[gawr-juhs] – Visual Communication & Design Thinking

Silver metal padlock on blue wooden surface

General Data Protection Regulation (GDPR)
& Privacy Policy

Introduction

Derek Green trading as [gawr-juhs] – hereafter referred to as [gawr-juhs], we, us or our – needs to gather and process personal information about individuals for core business purposes, such as accounting, staff administration and marketing. Individuals can include customers, suppliers, contractors, business contacts, employees and other people the organisation has a relationship with, or may need to contact.

This policy explains how personal data is collected, stored, and handled in order for us to comply with our own organisation’s privacy and data protection standards – and to adhere to the European Union’s General Data Protection Regulation, which becomes law on 25 May 2018.

Why This Policy Exists

This data protection policy ensures [gawr-juhs]:

General Data Protection Regulation (GDPR)

The General Data Protection Regulation describes how organisations — including [gawr-juhs] — across all 28 European member states must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

GDPR defines Personal Data as any information that can directly or indirectly identify an individual and includes: forename; surname; title; photo; address; email address; IP address; Location data; Cookies; and Profiling and Analytics data.

The Regulation also places much stronger controls on the processing of Special categories of personal data including: Race; Religion; Political opinions; Trade Union membership; Sexual orientation; Health information; Biometric data; and, Genetic data.

Scope of Privacy Policy

This policy applies to:

What Data We Collect

This policy applies to all data that [gawr-juhs] holds relating to identifiable individuals, even if that information technically falls outside of the General Data Protection Regulation Act 2018. This can be made up of:

Identity Data including first name, surname, marital status, title, gender and photo.

Contact Data including business name, billing address, postcode; email address and telephone numbers.

Financial Data including bank account and payment card details.

Transaction Data including details about payments, invoices, and receipts between you and [gawr-juhs], and other details of products and services we have purchased from one another.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our services.

Profile Data includes your online username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our website, and our products or services.

Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

Third Party Services Data includes account user names and passwords for email accounts, internet service providers, social media channels and File Transfer Protocol (FTP) access that you provide to [gawr-juhs] in order to setup, control and maintain your internet presence.

How and When Do We Collect Data?

[gawr-juhs] collects data from you:

Directly when you contact us by telephone, email, or completed and submit any form that is included on our website.

Indirectly when you take some action on our site (passive data).

We may also have personal data about you, if you:

Via Online Behaviour (Cookies)
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages of our site are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Via Third Party Cookies
[gawr-juhs] also uses third party cookies for tracking and analytics services, such as Google Analytics, Adobe Analytics or similar services provided to us by individual internet service providers. In addition we may link or embed elements, for example YouTube videos, Vimeo videos or Google Fonts, into our site in order to provide visitors with a fuller experience.

These organisations are Data Processors and have obligations to confirm to the European Union GDPR laws so that [gawr-juhs] is unable to use their services to track, collect, or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to a Visitor.

In addition, and where possible, [gawr-juhs] has actively switched on IP Anonymisation to disable the collection of Personal Identifiable Information (PII) through third party cookies to ensure that the individual IP addresses of Visitors to our site are masked and are not identifiable.

How We Protect Your Data

Data Protection Risks
This policy also helps to protect [gawr-juhs] from some very real data security risks, including:

Responsibilities
Everyone who works for, or with, [gawr-juhs] has some responsibility for ensuring data is collected, stored and handled appropriately. Anyone that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

Our General Guidelines
The only people able to access data covered by this policy should be those who need it for their work. Data should not be shared informally. When access to confidential information is required, staff and contractors can request it from Derek Green, Creative Director of [gawr-juhs].

Staff and contractors should keep all data secure, by taking sensible precautions and following the guidelines below:

[gawr-juhs] will ensure that all our staff and contractors are made aware of these guidelines, read them, and help them understand their responsibilities when handling data.

Data Storage
These rules describe how and where our data should be safely stored.

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored digitally but has been printed out for some reason:

When data is stored digitally, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:

If you have any further questions about storing data safely these can be directed to Derek Green, Creative Director of [gawr-juhs].

How We Use Your Data

We do not share your personal data with any third parties. However personal data is of no value to us unless [gawr-juhs] can make use of it for our day-to-day core business purposes.

It is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:


Data Accuracy
The law requires [gawr-juhs] to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of our staff and contractors, who work with data, to ensure it is kept as accurate and up to date as possible.

Subject Access Requests
All individuals who are the subject of personal data held by [gawr-juhs] are entitled to:

If an individual contacts [gawr-juhs] requesting this information, this is called a Subject Access Request.

You may request details of data which we hold about you under the EU’s General Data Protection Regulation. Subject Access Requests should be made by email to Derek Green, Creative Director at hello@gawrjuhs.com. In accordance with the new regulations, we aim to provide all the relevant data to you within 30 days and for no fee.

We will always verify the identity of anyone making a Subject Access Request before handing over any information.

Disclosing Data For Other Reasons
In certain circumstances, the EU General Data Protection Regulation allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, [gawr-juhs] will disclose requested data. However, we will ensure the request is legitimate, seeking assistance from legal advisers where necessary.

How Long Do We Keep Your Data?

[gawr-juhs] retains different types of data for different lengths of time.

Identity Data, Contact Data, Profile Data and Marketing & Communications Data: for the length of time that an individual is a customer of, or a supplier to, [gawr-juhs].

Contact Data, Financial Data and Transaction Data: for a minimum of seven years, in accordance with guidelines provided to us by the UK Government’s HM Revenue and Customs.

Technical Data and Usage Data: for 7 months.

Google Data Retention: for 14 months. For more information please see Google’s Support pages.

Third Party Services Data: for the length of time that an individual is a customer of [gawr-juhs].

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Context and Overview

This Policy was prepared by Derek Green, Creative Director at [gawr-juhs] and becomes operational on 25 May 2018.


MESSAGE US:

* Required






Captcha Image
Subscribe to: Quarterly Newsletter

COMMUNICATE WITH US:

0131 226 1464

Room 2
13A Coates Crescent
Edinburgh EH3 7AF


hello@gawrjuhs.com†


SOCIALISE WITH US:

Twitter
Google+
LinkedIn
YouTube
Flickr
Pinterest


†We check email at 09.30 and 15.00 only.


LEGAL INFORMATION

GDPR & Privacy Policy
Conditions of Sale
Intellectual Property
Environmental


SITE INFORMATION

Site Map
Credits & Technical Info


[gawr-juhs] specialises in visual communication and design thinking.

Member of International Society of Typographic Designers

Copyright © Derek Green t/a [gawr-juhs] 2011–2018. All rights reserved.