GDPR and Data Processing Policy
- DPO: Kevin Groves
- Registered Office: BesBox Ltd, 31 Albert Road, Dover, Kent, CT16 1RD
- Company No: Registered in the UK, No. 11858692
- Phone: 07900 230783
- E-mail: firstname.lastname@example.org
What type of information we have
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Order address information.
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- For making payments
- Providing you with statistics and audit trails of your activities
We also receive personal information indirectly, from the following sources in the following scenarios:
- Our payment provider, Stripe provide us with contact details as part of the payment process. They do not however, provide us with any credit/debit card information.
- Web logs with your IP address, so that we can monitor that the service is working and to combat abuse/attacks.
- Cookies, which are little items of identification of your browser are commonly used to track that you are logged into a website. All sites use them, this one does too for user logins. Most modern browsers can prevent cookies from being used, and you are welcome to use them.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- (a) Your consent. You are able to remove your consent at any time either by visiting your profile and unchecking the applicable options such as notifications and reminders. You can also do this by contacting email@example.com.
- (b) We have a contractual obligation.
- (c) We have a legal obligation for accounting purposes (regarding payments).
What we do with the information we have
We use the information that you have given us in order to process payments in line with UK law and to provide you a service, and we share this information with no other companies or organisations unless required under law to do so.
This system was founded on the concern of big business holding too much power over our data, therefore we do value the importance of security and privacy and only request, hold and process what we absolutely have to have. This concern also extends to gathering metrics and for that we use Google Analytics on this site.
How we store your information
Your information is securely stored on servers based in the UK by Digital Ocean. We keep only data that you decide to retain for as long as you require it. We will then dispose your information immediately should you choose to purge activities. They will of course remain for a time on backups retained for service recovery. Other information such as payments made will be retained for several years as required for accounting purposes.
Passwords are hashed and encrypted. Some checks are made to ensure you don’t use dumb passwords, however such systems are not perfect. Good password practices should be used at all times. i.e.
- Never reuse passwords across systems.
- Use good long (longer then eight characters), mixing numbers, letters, symbols. If at all possible use phrases to aid memory.
- Use a password manager and don’t write them down, or store them in the clear elsewhere.
Good digital security practice is to put as minimal data on the Internet as possible (this is a practice I personally use). There are many guides to safe digital usage and I encourage thinking carefully no matter what system you interact with! Feel free to make contact if you want any further advice.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113