This data policy is written to help explain how the data we hold on you is collected and processed in accordance with the General Data Protection Regulation.
Permission to store data about you
The minimum age for us to process your data is 16 years of age. If you are under 18 years of age and require our services, we will need written permission from parent or guardian before you can purchase any products and/or services from us.
If you are under 18 years of age, we require a parent or guardian aged 18 or over to supply billing data on your behalf.
We will always inform and request permission from you before storing any data required.
We will state clearly how and what we are using the requested data for. In the case we request information through a third party platform, we will always show valid and clear identifiable details so you can be assured it is us collecting your data. A confirmation of all data requests will be made clear in writing. All data recorded will have a record of who created it, when it was created and last modified.
We will only keep your data for up to seven years after your relationship with us ends, unless we are required to keep it longer for judicial reasons.
Third parties’ use of your data
Any third party services that we use for purposes such as accounting or creating and distributing service update emails to our clients, will be regularly updated with your account information.
All data collected by third-party services on our behalf are subject to their own data policies.
Keeping your information up-to-date
It is your responsibility to keep your account information correct. If at any point your account information has changed, please inform us immediately, so we can update our records.
Any changes made to your account information will be amended by us on your behalf.
All data we have stored on you is stored for the purposes of communication of any kind in relation to our business, historic records and the collation of statistics. At any point, you can submit a written request for a copy of the data we have stored on you. Your data will be delivered in a format that is widely accessible on all devices within 30 days from the point of receiving the data request.
To prevent a digital data breach, where possible, we use two-factor authentication and strong passwords to access sensitive data throughout our services. We regularly back up our digital data to a secure password protected device. All stored passwords on our devices use encrypted cloud storage to synchronise passwords across multiple devices. All physical personal information is kept in a secured storage unit and can only be accessed by us.
In the event of a data breach, we will notify you immediately and carry out a full investigation to secure the data as quickly as possible. After an investigation, we will provide a report on what caused the breach and what will be done to prevent a breach occurring again.
Secure removal of data
Any data requests to destroy your information will be deleted from our systems securely using industry-standard methods such as erasing digital data permanently and cross-shredding printed information. Any information held by third-party services will be deleted in accordance with their policies.