At Bluelinemedia we take personal data privacy seriously and will never sell or share with third parties. We are registered with the Information Commissioner's Office (ICO), reference Z1799006. Our registered office is 4 Saddlers Lane, Prinbox Works, Cheltenham, GL50 2UX.
How we use your data
We store your personal data to provide information for a new website enquiry or look after your account on the basis of contract as we need this information to communicate with you about your enquiry and ongoing work. For new enquiries we use your phone and email to contact you. For clients we store your email, phone and postal address for account management and billing.
If you have provided personal data, we will store paperwork and billing information for 6 years as required by the HMRC for tax auditing. We delete or anonymise all personal data when the account or enquiry has not been active for 6 years.
We also occasionally send emails about our services on the basis of consent. In compliance with GDPR from 25th May 2018, this will only apply if you've ticked the relevant box, agreed verbally over the phone, or by email to be added to our mailing list. We include an unsubscribe link in our marketing emails so you can remove your consent at any time.
We will never share personal data with third parties or sell your details. Where we use sub-processors such as Clook hosting, Google emails and Campaign Monitor email marketing, these providers are GDPR compliant and handle our data securely.
As an individual supplying your personal data, you should know your rights, which are:
- The right to be informed - what personal data we hold and why, as explained above
- The right of access - you can ask us what information we hold about you
- The right to rectification - we must make changes where you tell us they are incorrect
- The right to erasure - you can ask us to remove personal data where it is not needed
- The right to restrict processing - you can ask us to stop processing your personal data (but not remove it) if it's accurate or you think we are using it unlawfully
- The right to data portability - you can ask for personal data in an electronic format that can be provided to other parties
- The right to object - you can object to certain specific uses including direct marketing
- Rights in relation to automated decision making and profiling - we don't use any automated processes with your personal data
You can find out more information from the Information Commissioner's website at www.ico.gov.uk
If you have a complaint or would like to amend or request removal of your personal data, please email firstname.lastname@example.org and we will respond within one week.
We have conducted an information audit to identify the data flows, personal data and potential risks. We are also committed to reviewing our processes and data on a regular basis.
We have implemented a number of processes to minimise the personal data we hold, protect it from external access, and regularly remove older data.
Security of our network and premises
Personal data remains within our premises, computer network and sub-processors for email and invoicing. Access to our server and other computers, customer access details and third party services are all protected by secure passwords. No personal data in electronic or hard copy form is taken offsite. We delete emails after 6 years.
If we become aware of a security breach that could expose your personal data and is highly likely to risk your rights and freedoms, we will notify the Information Commisioner's Office and individuals affected within 72 hours.
Staff awareness and review
All our staff regularly review and agree to our commitment to privacy and the processes outlined above. We regularly review these processes and monitor changes to the GDPR as part of our ongoing commitment to privacy.