This is the data protection notice of Zigger Web Design. In this document, "we", "the company”, "our", “Zigger” or "us" refer to Zigger Web Design and ziggerwebdesign.co.uk.
In order to deliver our services Zigger gathers and uses information about individuals and companies. No personal data is collected for purposes other than the delivery of these services. For example where we provide services such as a website or email address we may provide passwords and login details, this information is not used for purposes such as marketing, etc.
These individuals include customers, suppliers, business contacts, employees and other people where we have a relationship.
The Data Protection Act 1998 sets out rules for processing personal information relating to living individuals. It applies to some paper records as well as those held in electronic form. The Act gives individuals certain rights. It also imposes obligations on those who record and use personal information to be open about how that information is used and requires them to follow the eight data protection principles.
Personal data must be processed following these principles so that data is:
The Act provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data. Requests for information access should be made to hi@zigger.co.uk. This information is provided without charge.
Zigger complies with all the principles of this Act.
The EU parliament approved GDPR (General Data Protection Regulation) came into force in May 2018. Its purpose, as described by the governing body (ICO article) states:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.”
Considered issues
We have reviewed the following areas to identify where real needs to collect data exist and how we handle the resulting data.
What personal information is being collected?
-General Enquiries. We collect names, phone numbers and email addresses.
-Hosted Websites. We store data relating to the customer’s website – images, text and code. Also access to back-end data concerning website visitors and search engine access.
-Email. We store the login details – email address and initial password.
-Domains. We store the login details required to access the domain.
Who is collecting it?
It is collected by a single officer of the company.
How is it collected?
-General Enquiries. This is provided by a customer or website enquiry.
-Hosted Websites. It is created when we publish the website to the hoster.
-Email. It is created when we create the email address.
-Domains. It is created when we buy the domain.
Secondary data is accumulated over time through other communication systems such as email, mobiles and letters.
Why is it being collected?
The personal information has been minimised to a point where we have enough to complete the required tasks and no more.
How will it be used?
The data is stored in a number of systems outlined below and used as part of our responsibility to ensure the efficient running of the services we provide.
Who will it be shared with?
The information is not shared with anyone outside Zigger, but it is held on a number of GDPR-compliant applications outside the company and, in some cases outside the EEA.
It is important that we have a fair and transparent privacy notice. It is based on:
A single member of staff is designated as a ‘Data Handler’ and has the responsibility for ensuring data is collected, stored and handled appropriately. This is essentially controlled through system access.
We have made appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed.
Zigger is a small company so the ‘Data Controller’ and ‘Data Handler’ are the same person. He is responsible for:
The only people able to access data covered by this policy should be those who need it for their work.
If you have any questions regarding the data we hold on you, please contact us at hi@zigger.co.uk and we will be happy to help.