We respect the privacy of our website users and are committed to the security of your personal data as well as it’s fair, lawful and transparent use.
The aim of this policy is to inform you of the reasons we collect data, how we collect, secure and process the data collected, as well as your legal rights under UK and EU law.
This policy lays out our compliance with the UK Data Protection Act 2018 and the European Union General Data Protection Regulation (throughout this policy referred to as “GDPR”).
The EU GDPR is no longer valid in the UK. However, the rules have been adopted as the UK GDPR. Therefore, any reference to the EU GDPR can be assumed as the UK GDPR if you are located in the UK, or continue to mean the EU GDPR if you are located outside of the UK, in relation to our work in the EU.
If you have any queries or concerns about this policy, or the use of your data, or wish to exercise any of your legal rights regarding the data we may hold, you can do so by contacting us using the form located here, or email us at [email protected] using the subject line ‘Data Compliance Query‘.
1. Who we are.
P14 Media is SaaS, online platform and website management company based in the United Kingdom, (throughout this policy referred to as “we”, “us”, “our”, and “the company”). We are subject to UK laws due to our physical location. We also comply with relevant EU or US laws and regulations when it is necessary for the legal operation and access to our website within these territories.
P14 Media is the data controller and responsible for the security of your personal data and the reasons for it’s processing.
2. What personal data we collect, how, and why we collect it.
This website is free to use. browse and interact with, without the need to collect any personal data.
Personal data means any information about an individual which can be used to identify that individual and does not include data where identifying information has not been collected.
Anonymous data for us, usually relates to analytical data used for performance monitoring and statistical purposes, such as bulk traffic data where no individual IP addresses (or other identifying data) is present.
2a. The data we collect about you.
We may collect, use, store and otherwise process personal data about an individual for specific reasons only. The data we collect will fall into one of the following categories. A data type listed here does not mean we will collect such data, only that we may if there is a specific requirement.
- Identity data: Includes first and last names, maiden names, usernames or other chosen identifiers, title, marital status, date of birth and gender.
- Contact data: Includes billing and delivery addresses, email address, telephone numbers, and social media or other messaging app names.
- Financial and transaction data: Includes bank and payment card details, payment data relating to any products or services purchased from us and accounting data for any payments made from the company for any specific reason.
- Technical data: Includes Internet protocol (IP) address, login details where applicable, browser type and version, timezone and location, operating system or device types and other technical data relating to how you may be accessing our websites.
- Profile data: Includes your username and password for any of our websites that allow you to create a user account, purchase details and history, user preferences and interests.
- Marketing and Communications data: Includes your preferences on how and when you would like to receive marketing or other non individual communications from the company or our websites, as well as your preferences regarding the passing of your contact details to selected third parties.
- Regarding special category data: We have no requirement to collect any data regarded as special category data under GDPR from our casual website users. (This includes information regarding your race, ethnic origin, political views, religion, trade union memberships, genetics, biometric data, health, sex life or sexual orientation). We also do not collect data relating to criminal convictions or offences. In general, we also do not collect data from and regarding people under the age of 18.
When directly contacting us with regards to working with us, we may ask for some special category data such as sexual orientation. This is required for the purposes of evaluating your request, is treated in the strictest confidence, and removed from our systems as soon as no longer needed. If a working relationship with you is established, your data will then be processed under our main company Data Protection Policy instead of this policy which covers website users only.
We will never collect personal details of children under the age of 13 for any reason and request you contact us in writing, using the contact details at the top of this policy, if you suspect such data has been collected in error so we can remove it from our systems.
2b. How and why your personal data is collected.
We may obtain your data through different methods and process your data for different reasons. Normally the method through which your data is collected relates to how your data will be used. As above, a collection method listed here does not mean we will use such a method, only that we may if it is necessary for the operation of a website or service.
Interacting with our websites:
Our websites which allow commenting may also use a service called Gravatar which is a global Avatar service operated by Automattic. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are a member the service. After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment.
Our sites may also carry embedded comment systems from social media websites including Facebook and Twitter. You are advised to check the privacy policies of any external website as we have no control over their content.
Why we collect this data: To ensure our websites operate and maintain working comment systems that enhance the user experience whilst protecting against malicious use.
- Uploading media and posts: If one of our websites or services allows you to upload media or create posts, you will be required to enter login details or your name and email address. As per the comments system, these details will not be used for any marketing activities.
It is also your responsibility to ensure all personal data is removed. We can not guarantee the security of your data if it is uploaded by yourself to a publicly available area on one of our websites. Specifically, if you upload images, you should avoid uploading those containing embedded location data (EXIF GPS tags). Visitors to our websites could download and extract location data from these images. If you upload anything containing personal data by mistake please contact us using the details at the top of this policy so we may remove your data from being publicly visible. Please note this may result in the complete deletion of your upload.
Why we collect this data: To ensure the proper use of our websites which allow external uploading and to protect other users from malicious content.
If our site allows you to leave comments, you may opt-in to saving your name, email address and/or website details in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
When you log in, we may also set up several cookies to save your login information and your screen display choices.
Why we collect this data: We collect data via cookies for various reasons relating to the proper operation of our websites. These include remembering your login preferences, analysing and understanding our website traffic to provide a better user experience and to provide targeted and non targeted advertising services which help us fund our websites.
Why we collect this data: We do not directly collect data via embedded content but would advise you to read the privacy policies of any embedded content provider we may use.
Direct interaction with us:
Through directly interacting with our website forms or other correspondence via email, phone or post, you may provide us with personal data. We will only ever ask for information needed for the specific reason we are requesting it.
- Creating a user account: Some of our websites may allow users to create user profiles and accounts. To do this we may need to collect data such as your name, email address, physical address, username or other identifying data.
Why we collect this data: We would need to collect this data to ensure the secure and safe operation of your profile or account.
- Subscription to services, publications and marketing: You may provide us with personal data in relation to subscription services we may provide, notification of updates or publications and for marketing purposes. This data may include your name, address, email address and other contact and account preference information. We only provide these services on an opt-in basis. You can opt out of these services at any time.
Why we collect this data: To provide the services to which you have subscribed.
- Competitions, promotions, surveys and feedback: We may occasionally collect personal data in relation to promotions, competitions, surveys, and when asking for feedback on our services and websites. The data we request in these circumstances will be specific to the reason for it’s collection. Any data collected under these circumstances will be subject to each promotion’s individual terms and conditions which will explain how the collected data is to be used in more detail, including if the data is being collected for and by ourselves, by us on behalf of a third party (ie. a competition sponsor), or directly by a third party through embedded forms, links or email thus bypassing us altogether.
Why we collect this data: To gather the necessary information needed to fulfil the requirements of any optional competition, promotion, survey or feedback campaign we may run.
- Direct requests for information and services: As a business we also provide content generation and certain website management services. You may supply us with personal details including contact details if entering into correspondence with us regarding these services or with any other request for information. This can be through phone, post, email or website contact forms.
Why we collect this data: To effectively deal with any request for information or to provide any services you may have requested.
2c. Failure to provide personal data.
We will only collect personal data which is required for specific reasons such as the operation of our websites or the fulfilment of services provided. You are under no obligation to provide us with any information requested, however please be aware that if you fail to provide information when requested, we may not be able to provide you with services offered or fulfil any contract we have or are trying to enter into with you.
Examples of this include but are not limited to: Not being able to fulfil a purchase order without contact and payment details. Not being able to process a request for a website user account without contact details.
3. How we use your personal data.
- We will only use your personal data in accordance with the UK Data Protection Act 2018 and the EU GDPR.
- We will only collect, use, and process your personal data if we have a specific legitimate and lawful business requirement for which the processing of your data is a part.
- We most commonly use your data for the fulfilment of contracts we may have with you, the proper operation of services which we may provide you, and to generate a better understanding of how to improve our services.
- We will only use your data where it does not override your fundamental legal rights regarding the use of such data.
- We may use your data to contact you with marketing emails or to provide you with other subscription services by email, post, or phone. We will only do this with your specific opt-in permission.
- We may use your data to register you as a new client or to set up a website user account.
- We may use your data to process any online orders placed and to deliver any products or services to you.
- We may use your data to enable you to partake in competitions, promotions, surveys and to provide us with feedback.
- We may use your data to manage and protect our business and websites. Including data analysis, troubleshooting, system testing, traffic analysis, spam and malicious activity protection.
- We may use your data to provide you with relevant website content, links, and advertising. As well as helping us understand the effectiveness of the advertising we serve you.
- We may include your data in analytics which enable us to improve our websites and services and to provide a better user experience.
3a. Who we may share your data with.
We will only share your directly collected personal data outside of our company for selected specific reasons.
- Third party marketing: We will obtain your express consent to share your details with third party companies for marketing purposes, such as sponsored competitions and promotions.
- Debt recovery: We reserve the right to transfer your contact and transaction details to a third party collection agency in the event any funds due to us for services or items provided are not received after all other reasonable attempts at recovery have been exhausted. In this instance we will provide you with adequate warning in writing by post and/or email.
- Law enforcement: We will pass your details onto any relevant law enforcement agencies only if it is required of us to do so by UK law. If such requests are made by any agency outside of the UK, we will seek legal advice from relevant UK authorities immediately.
- Company, website and asset transfers: We may transfer your details to a third party company in the event our company is sold or merged with another company, or a company asset or website to which your details are linked is sold or transferred. We will contact you to inform you of any such instance and direct you to the new company privacy policies.
- Third party service providers: Your data may be indirectly shared with third party companies which we use to gather such data on our behalf, or whose services we use on our websites. This can be companies such as analytic service providers who’s systems gather usage data for us, or advertising providers who gather their own data through ads which may appear on our websites.
3b. International transfers.
In certain circumstances we may be required to transfer your data to third parties outside of the European Economic Area (EEA). We will try to inform you wherever possible if this is going to be the case when we are collecting your data.
We follow very strict rules if we have to transfer data in this way, such as never transferring data to countries which do not provide levels of protection deemed adequate by the European Commission and only transferring data to US third parties if they comply and are part of the EU-US and Swiss-US Privacy Shield framework which requires US companies to provide similar protection to personal data shared between the EU and the US.
You can learn more about Privacy Shield by clicking here.
4. How long we retain your data.
- We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. This includes the additional purposes of satisfying any reporting, accounting or legal requirements under UK, EU or US (where applicable) law.
- When determining appropriate data retention periods we take into account the reason for us obtaining the data, the amount of data obtained, the nature and sensitivity of the data and the potential risk from any unauthorised use or disclosure.
- Some data we are legally obliged to keep for a specific period of time, such as basic information about e-commerce or service customers including contact, financial and transaction data. We must retain this data for at least 6 years for UK tax purposes.
- If you have any queries regarding the retention period of your data please use the contact details at the top of this policy.
- If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
- For users that register on our websites, we also store the personal information you provide in your user profile.
5. How we secure your data.
- We have in place appropriate security measures to prevent the accidental loss or unauthorised access of your data.
Access to your personal data is restricted to a need to know basis for both company employees as well as contractors and third parties. If a person or agent does not have a need to know they will not be issued authorised access to your data.
- All digital data will be stored securely in password protected encrypted systems.
- Where data is kept on or transferred to physical formats, for example printed delivery notes or certain legal contracts. This data will be kept in secure access restricted and locked areas unless in immediate use.
- We have procedures in place to deal with any suspected data breach and will notify both you and any applicable regulator where we are legally required to do so.
6. Your legal rights
As a company we operate under the laws of the United Kingdom and European Union. As such we will treat all personal data the same, whether your country of residence is within the EU or not.
As an individual Under GDPR you have 8 specific legal rights.
You can click on the titles of each right for more detailed information from the ICO.
- The right to be informed.
- The right of access.
This is your right to know about, and obtain, any of your personal data we may hold. Commonly refereed to as ‘subject access’. It also includes your right to know specifics of how we are processing each element of data, how long we will keep it and the data’s source.
- The right to rectification.
This is your right to have inaccurate data corrected or incomplete data completed.
- The right to erasure.
Otherwise known as ‘the right to be forgotten’. This is your right to have your personal data completely erased. However, this right is not absolute, and only applies in certain circumstances. We can refuse your request if we are required to keep your data to comply with other legal obligations or if your request is manifestly unfounded, excessive or repetitive.
- The right to restrict processing.
This is your right to request a suppression of your personal data, where it can be stored but not processed. Usually whilst you are contesting the accuracy of the data or you no longer wish for your data to be processed but require it to be held for legal reasons.
- The right to data portability.
This is your right to obtain and reuse your personal data for your own purposes.
- The right to object.
This is your right to object to the processing of your data in certain circumstances, such as stopping your data being used for direct marketing purposes.
- Rights in relation to automated decision making and profiling.
These are an additional set of rights which cover the use of your data in decision making or individual profiling activities which do not involve human involvement.
If you wish to exercise any of your legal rights you can do so verbally or in writing, however we would prefer you use the contact details at the top of this policy in the first instance to help us in tracking your request.
If you chose to exercise your rights, we will have 1 month to reply and can not charge a fee. However if your request is considered manifestly unfounded, excessive or repetitive, we can charge a reasonable administrative fee.
If you are exercising your right to access, we can extend the period to process your request by a further 2 months if you make multiple requests or your request is complex. We will inform you of this within the first month.
We also have the right to ensure the correct individual is making the request by asking for further ID. If this is the case, the time limit for processing your request begins when the required further information is received.
We will always endeavour to fulfil our obligations with your data, and appreciate the chance to deal with any concerns you may have directly. However, you also have the right to complain at any time to the Information Commissioner’s Office (ICO) who are the UK supervisory authority for data protection issues at ico.org.uk.
Last updated 29th May 2019.