Use of private information policy (GDPR)
Last updated: October 17, 2023
We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.
Who we are
The data protection officer in respect of this website is:
Orcadia Design Ltd.
Tel: 01856 480048
Email: [email protected]
Company number: SC473393
Your Personal Data
Personal data is data that can be used to identify an individual. For example, your name, email address, home address, and even IP address. We collect and process personal data in compliance with the General Data Protection Regulation and will never share it with third-party marketers or anyone else unless we are forced to by law.
How your personal data is collected on this website by us and by third parties
Our contact form and email
When you use our contact forms or email address to contact us, we require your name, email address, and telephone number in order to reply to you. When you click the submit button on the contact form, your message and contact details are sent to us via email and are stored in our email system Google Mail and Mailerlite.
Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you gave it to us directly.
What information we hold
- When you contact us by email or through our website, we collect your name, email address, phone number, website address, and the company you work for, if you’ve given us that.
- If you sign up for a newsletter, we collect your name and email address.
- If you do business with us, we also collect your business name and bank details and keep records of the invoices we send you and the payments you make.
- All payments are processed by Stripe and GoCardless and we never process card payments directly but will always use the above companies who are GDPR and PCI DSS compliant and value security above all else.
Where we store your information
When you contact us by email or through our website, we store your information in Google Workspac. If you sign up for a newsletter, we store your email address in Mailerlite, which is the marketing platform we prefer and from which you can unsubscribe at any time. When we do business, we store your information in our accounts software, Xero. We chose these systems partly for their commitment to security.
What we use your information for
We occasionally use your contact information to send you details about our products and services. When we do, you have the option to unsubscribe from these communications and we won’t send them to you again. We might also email or phone you about our products and services, but if you tell us not to, we won’t get in touch again. We will use your information to send you invoices, statements, or reminders.
Who’s responsible for your information at our company
Johanna Pieterman is responsible for the security of your information. You can contact her by email at [email protected] or by phone on 01856 480048 if you have any concerns about the information we store.
Who has access to information about you
When we store information in our own systems, only the people who need it have access. Our management team has access to everything you’ve provided, but individual employees have access to only what they need to do their job.
The steps we take to keep your information private
Where we store your information in third-party services, we restrict access only to people who need it. We store passwords in 1Password, an encrypted password manager, use a different, randomly generated password for each service, and never use the same password twice.
The computers we use are all protected by a passcode or fingerprint access. These computers ask for authentication whenever they’re started or after 5 minutes of inactivity. Our mobile devices are also protected by a fingerprint or facial recognition.
Mailing List Subscription
Should you wish to unsubscribe from our mailing list, you can do so at any time by clicking the “unsubscribe” link in any of the email campaigns you have received from us. Or, if you prefer, you can contact us to request that we unsubscribe you.
3rd Party Payments
Please note that we do not collect or process your credit or debit card details. These are, however, collected and processed by our payment processing service provider, Stripe Payments Europe, Ltd. (“Stripe”). Their terms and conditions govern the collection and processing by Stripe of your credit or debit card information and other personal data. See https://stripe.com/gb/privacy for more information. Stripe may, from time to time, provide us with information regarding the credits and debits made to your card in order to enable us to reconcile our accounts.
In accordance with UK and European law under the General Data Protection Regulation (GDPR), you have numerous rights in regards to the personal data we hold about you, including:
- Right to confirmation: you have the right to know if we hold personal data that concerns you
- Right to access: you have the right to view and to obtain a copy of any personal data we hold that concerns you
- Right to rectification: you have the right to the correction of any inaccuracies within the personal data we hold that concern you
- Right to Erasure: you have the right to have your personal data removed from our systems
Should you wish to exercise any of these rights, please contact us by email or by telephone.
How to complain
We take complaints very seriously. If you’ve got any reason to complain about the ways we handle your privacy, please contact Johanna Pieterman by email at [email protected] or by phone on 01856 480048. If you’re the letter-writing type, send your envelope to Orcadia Design Ltd, Meadowside, Dounby, Orkney, KW17 2HS.
Changes to the policy
If we change the contents of this policy, those changes will become effective the moment we publish them on our website.