Privacy and data protection policy
Contents
- Introduction
- About Us
- Business and website
- Collection of personal data
- Lawful bases for the processing of personal data
- Storage of personal data
- Security measures
- Your rights as a data subject
- Complaints
Introduction
Thank you for trusting us with some information about you. I take that trust seriously and I want you to know how I collect, use and protect your personal data and why. I also explain what rights you have with regards to your personal data and how you can exercise them.
If you have queries about how I use your data, or comments or questions about this policy, please do email me.
This policy is kept under regular review and it may be updated from time to time. Please come back here to check the latest version.
About Us
Blue Skies Virtual Assistant is owned by Melanie Fowler who is based in St Albans, Hertfordshire and she determines what data is collected, how it is used and protected.
Your privacy is important and I am responsible for ensuring that the key principles below are met.
• I ensure that your data is processed lawfully, fairly and in a transparent manner
• I only collect your data for specified, explicit and legitimate purposes
• I only keep your data if it is adequate, relevant and limit it to what is necessary
• I ensure that, wherever possible, your data is accurate and properly maintained
• I keep your data for only as long as necessary
• I ensure that your data is protected and handled securely
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email me at [email protected]
I only collect information about you if I have a reason to do so; for example, to provide my services, to communicate with you, or to improve my service. This privacy and data protection policy covers this information as follows:
• Having personal communications with you via various forms of electronic messaging, emails, voice and video communication or face
to face
• Out of contractual necessity so that I can provide products or services to you
• From any third party with whom you have agreed for them to share your data with me; for example, your accountant
I use third party organisations as below:
- Online file sharing system;
- Website hosting company
Business and website
The following business and website are covered by this privacy and data protection policy:
Blue Skies Virtual Assistant
www.blueskiesva.com
You can visit and read our website without providing any personal information.
In order to answer certain requests which you may make I request certain information from you (such as when asking you to complete the contact us form) and collect certain information automatically.
This privacy statement covers personal data that is collected through my website, by telephone, by email, postal mail and through any related social media applications.
Information We Process
We only process the details below that you send us via our contact form:
- Your name;
- Your email address;
- Message you send
We do not collect any sensitive information.
Personal Information
I do not collect any personal information from visitors who simply visit the website.
Data We Store on Our Website
Data that you enter in the contact us form on the website is saved on the website server and a copy of your request is emailed to me.
Technical Information
In addition to the information described above, I may collect other information as follows:
- Internet Protocol (“IP”) addresses - which may consist of a static or dynamic IP address and will sometimes point to a specific identifiable computer or device;
- Web browser type, version and language;
- Referring and exit (web) pages and URLs;
- Date and time;
- The pages of our website that you visit;
- The time spent on those pages and other statistics;
- Information about your device, operating system and version, carrier and country location, hardware and processor information, network type, and similar data.
Cookies
My website may use cookies in order to deliver a better experience for you. Cookies are files with small amounts of data that a website stores on your computer or mobile device’s hard drive so that certain information about your visit and web-browsing preferences will be recognized upon a return visit.
Cookies commonly serve functions such as “remembering” log-in names (and sometimes passwords) or enabling or saving shopping basket contents.
Like many websites, mine may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us improve the experience you have with our website. Most web browsers have a function that allows you to delete existing cookies on your device or you can set your browser options so that your device does not receive or accept cookies. Doing this may interfere with your ability to use my website.
Your browser does not need to accept cookies in order for you to view my website. However, the functionality of my website is improved if your browser is set to accept cookies. Cookies stored by this website do not contain any personally identifiable information.
The use of certain third-party services can improve what my website provides to visitors, for example by allowing them to share content from my website via mainstream social networks such as LinkedIn. They can also allow me to understand how my website visitors use my website; for example, by seeing what pages are popular and how users navigate our website, so that I can tailor the website to customer needs.
I may also sometimes share links from third-party websites. When you visit a page containing such
content, you may be presented with cookies from these websites. However, once you have used these links to leave the site, I do not have any control over that other website. As a result, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting those other sites and those sites are not governed by this privacy and data protection policy. You should exercise look at the privacy statement applicable to the website in question.
Collection of personal data
Most of the personal information I process is provided to me directly by you for one of the following reasons:
- You have made an enquiry to me.
- You have signed a contract with me for our services.
- You have made a complaint to me.
- You are representing your organisation.
I collect personal data from you for one or more of the following purposes:
- To provide you with information that you have requested or which I think may be relevant to a subject in which you have demonstrated an interest;
- To carry out business transactions with you, or the business that you represent, for the purchase of products and/or services;
- To fulfill a contract that we have entered into with you or with the business that you represent;
- To ensure the security and safe operation of my website and underlying business infrastructure, and
- To manage any communication between you and me.
The table in section “Lawful Bases” provides more detail about the data that I collect for each of these purposes, the lawful basis for doing so, and the period for which I will retain each type of data.
It is important that the personal data that I hold about you is accurate and current. Please keep me informed if your personal data changes during your relationship with me.
In addition, and in order to ensure that each visitor to any of my website can use and navigate the site effectively, I may collect the following:
- Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
- Your login information, browser type and version, time zone setting, browser plug-in types and versions;
- Operating system and platform;
- Information about your visit, including the Uniform Resource Locators (URL) clickstream to, through, and from my website.
In section “Your rights” below, I identify your rights in respect of the personal data that I collect and describe how you can exercise those rights.
Lawful bases for the processing of personal data
The table below describes the various forms of personal data I collect and the lawful bases for processing this data. A number of data elements are collected for multiple purposes, as the table below shows. Some data may be shared with third parties and, where this happens, this is also identified.
.
As part of my standard operations in running our business, the table below defines how and why I plan to use your personal data.
Purpose/Activity Type of data Lawful basis for processing Retention period
Receive enquiries and are contacted
(via various methods) Contact Determine the service and Maximum 7 years from the end-date
order information products required by you of the performance of the contract.
To communicate and get agreement
on services we provide to you Email Necessary for the legitimate Ditto
order information interests of running my business,
provision of services
Receive payment for our services
Contact To enable us to receive payment for Ditto
email our services
financial information
Perform our services Contact To enable us to perform and deliver Ditto
email or our services
other logins
passwords
Deliver our services and products Contact To enable us to deliver our services Ditto
Alternative contact and products to you including courier
information information and alternative addresses
Transaction information Documentation for Statutory obligation or Ditto
Protect our business interests legal, accounting and legitimate interest
taxation purposes or
should any Shared with professional
contractual legal advisers as necessary
claim arise
Storage of personal data
Blue Skies Virtual Assistant is a UK organisation. Our payment processors and banking arrangements are based in the UK. If you pay us by BACS or direct transfer, I know only what the bank tells me, which is usually the name of the person who paid us, the amount and the reference number. I do not routinely keep credit scores nor use credit reference agencies.
Like most small businesses, I do not have any tailor-made software – I use mainstream packages for everything from my customer records, to email, to accounting.
This means that some of your data may be held in the EU, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. I have picked mainstream suppliers with appropriate security standards.
I operate a data retention policy in respect of all data, whether paper-based or digital and those aspects of it which relate to personal data are contained in the table above. I need to keep customer information long enough to satisfy HMRC and legal requirements and my professional advisers.
If I email you individually using my own email system or respond to an email sent to me at any of my email addresses, a copy of that email will also be stored.
When I are processing data about or to you to or to or from one of your clients (for example by using one of your own email addresses), I are operating under the banner of your data privacy and data protection policy. I will refer any data enquiry from them to you, as you are the ‘data controller’ responsible for dealing with the query and will offer reasonable assistance to you in responding.
Under certain circumstances I may be obligated or compelled to disclose information:
- When required by law, court order, or other government or law enforcement authority or regulatory agency;
- Whenever I believe that disclosing such information is necessary or advisable to protect the rights, property or safety of the business or others.
I do not sell or share your personal data with organisations who may want to sell you something or use your data for research or other purposes.
Security measures
The security of your personal information is important to us but please remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. I use standard industry practices with our services providers, which I consider is appropriate to the sensitivity of the information involved, but I cannot guarantee its absolute security.
As I work with third-party businesses and vendors in various aspects of my business including operating my website, website security, etc., I cannot guarantee the absolute security of my databases, nor can I guarantee that the information you supply will not be intercepted while being transmitted to and from me over the internet. In particular, e-mail sent to or from the website may not be secure, and you should therefore take special care in deciding what information you send to me via email, text or Whatsapp etc.
I do not have any control over what happens between your device and the boundary of my information infrastructure. You should be aware of the many information security risks that exist and that you should take appropriate steps to safeguard your own information.
I accept no liability in respect of breaches that occur beyond my control.
Your rights as a data subject
As a data subject whose personal information I hold, you have certain rights. If you wish to exercise any of these rights, please email me at [email protected]
In order to process your request, I will contact you and ask you to provide two valid forms of identification for verification purposes.
You are not required to pay any charge for exercising your rights. I have one month to respond to you.
I will inform you if answering requests is likely to require additional time or incurs unreasonable expense (which you may have to meet). I will explain if there are exceptional circumstances that mean I can refuse to provide the information. I reserve the right to refuse requests that are frivolous or vexatious.
Your rights are as follows:
- Your right to be informed
- Your right of access
- Your right to rectification
- Your right to erasure (to be forgotten)
- Your right to restriction of processing
- Your right to object to processing
- Your right to data portability
Please email me at [email protected] if you wish to make a request.
Complaints
Should you wish to discuss a complaint, please feel free to contact me using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with my handling of your data, or about any complaint that you have made to me about my handling of your data, you are entitled to complain to the Information Commissioner’s Office (ICO). Its contact information can be found at https://ico.org.uk/global/contact-us/.
February 2019