This is the Privacy Notice for Digibubble Ltd
The purpose of this notice is to inform you about how and why your personal data is used so that we at Digibubble, are as transparent as we possibly can, and to ensure that you are aware of your rights under UK data protection legislation. This privacy notice is specifically for the data we process as data controllers only. We also process data on behalf of our clients in the capacity of data processors.
Digibubble Ltd, is a company registered with Companies House under registration 09866049 and with the ICO under registration ZA752327.
Our address is DigiBubble Ltd, Freedom Works, Astral Towers, Betts Way, Crawley, West Sussex, RH10 9XA. You can contact us at firstname.lastname@example.org or on 0203 9207727.
The purpose for processing your data and our basis for doing so.
We process personal data so we can provide commercial web development and digital marketing services to clients and engage with prospective clients and partners.
In processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it. References to the basis of processing e.g.,”(Article. 6.1.f)” are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.
If you are a client, we will hold the following information about you:
- Your full name.
- Your postal address
- Your email address.
- Your contact telephone number(s).
- Your job title.
- Your signature.
We process this information so we can provide you with our web development and digital marketing services, invoice you, as well as maintain our communication with you. Our legal basis for doing this is Article 6.1.b – performance of a contract, this is necessary to deliver the service to you.
Where we require your data in the pursuance of a contract, if you fail to provide that data, we will not be able to provide you with our products or enter into a commercial agreement.
If you are a prospective client we have engaged with, we will hold the following information about you:
- Your full name.
- Your email address.
- Your contact telephone number(s)
We will process this information so we can continue to manage our communications with you. The legal basis for this is Article 6.1.f – Legitimate interest, as we have a legitimate interest in growing our client base.
We will also use your contact data to send occasional updates via email to clients, and anyone who has consented via our website to receive these. We undertake our marketing on a business-to-business basis and the legal basis for doing this is Article 6.1.f – Legitimate Interest, as we have a legitimate interest to send appropriate marketing material to grow our business. You always have the right to object to this marketing and you can unsubscribe at any time by using the link provided on the emails we send, or by contacting us direct.
Recipients of your data
As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:
- If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Lawful basis Article 6.1.f, we have a legitimate interest to pursue money owed to us.
- It is possible, though unlikely, that we might be forced to disclose your information in response to a UK court order or other binding mandate. Lawful basis is Article 6.1.c Legal Obligation
- We do use an external accountancy service based in the UK and they have limited visibility of your personal business data for the administration of company financial affairs. The lawful basis for this is Article 6.1.f, we have a legitimate interest to allow our accountant to have limited access to our client personal data in order to manage our accounts.
Data processed by third parties on our behalf
We use the services of other ‘cloud based’ organisations in the processing your data, such as: payment portals, video conferencing platforms, secure document storage, email provider, marketing platforms, electronic signature providers and customer relationship management platform. Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.
Transferring your data outside of the UK
We do not transfer or process data outside the UK unless the nature of the processing requires it but some of our processors do store your personal data outside of the UK, in the EEA and United States of America. We ensure that there are approved mechanisms to allow this to happen, such as adequacy decisions (Article 45.1 UK GDPR), the use of standard contractual clauses (Article 46.2 UK GDPR) or in exceptional circumstances, allowable derogations to the Regulation Article 49 UK GDPR).
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose.
If you are a customer, then we will keep your data for all the time you are a customer and for 7 years following. This is to comply with HMRC audit requirements.
If you are a prospective customer and have signed up to receive our updates, we will keep your information for 2 years from last meaningful contact unless you have asked us to stop contacting you. If this is the case, we will remove you from the mailing list but will keep the minimum of data to ensure you are not added back into it.
If you are a supplier to us, we will retain your information for the duration of the commercial relationship and for 7 years after to comply with HMRC reporting requirements.
The UK GDPR requires us to implement technical and organisational measures to protect your data. This means our IT systems are protected by anti-virus and anti-malware software. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Our staff have undergone training and are familiar with our policies and procedures.
The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:
- You have the right to get access to and copies of your personal data.
- You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
- You can ask us to rectify any inaccurate information we may be holding.
If you want to exercise any of these rights, contact us on the above email address.
Please contact us first if you are unhappy with the way we have processed your data, as we are keen to ensure you are entirely satisfied with our service.
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.