Data Protection Policy - Zigger Web Design

Privacy Notice

This is the data protection notice of Zigger Web Design. In this document, "we", "the company”, "our", “Zigger” or "us" refer to Zigger Web Design and ziggerwebdesign.co.uk.

Introduction

In order to deliver our services Zigger gathers and uses information about individuals and companies. No personal data is collected for purposes other than the delivery of these services. For example where we provide services such as a website or email address we may provide passwords and login details, this information is not used for purposes such as marketing, etc.
These individuals include customers, suppliers, business contacts, employees and other people where we have a relationship.

Purpose

  • Collect and store this personal data in line with data protection legislation
  • Protect the rights of these persons
  • Show that we are open, aware and compliant
  • Minimise the risk of a breach of legislation

The Principles

The Data Protection Act 1998 sets out rules for processing personal information relating to living individuals. It applies to some paper records as well as those held in electronic form. The Act gives individuals certain rights. It also imposes obligations on those who record and use personal information to be open about how that information is used and requires them to follow the eight data protection principles.

Personal data must be processed following these principles so that data is:

  • processed fairly and lawfully and only if certain conditions are met;
  • obtained for specified and lawful purposes;
  • adequate, relevant and not excessive;
  • accurate and where necessary kept up-to-date;
  • not kept for longer than necessary;
  • processed in accordance with an individual's rights;
  • kept in a secure manner;
  • not transferred outside of the EEA without adequate protection – see ‘Systems Zigger Use to store data’

The Act provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data. Requests for information access should be made to hi@zigger.co.uk. This information is provided without charge.
Zigger complies with all the principles of this Act.

GDPR

The EU parliament approved GDPR (General Data Protection Regulation) came into force in May 2018. Its purpose, as described by the governing body (www.eugdpr.org) states:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.”

Considered issues
We have reviewed the following areas to identify where real needs to collect data exist and how we handle the resulting data.
What personal information is being collected?
-General Enquiries. We collect names, phone numbers and email addresses.
-Hosted Websites. We store data relating to the customer’s website – images, text and code. Also access to back-end data concerning website visitors and search engine access.
-Email. We store the login details – email address and initial password.
-Domains. We store the login details required to access the domain.
Who is collecting it?
It is collected by a single officer of the company.
How is it collected?
-General Enquiries. This is provided by a customer or website enquiry.
-Hosted Websites. It is created when we publish the website to the hoster.
-Email. It is created when we create the email address.
-Domains. It is created when we buy the domain.
Secondary data is accumulated over time through other communication systems such as email, mobiles and letters.
Why is it being collected?
The personal information has been minimised to a point where we have enough to complete the required tasks and no more.
How will it be used?
The data is stored in a number of systems outlined below and used as part of our responsibility to ensure the efficient running of the services we provide.
Who will it be shared with?
The information is not shared with anyone outside Zigger, but it is held on a number of GDPR-compliant applications outside the company and, in some cases outside the EEA.

Fairness

It is important that we have a fair and transparent privacy notice. It is based on:

  • Using information in a way that people would reasonably expect
  • Thinking about the impact of your processing
  • Being transparent and ensuring that people know how their information will be used. This means providing privacy notices or making them available, using the most appropriate mechanisms. In a digital context this can include all the online platforms used to deliver services.

Risks and Security

A single member of staff is designated as a ‘Data Handler’ and has the responsibility for ensuring data is collected, stored and handled appropriately. This is essentially controlled through system access.
We have made appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed.

Responsibilities

Zigger is a small company so the ‘Data Controller’ and ‘Data Handler’ are the same person. He is responsible for:

  • Keeping the business updated about data protection responsibilities, risks and issues
  • Handling data protection questions from customers and anyone else covered by this policy
  • Dealing with requests from individuals to see the data we hold about them
  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards
  • Performing regular checks and scans to ensure the policy is effective
  • Evaluating any third-party services the company is considering using to store or process data

Staff Guidelines

The only people able to access data covered by this policy should be those who need it for their work.

  • Consider all personal data to be confidential
  • Data should not be shared informally
  • Staff should keep all data secure (not leaving PCs unprotected, avoid printing and leaving records for others to see, etc.)
  • In particular, strong passwords must be used and they should never be shared
  • Data should be regularly reviewed, updated or deleted if it is found to be out of date
  • When data is stored electronically it must be protected from unauthorised access
  • When data is stored electronically it must be protected from unauthorised access

If you have any questions regarding the data we hold on you, please contact us at hi@zigger.co.uk and we will be happy to help.