WebMagspace (“our”, “us” and “we”) has created this Privacy Notice in order to demonstrate our commitment to your privacy. This Privacy Notice forms part of our Website Conditions of Use (see above) and explains our data collection and use practices. By using or accessing the Website located at www.www.webmagspace.com (the “Website”), you signify your assent to our Privacy Notice. If you do not agree to this Privacy Notice you may not access or otherwise use the Website.
Personal and Non-Personal Information: When using the Website, you may be asked to provide, or you may choose to provide us with or upload, certain personally identifiable information about yourself (“Personal Information”), including but not limited to, your name, company name, e-mail address, physical address and telephone number.
We may also collect non-personally identifiable information, such as IP host address, pages viewed, browser type and other data, and may aggregate any information collected in a manner which does not identify any individual (“Aggregate Information”).
Purposes of processing:
- We may use Personal Information for marketing purposes and for the purposes of communicating with you about WebMagspace and its offerings, events and services.
- We may use Aggregate Information to improve and enhance the Website, analyse trends, administer the Website and for our market research activities. For example, we may share Aggregate Information with unaffiliated third parties, such as business partners, in an aggregate, anonymous form, which means that the shared information will not contain nor be linked to any Personal Information.
Lawful basis of processing: The lawful basis of processing is that the processing is necessary for the purposes of the legitimate interests pursued by WebMagspace, including the conduct of direct marketing activities relating to our business activities, and the efficient management of WebMagspace’s relationships with its customers, prospective customers, suppliers, shareholders, staff or other stakeholders.
Recipients of the personal data:
- Unless disclosed otherwise at the time of collection, we do not share any Personal Information you submit through our Website with any unaffiliated third party, unless it is necessary to respond to your inquiry, or to comply with applicable law.
- We will never sell your Personal Information to any third party not affiliated with us without your consent except in connection with the sale or merger of our company or the division responsible for such services.
- Please note that we reserve the right to access and/or disclose Personal Information and non-personal information we gather as required by courts or administrative agencies and to the extent required to permit us to investigate suspected fraud, harassment or other violations of any law, rule or regulation, the Website rules or policies, or the rights of third parties or to investigate any suspected conduct which we deem improper.
Location of the personal data: The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA, who work for us or for one of our service providers. Such staff may be engaged in, among other things, the fulfilment of orders, the processing of payment details and the provision of marketing services. Where such transfers are made, they will be subject either to the EU Model Clauses that are applicable to Controller-Controller or Controller-Processor transfers (as applicable) or to another form of contract with the relevant controller or processor that provides for appropriate and suitable safeguards. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
Duration of processing: We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The appropriate retention period for any given type of personal data depends on a range of factors, including the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which it was collected, and the applicable legal requirements.
Data subject rights: You have the following rights as a data subject, by reason of the General Data Protection Regulation:
- The right to request access to the personal data that we hold about you (also known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- The right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- The right to request erasure of the personal data that we hold about you (also known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- The right to request restriction of processing about you. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to object to processing. Where we are processing your personal data solely on the grounds that there is a legitimate interest to do so, and there is something about your particular situation which makes you want to object to processing on this ground, then this enables you to challenge the processing. You also have the right to object where we are processing your personal information for direct marketing purposes.
- The right to data portability. This enables you to ask us to transfer your personal information to another party in certain circumstances.
- Where our processing of personal data is based on your having given consent, you also have the right as a data subject to withdraw that consent at any time.
- You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Office of the Information Commissioner, full contact details for which can be found at https://ico.org.uk/global/contact-us/
If you wish to invoke any of the above rights, please contact us using the details at the end of this Privacy Notice.
Automated decision-making (including profiling): We do not undertake any automated decision-making in respect of personal data obtained through the Website from data subjects.
Plans for further processing: We have no plans to process personal data for reasons other than the reason for which the data was originally collected.
Security: The security of your Personal Information is very important to us. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us, or information stored on the Website or our servers, will be free from unauthorized access by third parties such as hackers and your use of the Website demonstrates your assumption of this risk.
Other websites: Our Website may contain links to other Websites not maintained by us. Other Websites may also reference or link to our Website. We recommend that when you leave our Website you read the privacy statements of each Website that you visit. We are not responsible for the privacy practices or the content of such other Websites.
Communications with us: We may use email to communicate with you, to send information that you have requested or to send information about other products or services developed or provided by us, provided that, we will not give your email address to another party to promote their products or services directly to you.
GDPR Compliance Statement
- PURPOSE OF THIS STATEMENT
The General Data Protection Regulation (GDPR) comes into force in the United Kingdom and Europe on 25th May 2018, and represents a significant overhaul of data protection law. It strengthens the rights of data subjects in relation to the uses that governments, businesses and other organisations can make of their personal data, and imposes new legal obligations on those organisations about how they hold and process personal data relating to their staff, customers, suppliers and other stakeholders.
WebMagspace Limited (“WebMagspace”) takes privacy very seriously, and has undertaken an extensive GDPR-readiness programme using both GDPR-trained internal resources and specialist external advisers. The purpose of this statement is to inform our clients about the steps that we have been taking by way of preparation.
- INFORMATION AND SECURITY AUDIT
WebMagspace has undertaken an internal data-mapping exercise, in order to ascertain exactly what kinds of personal data we hold, the sources from which it is obtained, and how it is used. We have also undertaken a security audit to ensure that, where we hold and process personal data, there are appropriate technical and organisational measures in place to ensure that the data is protected. Our findings have been documented in order to help us comply with the GDPR’s accountability requirement.
- LAWFUL BASIS OF PROCESSING
The GDPR states that the processing of personal data is only lawful if it is done under one of the defined “lawful bases”: these include, for example, that the data subject has given consent to the processing, that the processing is necessary for the performance of a contract with the data subject, or that the processing is necessary for the purposes of the organisation’s “legitimate interests”.
On the basis of the output from the information audit, WebMagspace has identified an appropriate lawful basis for each kind of processing that we undertake, and these are documented in our privacy notices.
- PRIVACY NOTICES
Our privacy notices have been updated to ensure that data subjects are properly informed about all the details that GDPR requires us to notify them about, such as the identity and contact details of WebMagspace as the controller of the personal data; the contact details for the person responsible for data protection within the organisation; the purposes of the processing, and the lawful basis for it; the “legitimate interests”, where this is the lawful basis of processing on which we are relying; and the existence of the data subject’s right (a) to request access to the personal data, (b) to request rectification or erasure of personal data, (c) to request that the processing is restricted, (d) to object to the processing and (e) to data portability.
- INTERNAL POLICIES AND PROCEDURES
- Subject access requests
- Requests from data subjects to exercise their other rights under the GDPR, such as the “right to be forgotten” and the right to have inaccurate data rectified
- Personal data breach incidents
- Objections to direct marketing.
- CLIENT AGREEMENTS
We have developed a Data Protection Addendum to our standard terms of engagement, that addresses the GDPR’s requirements about contracts between data controllers and data processors where we are handling personal data on behalf of a client. In summary, the Addendum provides that:
- WebMagspace will only process the personal data on the client’s written instructions;
- WebMagspace will ensure that all personnel with access to the personal data treat it in confidence;
- WebMagspace will put in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing, and against accidental loss, destruction or damage;
- WebMagspace will not engage a subcontractor as a third-party processor of the personal data without the client’s approval;
- WebMagspace will assist the client in responding to requests from data subjects and in ensuring compliance with certain of the client’s other obligations under data protection law;
- WebMagspace will delete or return personal data on termination of the relevant engagement;
- WebMagspace will keep complete and accurate records and information to demonstrate its compliance, and allow for audits by the client or its representatives;
- WebMagspace will inform the client if an instruction infringes data protection law; and
- WebMagspace will not transfer any personal data outside the European Economic Area unless (a) the client’s prior written consent has been obtained, and (b) appropriate safeguards have been put in place for the personal data.
The inclusion of this Addendum means that our clients can be assured that, if WebMagspace processes personal data on their behalf, it is being done on the basis of a contract that meets those requirements.
- THIRD PARTY PROCESSORS
We will do our best to ensure that with effect from 25th May 2018, our contracts with any third party companies that process personal data on our behalf include the relevant controller-processor clauses.
- STAFF TRAINING
We have put in place data protection awareness training for all staff. This includes training about the GDPR’s data protection principles and other key aspects of data protection law as it relates to WebMagspace’s business, and as a minimum some essential “do’s and don’ts” in relation to the obtaining, processing and sharing of personal data. Staff need to be aware of the importance of respecting personal data, and of their own responsibilities in this regard.
Updated: May 2018
Contact: If you have any questions about this Privacy Notice please contact: firstname.lastname@example.org