GDPR Privacy Notice
Mr Mears Ltd t/a Mears Websites is aware of the law changing to the General Data Protection Act (GDPR) on Friday 25th May 2018. The information within this Privacy Notice details the steps Mears Websites has taken to ensure GDPR Compliance and explains about the data Mears Websites collects, how it is used, why it is kept and how you can find out what information is kept on file about you.
Is Your Own Business and Website Compliant?
Mears Websites is unable to confirm whether your own business is GDPR compliant. If you are in any doubt regarding GDPR Compliance, we recommend you consult a GDPR Specialist, Solicitor or refer to the Information Commissioner’s Office (ICO) Guidelines available at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Mears Websites can help you by adding your Privacy Statement to your website, but you will need to make the decision for yourself on your own/your business’ GDPR compliance.
If you would like to know the cost of adding your GDPR Compliance Notice to your website, please email firstname.lastname@example.org
Your Website Security
GDPR has been created to protect the identity of individuals being used without their consent. Therefore, if you have a website which stores clients or customers personal information it is essential that you take steps to ensure that your website is secure. For Mears Websites WordPress Website Clients, who also have their website hosting managed by Mears Websites, there are five layers of security in place: Host Server security using Google ReCAPTCHA, website dashboard security, again using Google ReCAPTCHA and two industry-leading WordPress website security plugins. Also, the FTP (a method of changing files on the host server) access to websites for which hosting is managed by Mears Websites, is automatically locked and requires Unlocking before files can be uploaded and downloaded using FTP.
Why Mears Websites Collects and Retains Information About You
Mears Websites collects information about you to enable us to fulfil our professional obligations to you, for example, the creation of a website. We retain the information to enable us to continue to provide professional services to you, for example, website updates. The information we collect relates to how to contact you and how to access your website and accounts relating to your website, for example, your Google Account within which Google Analytics Data and Google Search Console information may need to be accessed. We also keep your information on file to provide you with a ‘safety net’ for example when you can’t remember the login details to your website.
Requesting the information Mears Websites has about you
If you would like a copy of the information we have about you, simply send an email to email@example.com with the subject ‘Data Request’ and including your telephone number within the email. Alternatively, you are welcome to call us on 01376 494456, we will then send you a Verbal Request Acknowledgement by email to maintain our own Verbal Data Request records (a GDPR Requirement).
In the interests of security, we will verify you with a phone call, during which we will ask three questions relating to your data. Within 72 hours of successful verification, we will email you a password protected PDF file containing the information we have on file about you. The password for your document will be given to you either during the verification phone call or by text-message if you have provided us with your mobile telephone number.
Links to the third-party service providers Mears Websites use which you may find helpful (although they may not be applicable to you):
- Google: https://www.google.com/about/company/user-consent-policy.html & https://privacy.google.com/businesses/compliance/#?modal_active=none
- PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
- Facebook: https://www.facebook.com/business/gdpr
- Twitter: https://gdpr.twitter.com/en.html
- LinkedIn: https://www.linkedin.com/help/linkedin/answer/87080/linkedin-marketing-solutions-and-the-general-data-protection-regulation-gdpr-?lang=en
- Heart Internet: https://www.heartinternet.uk/blog/gdpr-and-heart-internet-frequently-asked-questions/
- Dropbox: https://www.dropbox.com/en_GB/security/GDPR
- MailBigFile: https://www.mailbigfile.com/securitypolicy/
- Campaign Monitor: https://www.campaignmonitor.com/trust/gdpr-compliance/
- British Telecom: https://www.productsandservices.bt.com/privacy-policy/
The information stored about your by Mears Websites is stored digitally, locally and within a password protected document and not saved within ‘the cloud’.
The Lawful Basis for Processing Your Personal Information
Under GDPR there are six justifications that businesses can have for recording and keeping your data: consent, contract, legal obligation, vital interests, public task and legitimate interests.
For Mears Websites, we comply with the ‘Contract’ and ‘Legal Obligation’.
You are welcome to read details at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ but in a nutshell, Mears Websites only record your details if you become a client i.e. have a contract with Mears Websites to provide services to you.
Mears Websites is then required by Law (https://www.gov.uk/running-a-limited-company/company-and-accounting-records) to keep your information used for Mears Websites accounting purposes on file for six years from the end of our last company financial year, or longer in certain circumstances.
You have the right to request that all information about that does not relate to Mears Websites accounts be deleted. Please see ‘Requesting the information Mears Websites has about you’ above to find out how to request the information Mears Websites has on file about you.
We do not work with children and do not hold any data on file relating to children.
In the event of a data breach, Mears Websites will notify all clients by email within 48 hours of becoming aware of the breach, detailing the extent.
If you have any questions relating to our GDPR Compliance or would like any further information, please email firstname.lastname@example.org or call Mears Websites on 01376 494456.
Links you may find helpful when preparing your own business for GDPR: