This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to Alterledger Ltd, Legal House, 101 Gorbals Street, Glasgow G5 9DW. Alternatively, you can phone 0141 443 4581.
What is the purpose of this notice?
To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR).
How do we collect information from you?
We obtain information about you when you use our website and when you email us or contact us using the contact form on the website.
What we need
Alterledger Ltd will be what’s known as the “Controller” of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). This does however include name, address, e-mail, telephone number, financial information and where you are client of Alterledger other personal information to allow us to perform the services under the contract.
What we do with it
We only ever use your personal data with your consent, or where it is necessary:
- to enter into, or perform, a contract with you
- to comply with a legal duty
- to protect your vital interests
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our websites
- to provide postal communications which we think will be of interest to you
- to determine the effectiveness of promotional campaigns and advertising.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
Where we keep it
We are based in the UK and we store our data on web servers which may be outside of the EU. Some organisations which provide services to us may transfer personal data outside of the EU, but we will only allow them to do if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected.
How long we keep it
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be six years after you cease to be a client of Alterledger.
How is your information used?
We may use your information to:
- respond to enquiries from the website contact form;
- process orders that you have submitted;
- to carry out our obligations arising from any contracts entered into by you and us;
- notify you of changes to our services;
- process a job application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Use of ‘cookies’
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Will your personal information be provided to third parties?
We do not sell your personal data or provide it to third parties for their direct marketing use. We may add your personal data to our CRM (Contact Relationship Management) database which we use to develop our relationship with current and prospective contacts.
We may share your personal information with third parties but only in the strictly limited circumstances set out below.
- We may supply your personal information to third parties (such as our internet service providers) who help us administer our website. These third parties must at all times provide the same levels of security for your personal information as Alterledger and, where required, are bound by a legal agreement to keep your personal information private, secure and to process it only on the specific instructions of Alterledger.
- We may also supply your personal information to government bodies and law enforcement agencies but only:
- if we are required to do so by the requirements of any applicable law;
- in our reasonable opinion, such action is reasonably necessary to comply with legal process;
- to respond to any legal claims or actions; or to protect the rights of Alterledger, its customers and the public.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you wish to raise a complaint on how we have handled your personal data, you can contact Adrian Skelton who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
Review of this Policy
We keep this Policy under review. This Policy was last updated on 9 May 2018.