Privacy & GDPR Policy
Who are we?
YP SOLUTIONS LTD. is a privately-owned limited company, providing website design and digital marketing services to the public and private and public organisations. We reinvest majority of our profits back into the business to ensure that we can continue to deliver high-quality services to the service user.
1 Who’s in control?
2 What data do we collect and where from?
2.1 We collect some data directly from you when you become a customer. This data includes the following:
2.1.1 your full name, your mobile and landline numbers;
2.1.2 your postal address, email address;
3 What do we use your data for?
3.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the sole purposes for which we process personal data and which types of personal data we need for each purpose.
3.2 Managing your account and providing you with our services
3.3 We use your information for clerical and administration of business and service purposes only.
4 Marketing and advertising
We will not use your details for marketing and advertising purposes. This will include sending you personalised advertisements that use your first name in the advertisement.
YP SOLUTIONS LTD. captures and copies files in relation to business related activity annually. To electronically archive data that is to be solely of audit for taxation purposes and to use this data in the future for internal purposes.
We periodically review the data that we keep in our archive and we will delete or anonymise your data held in the archive where we consider it is no longer of purpose.
6 What is our legal basis for using your data?
Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to the purpose set out above.
We use your information for clerical, administration, and transaction of business and service purposes only.
7 Freedom of information
7.1 We are required under the Freedom of Information Act 2000 to provide certain information in response to Freedom of Information requests. You can make a request by emailing email@example.com. In order to respond to requests, we will need to collect your name, address, email address, phone number and information about your request, including any additional personal data you choose to share with us when you make your request. We will use this personal data to respond to your request and will retain it for administrative purposes in line with the section headed How long do we keep your data for? below.
8 Who do we share your data with?
8.1 We do not share your personal data with third parties in bar in circumstances as per below. This includes where we use third party suppliers to perform various services for us.
9 How long do we keep your data for?
9.1 We will keep all your personal data for as long as your custom remains open. You can cease your custom at any time by notifying us in writing.
10 What rights do you have?
10.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
10.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case, we will let you know as soon as we can and explain why we need to take longer to respond.
11 Web and E-mail Servers
11.1 All of our web and e-mail servers are UK based managed by reputable data centre service providers. We review our server suppliers and ensure they handle all data with the utmost care and take appropriate steps in compliance with data protection regulation to ensure it is kept safe.
11.2 Below are the policies in place by our web and e-mail server suppliers to meet data protection regulations:
- All data on servers are stored behind state of the art firewalls managed by our security team.
- All data is access controlled to ISO27001 standards.
- All systems storing personal data have access logging.
- All passwords are encoded at rest.
- All systems are subject to regular penetration testing and are monitored for vulnerabilities and attacks.
11.3 All data including emails are backed up onto a remote backup server daily. The backup servers also meet the same policies as outlined in 11.2.
11.4 Backup and restore of data is encrypted during the transmission process.
12 Internal IT Policy
12.1 Individual hosting and email access details are stored on a password protected internal server and limited access provided to staff
12.2 No sensitive data such as passwords can be emailed by staff to any other email account except to the owned (website/email owner) through an encrypted connection (SSL SMTP)
12.3 USB devices can not be connected to transfer data – this is to avoid any sensitive data to be transferred externally
12.4 No users have remote access to the internal server and no remote work is carried out on any hosted accounts
12.5 We encourage and provide facility for website admin and email account login details to be changed regularly by the owner
YP SOLUTIONS LTD. is committed to protecting your personal information, being transparent about what data we hold and giving you control over how we use it.
- To help us effectiveness in the transaction of our business.
- We are clear on what data we hold and what we do with it.
- You control the data we hold on you.
You can ask us to close your custom at any time. We will delete your information (such as your name, email address, date of birth and postal address, BACS details, and languages offered and requested) securely and swiftly. We will have in place appropriate security measures to protect your information from unauthorised access.
Compliance with laws and your rights
There are various laws and regulations which apply to data protection and data privacy including the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and 2011 (as may be updated or amended from time to time). Broadly, the laws require that:
- you agree to your data being collected and used;
- no more information than is required is asked of you;
iii. your personal information must be securely kept to prevent unauthorised access;
- you have a right to know what information an organisation holds about you;
- your personal information must be deleted when it is no longer required; and vi. information about your internet use must be protected even where the information being collected is not personally identifiable.
At YP SOLUTIONS LTD., we make sure we stick to these data protection and e-privacy laws. As mentioned above, information about the laws, and your rights, can be found on the ICO’s website – www.ico.org.uk
What information will YP SOLUTIONS LTD. collect about me?
YP SOLUTIONS LTD. may collect and hold the following information about you:
- your full name, your mobile and landline numbers;
your postal address and email address;
How will we use this information?
We use your information for clerical, administration, and transaction of business and service purposes only.
What about spam?
We will not send you any unsolicited marketing. We will only send you emails or other messages where this is related to the transaction of business only.
How can I access and update my personal information?
You can update some of your personal information by emailing us or writing to us at firstname.lastname@example.org
Will YP SOLUTIONS LTD. share my information with anyone else?
YP SOLUTIONS LTD. commits to keeping your personal information confidential save that we:
We will keep your information only for as long as it is relevant and useful for the purpose for which it was originally collected.
If you cease your custom, your personal information (i.e. the information you gave us when you registered, such as your email address) will be deleted promptly, which means that all other information we might hold about you will be deleted.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Unfortunately, the sending of information via the internet is not completely secure. Although we will do our utmost to protect your information, we cannot guarantee the security of your data sent via conventional post/mail; any sending of information is therefore at your own risk.
How do I contact YP SOLUTIONS LTD. if have a question about privacy issues?
If you have any questions or concerns about privacy issues, you can use the form on our website ‘Contact us’ page which can be found here – www.y-p.uk/contact-us/
Access to your information
If you would like to know what personal information YP SOLUTIONS LTD. holds about you, you may make a request to YP SOLUTIONS LTD. for copies of this information. You should be aware that we will need to see proof of identity before processing any such request (known as a ‘subject access request’) and may charge an administration fee of up to £10 (excl. VAT) to cover our costs in providing you with this information.
All subject access requests should be made in writing and addressed to YP Solutions Ltd., Business Development Centre, Eanam Old Road, Eanam Wharf, Blackburn, BB1 5BL, UK.
Your rights under GDPR
Under GDPR (General Data Protection regulation) you have a number of rights relating to your personal data, these will come into force on the 25th May 2018, for further information please see https://ico.org.uk
Right to Restrict Processing
You have the right to request we restrict processing of your personal data where there is no legitimate interest for us to do so:
- Where the accuracy of the personal data is contested, to restrict the processing until such time as the accuracy has been sufficiently verified.
- Where you object to the processing (See Right to Object), and where we are considering whether there are legitimate grounds to override the request.
- When processing is unlawful and you oppose erasure and request restriction instead.
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
You can exercise the right at any time by contacting our team (see www.y-p.uk/contact-us/).
Right of Access (Access to Information)
The GDPR Act gives you the right to access information held about you.
You can exercise this right by contacting us (see www.y-p.uk/contact-us/).
We are required to verify your identify before processing any right to access request, once verified the data shall be provided within 28 days.
The data shall be provided free of charge however an admin fee may be applied where a request is manifestly unfounded or excessive, particularly if it is repetitive.
Right to Erasure (Also known as the right to be forgotten)
As an individual you have the right to request the erasure of any data we hold on you, this is not an absolute right, for example it does not override our requirement under UK law to keep financial data such as invoice information.
You can make a request where your personal data is no longer necessary in relation to the purpose for which it was originally collected/processed, for example if you cancel all services you have with us.
To make a right to erasure request please contact our customer services team (see www.y-p.uk/contact-us/).
Right to Rectification
The GDPR provides the right to have any personal data rectified that may be incorrect or incomplete.
Customers can update their own personal details via the client area however if this is not sufficient please contact our customer services team (See www.y-p.uk/contact-us/).
Right to Object
You have the right to object to the processing of your personal data where there is no legitimate or lawful reason to do so.
To make a right to object request please contact our customer services team (see www.y-p.uk/contact-us/).
Changes to this policy