Who we are
Our website address is: https://bycassia.co.uk.
Thank you for visiting our website. Your privacy is important to us. To better protect your privacy, we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used at this website and is in accordance with the EU General Data Protection Regulation (GDPR)
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.
Your privacy is important to us. We only use the information we collect about you carefully, lawfully and in accordance with the General Data Protection Regulation 2018.
What personal data we collect
Personal information that we’ll process in connection with all our services, if relevant, includes:
Personal and contact details, such as title, full name, email address, date of birth, contact details, address and contact details history
Records of your contact with us such as via phone or email, or if you get in touch with us online using our contact form
Products and services you have purchased from us, as well as have been interested in and have held and the associated payment methods used
Any information we collect about you will come either from yourself, any person who may have referred you to us, or from our advertising or social media platforms.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
You acknowledge that personal data that you submit through comments on blog posts or knowledge base articles may be available, via the internet, around the world and as such, we cannot prevent the use (or misuse) of such personal data by others.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Cookies
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies across our sites to help identify and track visitors, their usage of our services, and their website access preferences. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our websites, with the drawback that certain features may not function properly without the aid of cookies.
Analytics
We use Google Analytics for tracking visitors and aggregating information about the traffic to our websites. The Google Analytics privacy policy can be found here: https://policies.google.com/privacy. You can learn more about how to opt-out of tracking in Google Analytics here.
Who we share your data with
We may share information with the following third parties for the purposes listed below:
Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
Any other businesses that are needed in order to fulfil our services or products, such as suppliers or outsourcing companies
When you make any payment to us through the website, you must make that payment to us using PayPal. We do not collect or hold any card details ourselves. When submitting your payment information to PayPal, please note that PayPal has their own privacy policy for which we cannot accept any responsibility or liability. Before you submit any personal data to PayPal, we recommend you check out their privacy policy which can be found here –https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
We disclose potentially personally-identifying and personally-identifying information only to our employees, contractors and affiliated organizations that (i) need to know that information in order to process it on our behalf or to provide services, and (ii) that have agreed, in writing, not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using our websites and services, you consent to the transfer of such information to them. We will not rent or sell potentially personally-identifying and personally-identifying information to anyone.
We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.
How we may use your data
We use your personal data, including any of the personal data listed above, for the following legally defined purposes:
Where it is needed to provide you with our products or services, and/or fulfil our contract with you such as:
- Assessing an enquiry for a product or service, including considering whether or not a product or service is relevant to your needs.
- Managing products and services you have purchased from us
- All stages and activities relevant to managing the product or service including enquiry, administration and management of accounts
- To improve the operation of our business
Where it is in our legitimate interests to do so, such as:
- Managing your products and services relating to that and updating your records
- For management and audit of our business operations including accounting
- To keep records of our communications with you
- For market research and analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service.
To comply with our legal obligations
- Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
With your consent or explicit consent for some direct marketing communications
- We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them during signup or other interactions on our website.
- We may send you “system” emails, such as password reset requests or payment notifications/receipts even if you have not opted-in to email marketing lists.
- All marketing emails sent by us will include an unsubscribe link in the footer of the email. Emails sent to you may also include standard tracking, including open and click activities.
- We use the services of MailChimp for some of our email marketing. Mailchimp’s privacy policy is found here.
How long we retain your data
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations and accounts
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
- You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
- You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests.
Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR law. If we do hold information about you we will:
- Give you a description of it;
- Tell you why we are holding it;
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in an intelligible form.
You can contact us using the contact information below.
Where we send your data
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Contact information
If you have any queries or concerns at all, please do not hesitate to contact us – contact@bycassia.co.uk
Additional information
How we protect your data
The security and reliability of our business is our number one priority and we try to ensure that best practices are followed in everything that we do.
See wordpress.org/about/security for details on the security of the WordPress core itself.
Prevention is best when it comes to security, and as a first step, we follow all WordPress Code Standards in the websites and plugins that we build and use.
All staff only have access to systems that are directly required to complete the functions of their job.
All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes.
We only use third-party services that are fully vetted and adhere to the highest levels of privacy and security practices.
Storing your data
We may use third party tools to store your personal data and keep your information safe, such as a CRM System, cloud storage or email marketing software, as well as our own hard drives and data storage systems/
What data breach procedures we have in place
Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.