd, third-party cookies are cookies that another party accesses or places on your device through our website.

Third-party cookies may be placed on your device by companies providing a service for us, for example, to help us understand how our website is being used or to show a map or video. Their use of cookies and similar technologies is subject to their own privacy policies, not the Mind’s Eye Design Ltd Privacy Policy.

We may use both “Session Cookies” and “Persistent Cookies” on this website. Session Cookies are deleted from your computer when you close your browser. Persistent Cookies remain stored on your computer until deleted, or until they reach a specified expiry date.

Our Cookies do not give us access to your computer or any personal information about you.

The following list outlines the Cookies we use that you can control via Cookie Settings:

  • Cookie Settings: When enabled, this cookie is used to save your Cookie Settings preferences.
  • Google Analytics: Google Analytics sets cookies to help us estimate the number of visitors to the website and what content is most popular. This helps to ensure that the website is responding to your needs. When this Cookie is enabled we use the information to help us improve the site. The Cookies collect information in an anonymous form. Read more about the Google Analytics Cookie:

An explanation of Cookies & Google Analytics
Find out more about opting out of Google Analytics across all websites
Review the Google Analytics privacy & security policy

Overall, Cookies help us provide you with a better website experience and enable us to see which pages visitors find useful and which they do not.

You can choose to accept or decline Cookies in your browser too. Most web browsers automatically accept Cookies, but you can usually modify your browser settings to decline Cookies if you prefer. For example, in Google Chrome you can adjust your Cookie settings in the Preferences section.

You can enable or disable the Cookies we set on our website at any time via Cookie Settings link at the bottom of every page.

6. Security

Mind’s Eye Design Ltd takes security seriously.

This website

Security logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days. Needless to say, this does not affect the majority of website visitors who browse the website, read content and look at pictures etc.

Malware & vulnerabilities

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

When we run a security check, ithemes.com who provide the security software, are contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to them as part of this process. Requests include our URL.

Finally, our website is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy details, please see the iThemes Privacy Policy.

Offline

In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:

  • Data minimisation
  • Password best practice
  • Password protection for devices (PCs, laptops, mobile devices), online accounts, website hosting and storage.
  • Staff training and accountability on data protection
  • Carrying out regular AES 256 encrypted backups
  • Using Anti-virus software

7. Data breaches

A data breach is defined as an unauthorised access or release of PII (Personally Identifiable information).

Should a data breach occur and where appropriate, Mind’s Eye Design Ltd will promptly notify anyone who may be affected by the unauthorized access to their PII.

As a Data Controller, Mind’s Eye Design Ltd will notify the ICO within 72 hours of becoming aware of a PII breach.

As a data Processor,  Mind’s Eye Design Ltd will notify the Data Controller as soon a we become aware of a PII breach and support them as appropriate in their obligations to report it to the ICO.

8. Complaints

If you wish to raise a complaint about how we have handled your personal information, please contact us directly and we will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

Contact us at anytime

Just email or phone for a chat.

Our number is: 01579 559 699