- Our Aims Regarding Privacy and Data Protection Including GDPR
- Data Controller
- Data Protection Officer
- Relevant Legislation
- Personal Information We Collect and Why It is Collected
- How We Use Your Personal Data
- Cookies in Use on Our Website
- Links to Other Websites
- How We Store Your Personal Information
- Your Rights
- Third Parties
- Data Breaches
Our Aims Regarding Privacy and Data Protection Including GDPR
- We will never sell, rent or otherwise distribute or make public your personal information
- We will never send you spam
- We will only collect and process your data when necessary
- Your privacy and data protection are part of your human rights
- We will always look after the data and the people it represents
The data controller of this website, is Esthetig Ltd registered in England & Wales as a Private Limited Company, registration number 6112562, registered office Bethel, 26 Tan-y-Fron, Deganwy, Conwy, LL31 9YN.
Esthetig and Esthetig Web Design are operational names of Esthetig Ltd (referred to in the rest of this document as Esthetig).
Data Protection Officer
Mr Jonathan Roberts
Telephone: 01492 580572
Our business, internal computer systems and our website conforms to the following legislation regarding data protection and user privacy
- UK Data Protection Act 1988
- EU Data Protection Directive 1995
- EU General Data Protection Regulation 2018
As the above legislation is very strict and our website is compliant, it is likely to be compliant with many other country’s legislation. If you are unsure that this site is compliant with your own countries specific data protection and user privacy legislation you should contact our data protection officer for clarification.
Personal Information We Collect and Why It is Collected
Any personal information that you provide by filling in forms or making purchases on our website. This includes information provided at the time of registering an account, purchasing services from us or requesting further services. We may also ask you for information when you report a problem with our site or the services you have purchased.
If you contact us by letter or email, records of the correspondence may be kept. Telephone conversations may be recorded for training purposes.
Details of transactions you carry out through our site and of the fulfilment and administration of your orders.
We also record technical data such as your operating system, browser type, referring / exit pages and URLs, number of clicks, domain names and pages viewed in our server logs. This information is used for marketing and security purposes.
In the circumstances where we are acting as a data processor, we shall only act on the instructions of our customer as the data controller. If you provide us with personal data about a third party (for example when registering a domain on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
Like most website, this website uses Google Analytics to track visitor interaction. This data is used to determine the number of visitors to our website. This allows us to understand how they found our website and to see their path through our website.
Whilst Google Analytics records your geographical location, the type of device you have used and its operating system along with the browser you used, it does not identify you to GB Hosting. Your IP address is collected by Google, this could identify you but, Google does not give us access to this under any circumstance.
To stop Google Analytics from tracking your visit and any other data whilst you visit our website, disable cookies within your browser.
If you add a comment to any of our blog posts, the name and email address you use with your comments are saved to this website’s database along with your computer’s IP address together with the time and date you submitted the comment. This information is only used to identify you as a contributor to the blog post and is never passed on to any third-party. We only show your name and the date of your comment on the actual public blog post. If your email address is linked to a Gravatar account, your Gravatar photo will be displayed.
Your comments and personal data will remain on this website until we see fit to remove the comment or the linked blog post.
If you wish to have us remove the comment and your personal data, please email us at firstname.lastname@example.org using the email address that you used to make the comment.
If you are under the age of 16 you MUST always obtain consent from your parent or guardian before posting a comment on our blog.
We recommend that you should always avoid entering personally identifiable information to the actual comment field of any blog post you submit to our website.
Contact Forms Email Links
If you use the contact form on our contact page or an email link to contact us, of the data you supply is stored on this website or passed to any third-party for processing. The data is collated into an email and sent to us using the Simple Mail Transfer Protocol (SMTP).
All our SMTP servers are protected using TLS (or sometimes called SSL) using SHA-2 256-bit encryption before being sent across the internet, this email content is then decrypted by our local computer and devices.
If you Choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp and MailMunch who provide us with email marketing services. The email address you submit is not stored in this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s/MailMunch’s database for as long as we continue to use MailChimp’s/MailMunch’s services for email marketing or until you specifically request removal from this list. You can do this by unsubscribing using the unsubscribe link found at the bottom of our newsletters or by requesting removal by emailing email@example.com.
When requesting removal via email, please send your email to us using the email account that was used to subscribe to the mailing list.
If you are under the age of 16 you MUST always obtain consent from your parent or guardian before joining our email newsletter.
Whilst your email address remains within the MailChimp/MailMunch database, you will receive periodically (up to monthly) news emails from us.
How We Use Your Personal Data
- To register a customer account
- To process orders that you have placed with us
- To handle customer service and careers enquiries
- To ensure that content from our site is presented in the most effective manner for you and for your computer
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
- To carry out our obligations arising from any contracts entered-into between you and us
- To allow you to participate in interactive features of our service, when you choose to do so
- To notify you about changes to our service
- To carry out marketing and statistical analysis
For the avoidance of doubt, Esthetig will never sell your personal data to third parties.
Automatic decision making
We may use the information provided by you to perform automatic decisions about the acceptance of orders you place. This helps us combat fraud and abuse and this information never leaves our network.
Cookies in Use on Our Websites
Our cookies help us
- Make our website work as you’d expect
- Remember your settings during and between visits
- Offer you free services/content
- Improve the speed/security of the site
- Allow you to share pages with social networks like Facebook
- Continuously improve our website for you
- Make our marketing more efficient
- Remembering your search settings
- Remembering if we have already asked you certain questions (e.g. you declined to use our app or take a survey)
Third Party Cookies
Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube video. Social website cookies are used so you can easily “Like” or share our content on the likes of Facebook and Twitter we have included sharing buttons on our site. Disabling these cookies will likely break the functions offered by these third parties.
The privacy implications of this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
Anonymous visitor statistics cookies
Cookies are widely used in online advertising. Neither us, advertisers or our advertising partners can gain personally identifiable information from these cookies.
You can learn more about online advertising at https://www.youronlinechoices.com. You can opt-out of almost all advertising cookies at http://www.youronlinechoices.com/uk/your-ad-choices although we would prefer that you didn’t as ultimately adverts help keep much of the internet free. It is also worth noting that opting out of advertising cookies will not mean you won’t see adverts, just simply that they won’t be tailored to you any longer.
Turning cookies off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so, however, will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
It may be that your concerns around cookies relate to so-called “spyware”. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. Learn more about managing cookies with antispyware software.
Links to other websites
Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
How We Store Your Personal Information
When you submit a comment to one of our blog posts, some of your personal information will be stored on our website’s database. As our website is built on the WordPress platform how comments are stored is built into WordPress and, as such, it is stored in an identifiable fashion.
GDRP recently added the requirement of Pseudonymisation which many web application developers are currently working on. We will look to implement it on our website as soon as is possible.
Our Website’s Server
Our website is hosted in the United Kingdom on our own servers in a data centre within the Nottinghamshire area and within the European Economic Area. The following are some of our server’s security features.
• 24h 7days a week 365 day a year onsite Technicians
• Biometric Security, CCTV and firewalls
• Advanced Fire Protection
• Redundant Power Supplies, UPS and Generators
• Timeline Backups
• All traffic between this website and your browser is encrypted and delivered over HTTPS.
The personal data that we collect from you will be stored on our servers inside the European Economic Area (“EEA”). Occasionally, we may have to transfer personal data outside of the EEA. For example, domain registration data needs to be sent to our domain registrar outside of the EEA. By submitting your personal data, you agree to this transfer, storing or processing of data outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR and our data protection policies.
We only retain your personal data for as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
- Invoice data is kept for a minimum of 7 years as required under UK Law
- Log files are rotated every 12 weeks. However, anonymised data may be kept for longer
The infrastructure backups are kept for 12 months. Web Hosting data is kept for 30 days.
In the rare event backups containing personal information are restored post-deletion, We will make every reasonable effort to ensure data that has been forgotten is not inadvertently restored and ensure all traces of data are removed within a maximum period of 180 days unless additional retention obligations apply.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to object to our use of your personal data and request your personal data is erased where it is no longer necessary for us to retain such data. This is known as your right to be forgotten. Please note that there may be legal reasons as to why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly. You can make this request by completing the form on our Data Access Request Page.
- You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by following the Unsubscribe link at the bottom of any emails we send, contacting Customer Services or writing to us at Esthetig Ltd, Bethel, 26 Tan-y-Fron, Deganwy, Conwy, LL31 9YN
- The right to lodge a complaint with the Information Commissioners Office. Please see https://ico.org.uk/concerns/ for further information.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Google My Business,
and Google Plus)
Site analytics, targeting and exclusion from PPC advertising, purchasing data, reporting on anonymised data.
Sending email and email analytics. Signups for newsletters.
Contact form 7
Contact forms and contact form analytics.
Management of our servers.
Facebook, Twitter, & Instagram
Targeting and exclusion from PPC advertising, purchasing data.
Microsoft: Bing and Office 365
Site analytics, targeting and exclusion from PPC advertising, purchasing data.
We will always report any illegal breaches of this website’s database or the databases of the third parties we use to all relevant persons and authorities with 72 hours of the breach if it is apparent that the theft any personal data that can identify you have taken place.