Privacy
How we look after your privacy and the information we collect.
Our Privacy Policy
Mind’s Eye Design Ltd is committed to respecting and protecting your privacy.
Our Privacy Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
We may update this Privacy Policy from time to time so please check frequently to ensure you’re happy with any changes. By using our services, including this website, you’re agreeing to be bound by our this, and future updates to our Privacy Policy.
Any questions regarding our Privacy Policy and our privacy practices should be sent by email to Christopher Halls via our Contact page.
Date: 24th May 2018
Next Review Date: 25th May 2019
Author: Christopher Halls
Links to sections on this page
1. Who are we?
We are Mind’s Eye Design Ltd, a company providing website design, web development, graphic design, branding and photography services to clients in the UK and abroad.
Mind’s Eye Design Ltd is a company limited by guarantee, registered in England & Wales, number 04587959.
Our registered address is 4 Further Field, Staplehurst, Tonbridge, Kent TN12 0SX United Kingdom. Please, do not send any post to our registered office.
Our actual office address and contact details can be found here: https://mindseyedesign.co.uk/contact/.
2. How do we collect information from you?
We collect information about you when you correspond with us via contact forms on this website or via phone, SMS, email, social media or otherwise. This includes but is not limited to enquiries about products, general enquiries, services, support requests, ongoing projects and blog comments.
If you are perusing this website, depending on the Cookie Settings you apply, we may collect anonymised analytics data using Google Analytics. Unlike others we also anonymise your IP address for further privacy. Please see Section 5 below regarding our use of cookies.
3. The information we collect & how it's used?
The information we collect allows us to fulfil our obligations to our clients, respond to business enquiries and build a better website for your needs. The ‘Accordion’ tables in section 3.3 outline what information we collect and for what purpose.
The types of data we collect or collect through 3rd parties, may include but is not limited to: email address, Cookies, usage data, first name, last name, mobile and landline phone numbers, VAT number, company name, address, country, state, province, ZIP/Postal code, various types of data, username, password, tax ID, fax number, city, number of employees, user ID, user password, website, billing address, house number, prefix and data relating to the point of sale.
Subjects are responsible for any third-party data supplied, obtained, published or shared via Mind’s Eye Design Ltd and confirm that they have the third party’s consent to provide the data to us.
3.0 Sensitive data
We do not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us.
3.1 Children
Our services are not directed to children under the age of 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.
3.2 Our use of 3rd parties
We do not sell or rent any personal data we have collected to 3rd parties.
We may share collected data with:
- 3rd party service providers who we engage for the purpose of completing tasks and providing services.
For example, we may provide contact details to a VA or a web development company to help us complete the work requested. We only disclose the information necessary to deliver the service requested. - 3rd party services, such as, but not limited to project management tools, accounting systems, website hosting providers, website management services, printers, accountants, cloud sharing and backup service providers.
For example, we use Backblaze as a data backup service.
We will share collected data:
- In the event we sell any business or assets, in which case we will disclose personal data associated with the business or assets to the buyer.
- If our business, or substantially all of our assets are acquired by a 3rd party, in which case personal data held by us about our clients will be one of the transferred assets.
- If we have to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements.
- To protect our rights, property or safety, or those of our clients or others.
The data we collect is processed at our offices and in any other places where our staff or 3rd parties involved in the processing are located, including outside the European Union.
Depending on your location, your data may be transferred to a country other than your own. We have endeavoured to verify that our 3rd party processors are GDPR compliant (or are working towards GDPR compliance), are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU. If you have any questions or concerns, contact us via our Contact page.
3.3 Details
The ‘Accordion’ tables below outline the data we collect, and for what purpose. The tables also outline the 3rd parties processors who process the data and how long the data is stored for. Click titles for details.
What
Website visitor behaviour (anonymised on collection – full IP address is NOT stored).
Legal Ground
Legitimate interests
Purpose
To analyse use of website and visitor statistics etc, so we can further improve our services.
Where
Google Analytics: We have signed EU model contract clauses & anonymise IP addresses.
Data Retention
14 months. NB: no personal data is collected.
What
Name, pseudonym, email address, website and any data left in Subject’s comments. Note: IP address is not collected.
Legal Ground
Legitimate interests.
Purpose
To allow website users to comment on and discuss blog posts or ask questions etc.
Where
Website database on SiteGround.
Data Retention
Until a request for deletion. To maintain the flow of conversation comments may not be deleted on request, but all personally identifying information will be removed.
What
Client project files such as images and text etc.
Legal Ground
Contract
Purpose
To ensure we have copies of client projects in the event of hardware failure, destruction or theft.
Where
Amazon AWS – Data files are encrypted before transfer and stored using AES 256-bit encryption.
Backblaze – Data files are encrypted before transfer and stored using AES 256-bit encryption.
DropBox – Data files are encrypted before transfer and stored using AES 256-bit encryption.
Data Retention
Until a request for deletion.
What
Completed projects and quotes.
Legal Ground
Legitimate interests
Purpose
So we can access files if required by client, for our records or for legal reasons in the future.
Where
All project files are individually AES 256 encrypted, stored, hidden and backed up on external AES 256 encrypted hard drives.
Data Retention
Indefinitely for project records and legal purposes or until request for deletion. Note that not all projects are stored indefinitely.
What
All data relating to client and client’s current projects.
Legal Ground
Contract
Purpose
Data is AES 256 encrypted and duplicated to two different Cloud storage services to protect against hardware failure, ongoing reference and project security.
Where
Apple Inc. – iCloud
DropBox
Data Retention
Indefinitely or until cessation of contract/business activities or request for deletion or archived as a completed project. Note that not all projects are stored indefinitely.
What
Including but not limited to name, email, address and telephone number.
Legal Ground
Contract
Purpose
To enable registration and re-registration of domain name(s) on client’s behalf.
Where
1and1 Ionos
123Reg
Kualo
Data Retention
Until a request for de-registration or transfer of domain name to their own registrar.
What
Any data sent to us by email via our website contact forms, social media accounts, apps or otherwise.
Legal Ground
Legitimate interests
Purpose
To allow initial and ongoing contact with prospects, clients, suppliers, etc.
Where
Google Mail. We have signed EU model contract clauses.
Data Retention
We retain data for current clients for as long as they remain active or until a request for deletion is received.
If you cease to become a client, we will anonymise, copy, encrypt and backup to an encrypted external drive, any data that may be useful should you decide to re-activate your working relationship with us. No personal, domain registration, hosting account or website access data is kept.
Who
Accountants, printers, IT support, couriers, virtual assistants and other service providers required to run Mind’s Eye Design Ltd.
What
Data we collect, store and share within our business or with our 3rd party suppliers may include, but is not limited to: email address, first name, last name, phone number, VAT number, company name, address, country, state, town/city, province/county, ZIP/postal code, various types of data, invoices, usernames, passwords, tax ID, fax number, user ID, user password, website address, house number etc.
Legal Grounds
Depending on the use: Contract and Legal Obligation.
Purpose
From delivering product to a Subject’s address or having our accounts completed or programming a bespoke plugin or using a VA to help run a social media marketing campaign.
Where
Accountant – Seal & Associates Ltd
Printer – Varies
Courier – Varies
Virtual assistant – UK based – Varies
IT support – EU based – Varies
Data Retention
Accounts are kept for a minimum of six years. All other 3rd parties are requested to delete data supplied once the project or service has been completed.
What
Name, address, email, mobile and telephone number.
Legal Ground
Legal obligation
Purpose
For sending quotations, invoicing and keeping records.
Where
In house website
Clients have their own account for viewing invoice history and also to store their credit card details for repeat invoices. We do not have access to credit card details.
Data Retention
Indefinitely (minimum of six years), for on-going invoicing and accounting records.
What
Including but not limited to name, address, telephone number and log-in details for various services, including hosting and domain registration.
Legal Ground
Contract
Purpose
Provide AES 256 encryption for sensitive data in order to provide support services.
Where
1Password
Data Retention
Until cessation of contract/business activities.
What
IP address.
Legal Ground
Legal obligation
Purpose
To help prevent DoS (Denial of Service) attacks; for website security and diagnostics.
Where
WebMate – Server located in the UK (London).
Data Retention
Server logs are stored until the end of the month and then deleted to make way for the next month.
What
Client email address and login access to website admin area. Offsite website backups.
Legal Ground
Contract
Purpose
To provide website maintenance, backup services and email customer reports.
Where
ManageWP – Offsite website backups to Amazon AWS in Europe.
Data Retention
Until a request for account deletion / cessation of website care contract.
What
Including but not limited to name, email, address, telephone number, hosting account details and website admin details.
Legal Ground
Contract
Purpose
To provide website hosting and email account services.
Where
Webmate – Server located in the UK (London).
Data Retention
Until request for account deletion / cessation of hosting contract.
What
Including but not limited to name, telephone numbers, address, email address, notes and address based location.
Legal Ground
Legitimate interests
Purpose
To allow us to maintain communication with clients about their services.
Where
Apple Inc.
Office computers and mobile hardware.
Data Retention
On our computers and mobile hardware until cessation of contract/business activities or request for deletion.
What
Some of the content you interact with on this website is hosted on external platforms. These platforms might use Cookies and collect web traffic data for the content we display, even if you do not use the platforms themselves.
Legal Ground
Legitimate interests
Purpose
Allows us to incorporate the content from these platforms on this website.
Where
YouTube – Videos
Wistia – Videos
Google – Fonts
Google – Maps
Google reCAPTCHA – Anti-spam form filter
Buzzsprout – Podcasts
Data Retention
Please refer to the individual platform’s Privacy Policies.
What
Name, address, email, telephone number, signature and signed contract.
Legal Ground
Contract
Purpose
Legal records
Where
Contracts are created, sent from and digitally signed on our website. Pdf copies AES 256 encrypted, stored, hidden and backed up on AES 256 encrypted drives and on our cloud storage providers who also encrypt the data.
Data Retention
Indefinitely for legal purposes.
What
Cookies placed if Subject accepts them.
Legal Ground
Legitimate interests
Purpose
If accepted, used to analyse popular content, website performance and visitor numbers etc. Helps us improve our website. Cookie settings cookie remembers Subject’s choices.
Where
Google Analytics – No personal data collected (See Analytics).
Data Retention
If Cookies accepted when Subject disables them.
What
Name and email address.
Legal Ground
Explicit consent.
Purpose
To send newsletters to Subjects who have consented to receive them.
Where
MailChimp
Data Retention
Subjects may unsubscribe at any time.
What
The 3rd parties we use may collect, but not be limited to, name, address, email, credit/debit card and payment information. We receive paper account statements from Bank of Scotland for our records.
Legal Ground
Legal obligation
Purpose
For collecting payments, banking and accounting purposes.
Where
PayPal
Stripe
Bank of Scotland
Data Retention
Please refer to individual 3rd party privacy policies. We retain paper statements for a minimum of six years.
What
Contact information and content when supplied via a private message.
Legal Ground
Legitimate interests
Purpose
To allow us to communicate with Subject about their enquiry.
Where
FaceBook
Twitter
Instagram
Pinterest
Any personally identifiable data gathered on these platforms is in response to Subjects interacting out of their own volition. Please consult their Privacy Policies.
Data Retention
If Subject becomes a client then until cessation of contract/business activities or request for deletion. Other enquiries are deleted at the close of conversation.
What
Telephone numbers. We receive paper and digital records of calls.
Legal Ground
Legal obligation
Purpose
Telephone numbers are kept by 3rd parties for seven years or as long as required under ‘Legal Obligation’. We keep paper records for accounting purposes.
Where
123Telecom – Landline
British Telecom – Mobile
Data Retention
Indefinitely (minimum of six years), for accounting records.
What
Including but not limited to name, telephone number and message content including images.
Legal Ground
Legitimate interests
Purpose
To allow us to maintain communication with clients about their services.
Where
Apple Inc.
BT Group plc
Office mobile hardware
Data Retention
On our mobile phones until cessation of contract/business activities or request for deletion.
What
Name, voice and any details given in and for sound recording.
Legal Ground
Explicit consent.
Purpose
Content created for sharing on the internet, websites, social media platforms so we need to keep for future use.
Where
Including but not limited to:
Skype – Face-to-face messaging
FaceTime- Face-to-face messaging
BuzzSprout – Podcast host
iTunes – Podcast distribution
FaceBook – Social media platform
Twitter – Social media platform
YouTube – Video media platform
Internal office network
iDrive – 3rd party data storage
Amazon AWS – 3rd party data storage
DropBox – 3rd party data storage
Apple iCloud – 3rd party data storage
Backblaze – 3rd party data storage
Data Retention
Indefinitely.
Links to 3rd party processor privacy policies
4. Controlling your personal information
You have certain rights concerning the personal information we hold about you, as defined under the General Data Protection Regulation (GDPR).
4.0 Requesting a copy of your information
You may request a copy of the personal data we hold about you . It’s called a Subject Access Request (SAR). Upon request, we will provide a PDF file (which you may open in a program such as Adobe Acrobat) containing the personal data.
In order to make sure you are the real owner of the data you are requesting, you will need to supply identification before we can proceed with the SAR. We will then collect the personal data we hold about you and release it to you within 30 days of your request and satisfactory identification being produced.
Your first SAR is free. Subsequent requests will be chargeable.
If you wish to exercise these rights, please contact us.
4.1 Updating or correcting your information
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.
4.2 Deleting your information
You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.
4.3 Automated decision making
We do not use any personal information for automated decision making or profiling; your data is not subject to automated decision making or profiling.
5. Use of Cookies
Like many websites, this website uses Cookies. Cookies are small pieces of code that are stored on your computer or mobile device when you visit a website.
First & 3rd party cookies
First-party cookies are cookies that belong to Mind’s Eye Design Ltd, third-party cookies are cookies that another party accesses or places on your device through our website.
Third-party cookies may be placed on your device by companies providing a service for us, for example, to help us understand how our website is being used or to show a map or video. Their use of cookies and similar technologies is subject to their own privacy policies, not the Mind’s Eye Design Ltd Privacy Policy.
We may use both “Session Cookies” and “Persistent Cookies” on this website. Session Cookies are deleted from your computer when you close your browser. Persistent Cookies remain stored on your computer until deleted, or until they reach a specified expiry date.
Our Cookies do not give us access to your computer or any personal information about you.
The following list outlines the Cookies we or 3rd parties may use:
- Cookie Settings: When enabled, this cookie is used to save your Cookie Settings preferences.
- Affiliates: We recommend various services and software providers and provide links to their websites or sales pages. Each of these providers set cookies in-order to track your visit from our website and credit us with the referral to them.
- Google Analytics: Google Analytics sets cookies to help us estimate the number of visitors to the website and what content is most popular. This helps to ensure that the website is responding to your needs. When this Cookie is enabled we use the information to help us improve the site. The Cookies collect information in an anonymous form. Read more about the Google Analytics Cookie:
An explanation of Cookies & Google Analytics
Find out more about opting out of Google Analytics across all websites
Review the Google Analytics privacy & security policy
Overall, Cookies help us provide you with a better website experience and enable us to see which pages visitors find useful and which they do not.
You can choose to accept or decline Cookies in your browser too. Most web browsers automatically accept Cookies, but you can usually modify your browser settings to decline Cookies if you prefer. For example, in Google Chrome you can adjust your Cookie settings in the Preferences section.
You can enable or disable the Cookies we set on our website at any time via Cookie Settings link at the bottom of every page.
6. Security
Mind’s Eye Design Ltd takes security seriously.
This website
Security logs
The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days. Needless to say, this does not affect the majority of website visitors who browse the website, read content and look at pictures etc.
Malware & vulnerabilities
This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.
When we run a security check, ithemes.com who provide the security software, are contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to them as part of this process. Requests include our URL.
Finally, our website is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy details, please see the iThemes Privacy Policy.
Offline
In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
- Data minimisation
- Password best practice
- Password protection for devices (PCs, laptops, mobile devices), online accounts, website hosting and storage.
- Staff training and accountability on data protection
- Carrying out regular AES 256 encrypted backups
- Using Anti-virus software
7. Data breaches
A data breach is defined as an unauthorised access or release of PII (Personally Identifiable information).
Should a data breach occur and where appropriate, Mind’s Eye Design Ltd will promptly notify anyone who may be affected by the unauthorized access to their PII.
As a Data Controller, Mind’s Eye Design Ltd will notify the ICO within 72 hours of becoming aware of a PII breach.
As a data Processor, Mind’s Eye Design Ltd will notify the Data Controller as soon a we become aware of a PII breach and support them as appropriate in their obligations to report it to the ICO.
8. Complaints
If you wish to raise a complaint about how we have handled your personal information, please contact us directly and we will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
