This privacy policy explains how personal data is collected and used when you visit our website. It also explains how we process any data that you supply to us on this website, for example to request a quotation or to use our online services.

Stack Communications Ltd may change this policy from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes. This policy is effective from the 1^st May 2018.

Stack Communications Ltd is the Data Controller for any personal data that you supply to us as part of the services you are contracted to receive from us. As our client, you are our data subject.

---

What personal data we collect

The personal data collected depends on how you use our website: you can browse the website and you can fill in forms on the website to request information or quotations from us. The website collects personal data in order to provide these services.

We collect information about you when you visit our website or engage in business dealings with us.

What we do with your personal data

When you visit our website, a record of your visit is made. This data includes your device's IP address. That data is used completely anonymously, in order to determine the number of people who visit our website and the most frequently used sections of the site. This enables us to continually update and refine the website. If you use any forms on the website to send an email to us, a record will also be made of your name, email address and your telephone number.

The following table sets out how we handle your personal data and our legal basis for doing so under GDPR and the Data Protection Act 2018.

The following table sets out the categories of personal data that we obtain.

We may collect, hold, use and disclose the information collected to compile statistical data; maintain our database; develop and improve our website; respond to any email enquiries; notify you of any upcoming marketing, training or other events that you have opted in to; provide you with publications; manage systems administration and attend to compliance issues

Will we disclose your data?

We will not use or disclose your personal information for any other purpose which is not related to the above purposes without your consent unless otherwise authorised, required or permitted under the laws of England and Wales. We will never sell, distribute or lease your data to third parties.

If you no longer wish to receive information about our services, please send an email to our Data Protection and Compliance Officer (gdpr@stackagency.co.uk) advising that you do not wish to receive further information.

How long will we keep your personal data?

Personal data from our data subjects is retained in line with our data retention policy. We keep most data for 7 years, which covers the 6 years by law in which we have to keep certain information for a minimum of 6 years plus the current year. Personal data that is no longer necessary to be kept under our data retention policy will be deleted.

Your rights

You have the following rights in relation to personal data held on you:

• The right to be informed about how personal data is used – (this notice)
• The right to access a copy of personal data that we hold about you
• The right to rectification of any errors in personal data held by us
• The right to erasure of any personal data
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making including profiling

If you wish to learn more about these rights and how they operate, please visit the ICO's website https://ico.org.uk/for-the-public/.

Stack Communications Ltd does not operate any automated decision making systems.

You have a right to request a copy of the personal data that we hold about you. If you would like a copy of some or all of your personal data please email gdpr@stackagency.co.uk or write to us at Stack Communications Ltd, 46 Red Lane, Burton Green, Kenilworth, Warwickshire, CV8 1PA. Proof of your identity will be required for security purposes.

If you are unhappy with the response that you receive from us when you exercise your GDPR rights or Data Protection Act 2018 rights, you have the right to lodge a complaint to the ICO. More guidance about raising a complaint with us is available on the ICO's website https://ico.org.uk/for-the-public/raising-concerns/ and for raising a complaint with the ICO, more information is available on https://ico.org.uk/concerns/.

Other websites

Our website may contain links to other websites. This privacy policy only applies to this website [stackagency.co.uk]. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites since such websites are not governed by this privacy policy. You should exercise caution and review the privacy policy applicable to the website in question.

How to contact us

If you have any questions about our privacy policy or information we hold about you, please contact:

Stack Communications Ltd
46 Red Lane
Burton Green
Kenilworth
Warwickshire
CV8 1PA

Telephone: 01926 855526
Email: gdpr@stackagency.co.uk

Commitment

We are committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, the right to be forgotten and consent. In addition, we aim to ensure:

• transparency with regard to the use of data.
• that any processing is lawful, fair, transparent and necessary for a specific purpose.
• that data is accurate, kept up to date and removed when no longer necessary.
• that data is kept safely and securely.

Right to be forgotten

We recognise the right to erasure, also known as the right to be forgotten, laid down in the GDPR. Individuals should contact gdpr@stackagency.co.uk with requests for the deletion or removal of personal data. These requests will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include instances where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.

Subject access requests

We recognise that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although we reserve the right to charge a "reasonable fee" when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner's Office (ICO)). As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.

Privacy

We will implement data protection "by design and by default", as required by the GDPR. Safeguards will be built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm. Our privacy policy explains our lawful basis for processing individuals' data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO.

Data transfers outside the EU

We do not transfer personal data outside the EU.

Children

The GDPR provides for special protection for children's personal data and we will comply with the requirement to obtain parental or guardian consent for any data processing activity involving anyone under the age of 16. Systems have been introduced to verify individuals' ages.

Data loss

If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.

GDPR contact

Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to gdpr@stackagency.co.uk.

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of this website and compile reports for us on activity on the website. Google stores the information collected by the cookie on servers in the United States and the transfer of the data to servers in the USA is governed by the EU-US Privacy Shield framework. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. More information about Google's compliance with GDPR can be obtained from their website https://privacy.google.com/businesses/compliance.

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org.

You can set your web browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function fully as a result.

We use Google ReCAPTCHA on our website forms to help protect us from spam emails.

You can find Google ReCAPTCHA's terms here:
https://www.google.com/intl/en/policies/terms/

You can find Google ReCAPTCHA's privacy policy here:
https://www.google.com/intl/en/policies/privacy/