Our website address is: http://www.complete-design.co.uk
Complete Design Limted is designated as a data controller and a data processor.
What is a data controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
What is a data processor?
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
What is data processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
We collect your personal data. When we say your “personal data” we mean any information that identifies any person, that you provide to us or that is contained in any other information that you provide to us, or that you authorise a third party to give to us on your behalf.
Personal data relates to any information about a natural person that makes that person identifiable, which may include (but is not limited to):
Sensitive personal data
We do not collect or process sensitive personal data, as defined under GDPR, for example:
Children under the age of sixteen
We do not knowingly collect or solicit any personal data from anyone under the age of sixteen. In the event that we learn that we have collected personal data from a child under the age of sixteen without verification of parental consent, we will delete that information as quickly as possible.
Credit and debit card details
We do not accept payment by credit or debit card so we will neither collect nor store any credit or debit card details from you.
We may receive your personal data via email from you. Emails are sent normally over the internet and this can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems.
Via telephone or face-to-face meeting
If we receive personal data from you via non-electronic means we will ensure that the data is transferred to electronic storage as soon as possible.
Via our website
Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. You can set your browser not to accept cookies. For more information visit www.aboutcookies.org or www.allaboutcookies.org.
Analytics (ie. monitoring how our website is used)
An IP (or Internet Protocol) address is a unique numerical address assigned to a computer as it logs on to the internet. Your IP address is logged when visiting our website, but our Analytics software only uses this information to track how many visitors we have from particular regions.
Via internet-based advertising
If we choose to use internet-based advertising, for example Linkedin, Facebook or Twitter advertising services, we will install tracking codes on our website so that we can manage the effectiveness of these campaigns. We will not store any personal data within this type of tracking. At present, we do not use internet-based advertising.
We use your personal data to provide the services you have requested from us. We will only use your data subject to your instructions, be they given to us by telephone, email or any other method.
We will use your data to contact you for business reasons, eg. to discuss a proposed, ongoing or past project, for accounting purposes or to facilitate our ongoing client/supplier relationship (for example to update you on office opening hours or similar).
We will only use your data in this way where:
If you would like us to stop using your details for these reasons, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
(referring to a situation where one business makes a commercial transaction with another)
For our business-to-business clients and contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
(referring to commerce between a business and an individual consumer)
For our business-to-consumer clients and contacts our lawful reason for processing your personal information will be “a contract with the individual”, for example to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.
Our work for you may require us to pass your information to third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, or for other business-related reasons. However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the services and we will only share your data with third-parties that we trust, and where there are assurances in place as to how they will protect the data.
We will not use your data for marketing purposes.
We will not sell or pass your data to a third-party for marketing purposes.
We may use your personal data to comply with any legal obligations to which we are subject.
Transferring your information outside Europe
As part of the services offered to you by us, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are in place so that your privacy rights continue to be protected as outlined in this Policy. By submitting your personal data, you agree to this transfer, storing or processing. If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
Your own personal data
When you give us personal information, we take steps to make sure that it’s treated securely. The majority of your personal data which is not generally publically available (for example, your bank account details) is stored on a third-party service, which is encrypted and protected with the following software: 128 Bit encryption on SSL.
The personal data of others
If you need to send us the personal information of your own contacts (for example, a list of your shareholders/clients for mailing purposes), we will ask you to send this directly to the third-party we have chosen for your mailing, whether that be an electronic or a hardcopy mailing. Data should be sent via a secure share-file service of your choosing and any passwords should be sent to the third-party in a separate email and from a separate email address.
Information received using internet-based email clients
Non-sensitive details (such as name, job title, telephone number, email address etc.) are sent normally via email over the internet, which can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems. Our emails are stored and secured by Google Cloud. Information about their services can be found at: https://cloud.google.com/security/gdpr/resource-center/
Our head office in the UK is physically secure and access is only granted to Complete Design’s employees and any approved clients or visitors, who are always accompanied by a member of Complete Design staff. Employees and sub-contractors of the building’s managing agent and owner may enter the office as and when approved. Their access is controlled and monitored by the building’s managing agent.
Our satellite office in Italy is physically secure and access is only granted to Complete Design’s employees and any approved clients or visitors, who are always accompanied by a member of Complete Design staff.
We have invested in server, database, backup and other technologies to protect our information assets. The company also has robust a Internal Security Policy and Disaster Recovery plans in place. All data resides in secure data centres. Data between servers is transferred directly and not via a third party and is only sent over an encrypted connection.
We make secure, encrypted backups which are are stored and secured by Google Cloud Storage. Information about their services can be found at: https://cloud.google.com/security/gdpr/resource-center/
We will hold your data indefinitely. The reason for this is that many countries require us retain our business records going back several years, even if we cease trading.
Reviewing your data
It is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
Amending your data
It is your right to ask us to amend your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
Deleting your data
It is your right to ask us to delete your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form. Asking us to delete your data will necessarily terminate our client relationship with you.
Supplying your data
It is your right to ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to a specific data controller. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
If you feel that your personal data has been processed in a way that does not meet the GDPR, it is your right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website at https://ico.org.uk.
By email: email@example.com
In writing: Data Controller, Complete Design Limited, 429-433 Pinner Road, North Harrow, Middlesex HA1 4HN