Privacy Policy – Appletree Design Solutions Ltd
1.0 Our principles regarding user privacy and data protection
- Only necessary data should be collected and processed
- Personal information is private so we treat it with the highest standards of security and confidentiality.We treat your personal information as confidential and hold it securely. We never sell or give your personal information to any other company for them to use for their own purposes, such as marketing.
2.0 Relevant legislation
This website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
3.0 Personal information that this website collects and why we collect it
3.1 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see below).
3.2 Contact forms and email links
Should you choose to contact us using the contact form on our Contact Page, or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Instead the data will be collated into an email and sent to us.
3.3 Cookies
This website uses a number of cookies, some of which are essential for the site to work and for us to provide a service to you. These are cookies set by the server (PHPSESSID), WordPress (wp-settings-*, wordpress_*).
This website also uses Google Analytics and details of the cookies set can found on Google’s developer guides. These are not enabled unless you accept them via the Cookie Control settings. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website, but may mean that other areas of the website have reduced functionality. The cookies that GA sets may include _ga, _gid, _gat, __utma, __utmb, __utmc and __utmz.
Should you wish to restrict or block cookies which are set by our website you can do this through your browser settings. More information on cookies, including how to block them on a wide variety of browsers can be found at All About Cookies. Please be aware that restricting cookies may impact on the functionality of this website.
3.4 Server logs
As with most other web servers, when you access these web pages certain information may automatically be recorded. This could include your IP address, browser type, and information relating to the page you last visited. This information may be used in the event of a breach of security to aid detection.
4.0 How we store personal information
We store contact information when you contact us or when you employ us to undertake some work for you. This could be stored in the form of emails, email address books or printed pages. If you wish your data to be removed at any time (or if you would like a copy of the information we hold), please email Appletree Design Solutions Ltd – create@appletreedesigns.co.uk giving your name and email address. Please be aware that some information may need to be retained to comply with relevant tax/accounting legislation.
4.1 Our role as a Data Processor
If you employ us to build a website for you, we may have access to, and faciliatate the processing of, your client/customer data. As a ‘Data Processor’ we will not be ultimately responsible for making the key decisions about the personal data, but will only be processing the data under the direct, or implied, instructions of the Data Controller (you).
When we develop your website we will discuss with you the data that needs to be collected and for what purpose. We are therefore likely to advise on the methods of data collection, storage and processing that your website will undertake. This will vary depending upon the nature of your website and it’s purpose. We may also help you with aspects of your own privacy policy, but you may need to seek legal assistance to be sure of compliance with relevant legislation. You will also need to consider how you store and process your client/customer data if it is stored in your own internal systems, and you should review your internal procedures to ensure you comply with the above privacy/data protection legislation in these respects.
In terms of security we will take reasonable measures to ensure that your, and your client/customer data is safeguarded. These include:
- Using a reliable and trustworthy hosting company which takes security very seriously. All websites are hosted on a Dedicated Server managed by CompuWeb Communications Services Limited.
- Dedicated Server has a Cisco ASA Firewall in place to help prevent cyber-attacks.
- Performing regular scanning of devices for viruses and malware.
- Moving backups to a password protected, offline device as soon as feasibly possible.
- Password protecting or encrypting sensitive information where necessary.
- Periodically reviewing stored data and deleting uneccessary data where necessary/feasible.
- Installing security plugins to WordPress based websites (where feasible) to asisist in the protection of website data.
Here are some specifics that we, as your Data Processor, will adhere to:
- We will only act on the written instructions of the controller (unless required by law to act without such instructions). This will usually be in the form of an email discussion/confirmation.
- We will ensure that people processing the data are subject to a duty of confidence.
- We will take appropriate measures to ensure the security of processing.
- We will only engage a sub-processor with the prior consent of the data controller.
- We will assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
- We will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments. This will be limited to the scope of the website and will not include your own internal systems, storage and processing of data.
- We will delete or return all personal data to the controller, if requested, at the end of the contract.
5.0 About this website’s server
This website is hosted by CompuWeb Communications Services Limited. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS. The server is a dedicated managed server with a Cisco Firewall in place.
6.0 Our third party data processors
We currently use the following third party data processors to process personal data for this website on our behalf.
- Google (Privacy policy)
- CompuWeb Communications Services Limited (Privacy Policy)
7.0 Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 Changes to our privacy policy
This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates will be mentioned below.