Privacy policy

This Privacy Policy was updated on 2nd November 2021 in line with the General Data Protection Regulation (“GDPR”) requirements. Any updated version will be published here on our website. You should review this page periodically.

 

1. General information

This Privacy Policy applies to Complete Design Limited, a limited company registered in England & Wales under number 66314430 whose registered office is at 429-433 Pinner Road, North Harrow, Middlesex HA1 4HN.

Our website address is: http://www.complete-design.co.uk

Complete Design Limited (“we”, “us”, “our”) takes security and privacy seriously. This Privacy Policy explains how we collect, store and use personal data when you browse http://www.complete-design.co.uk (the “website”), or when you use our wider services, or when you otherwise provide your personal data to us. Please read this Privacy Policy carefully to understand how we will treat your personal data. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

This Privacy Policy should be read together with our Terms of Trading.

Complete Design Limted is designated as a data controller and a data processor.

What is a data controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

What is a data processor?
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

What is data processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

 

2. What information do we collect?

Personal data
We collect your personal data. When we say your “personal data” we mean any information that identifies any person, that you provide to us or that is contained in any other information that you provide to us, or that you authorise a third party to give to us on your behalf.

Personal data relates to any information about a natural person that makes that person identifiable, which may include (but is not limited to):

  • Names and contact information (ie. postal addresses, email addresses and telephone numbers)
  • National Insurance numbers
  • Employment history
  • Employee numbers
  • Credit history
  • Personal tax details
  • Payroll and accounting data
  • Bank account details

Sensitive personal data
We do not collect or process sensitive personal data, as defined under GDPR, for example:

  • Medical conditions
  • Religious or philosophical beliefs and political opinions
  • Racial or ethnic origin
  • Sexuality or gender orientation
  • Convictions
  • Biometric data (eg. photo in an electronic passport)

Children under the age of sixteen
We do not knowingly collect or solicit any personal data from anyone under the age of sixteen. In the event that we learn that we have collected personal data from a child under the age of sixteen without verification of parental consent, we will delete that information as quickly as possible.

Credit and debit card details
We do not accept payment by credit or debit card so we will neither collect nor store any credit or debit card details from you.

 

3. How do we collect information about you?

Via email
We may receive your personal data via email from you. Emails are sent normally over the internet and this can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems.

Via telephone or face-to-face meeting
If we receive personal data from you via non-electronic means we will ensure that the data is transferred to electronic storage as soon as possible.

Via our website
We collect information about you when you complete and submit any of the forms on our website. Website usage information is collected using cookies. When you submit a form on our website the information is emailed to us and we store and process it under the terms of this Privacy Policy.

Cookies
Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. You can set your browser not to accept cookies. For more information visit www.aboutcookies.org or www.allaboutcookies.org.

Analytics (ie. monitoring how our website is used)
We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience. Google Analytics is a third-party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. Google Analytics cookies do not store any personal information about you eg. your name, address etc. You can view their privacy policy at: http://www.google.com.

IP addresses
An IP (or Internet Protocol) address is a unique numerical address assigned to a computer as it logs on to the internet. Your IP address is logged when visiting our website, but our Analytics software only uses this information to track how many visitors we have from particular regions.

Via internet-based advertising
If we choose to use internet-based advertising, for example Linkedin, Facebook or Twitter advertising services, we will install tracking codes on our website so that we can manage the effectiveness of these campaigns. We will not store any personal data within this type of tracking. At present, we do not use internet-based advertising.

 

4. How do we use your data?

General
We use your personal data to provide the services you have requested from us. We will only use your data subject to your instructions, be they given to us by telephone, email or any other method.

We will use your data to contact you for business reasons, eg. to discuss a proposed, ongoing or past project, for accounting purposes or to facilitate our ongoing client/supplier relationship (for example to update you on office opening hours or similar).

We will only use your data in this way where:

  1. you have provided consent, or
  2. we have legitimate business reasons for doing so, or
  3. we have a contract with you, or
  4. we are otherwise entitled by law to do so.

If you would like us to stop using your details for these reasons, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.

Business-to-business relationships
(referring to a situation where one business makes a commercial transaction with another)
For our business-to-business clients and contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.

Business-to-consumer relationships
(referring to commerce between a business and an individual consumer)
For our business-to-consumer clients and contacts our lawful reason for processing your personal information will be “a contract with the individual”, for example to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.

Third-parties
Our work for you may require us to pass your information to third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, or for other business-related reasons. However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the services and we will only share your data with third-parties that we trust, and where there are assurances in place as to how they will protect the data.

Marketing purposes
We will not use your data for marketing purposes.
We will not sell or pass your data to a third-party for marketing purposes.

Legal obligations
We may use your personal data to comply with any legal obligations to which we are subject.

Transferring your information outside Europe
As part of the services offered to you by us, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are in place so that your privacy rights continue to be protected as outlined in this Policy. By submitting your personal data, you agree to this transfer, storing or processing. If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.

 

5. How do we keep your data secure?

Your own personal data
When you give us personal information, we take steps to make sure that it’s treated securely. The majority of your personal data which is not generally publically available (for example, your bank account details) is stored on a third-party service, which is encrypted and protected with the following software: 128 Bit encryption on SSL.

The personal data of others
If you need to send us the personal information of your own contacts (for example, a list of your shareholders/clients for mailing purposes), we will ask you to send this directly to the third-party we have chosen for your mailing, whether that be an electronic or a hardcopy mailing. Data should be sent via a secure share-file service of your choosing and any passwords should be sent to the third-party in a separate email and from a separate email address.

Third-parties
We will only recommend third-parties that we trust, and where there are assurances in place as to how they will protect your data. Should you wish to see the Privacy Policy of any third-party we have chosen, please contact us using the details below.

Information received using internet-based email clients
Non-sensitive details (such as name, job title, telephone number, email address etc.) are sent normally via email over the internet, which can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems. Our emails are stored and secured by Google Cloud. Information about their services can be found at: https://cloud.google.com/security/gdpr/resource-center/

Office security
Our head office in the UK is physically secure and access is only granted to Complete Design’s employees and any approved clients or visitors, who are always accompanied by a member of Complete Design staff. Employees and sub-contractors of the building’s managing agent and owner may enter the office as and when approved. Their access is controlled and monitored by the building’s managing agent.

Our satellite office in Italy is physically secure and access is only granted to Complete Design’s employees and any approved clients or visitors, who are always accompanied by a member of Complete Design staff.

Digital security
We have invested in server, database, backup and other technologies to protect our information assets. The company also has robust a Internal Security Policy and Disaster Recovery plans in place. All data resides in secure data centres. Data between servers is transferred directly and not via a third party and is only sent over an encrypted connection.

We make secure, encrypted backups which are are stored and secured by Google Cloud Storage. Information about their services can be found at: https://cloud.google.com/security/gdpr/resource-center/

 

6. How long will we hold your data?

We will hold your data indefinitely. The reason for this is that many countries require us retain our business records going back several years, even if we cease trading.

Reviewing your data
It is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.

Amending your data
It is your right to ask us to amend your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.

Deleting your data
It is your right to ask us to delete your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form. Asking us to delete your data will necessarily terminate our client relationship with you.

Supplying your data
It is your right to ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to a specific data controller. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.

 

7. Complaints

If you feel that your personal data has been processed in a way that does not meet the GDPR, it is your right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website at https://ico.org.uk.

 

8. How to contact us

If you have any questions about our privacy policy or information we hold about you, please contact us:
By email: datacontroller@complete-design.co.uk
In writing: Data Controller, Complete Design Limited, 429-433 Pinner Road, North Harrow, Middlesex HA1 4HN