Privacy Policy

KWD IT are fully committed to complying with the General Data Protection Regulation (GDPR) enforceable by 25th May 2018. This privacy policy outlines how we use personal information we collect about you when you use this website and our services.

Last Updated: 31st August 2022

Table of Contents

• Who we are
• What personal data we collect and why we collect it
• Who we share your data with
• How long we retain your data
• What rights you have over your data
• Where we send your data
• Our contact information
• Additional information
• How we protect your data
• What data breach procedures we have in place

Who we are

Website: www.kwd-it.co.uk
Company Name: KWD IT
Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR
Telephone: 07792 845959
Email: [email protected]
Company Number: 8170985

What personal data we collect and why we collect it

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Subscribe Form

If you complete our Subscribe Form, the information entered will be emailed to us and stored in our website database. You will not be able to complete the form, without giving consent for the submitted data to be collected and stored. We will only use the email you provide to share information with you. You can change your mind at any time by clicking the unsubscribe link in the email you receive from us. We use MailChimp as our marketing automation platform. By submitting our form, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

The Gravity Forms plugin used for our Subscribe form may also record your IP Address and User Agent information, which helps identify you and can assist with preventing SPAM.

Online Orders

We collect information about you during the checkout process on our store.

While you visit our site, we’ll track:

• Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
• Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
• Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our store
• Comply with any legal obligations we have, such as calculating taxes
• Improve our store offerings
• Send you marketing messages, if you choose to receive them
• If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

MailChimp integrates with our checkout process and will keep a record of your email and the basket contents. This record is kept to repopulate the contents of your basket if you switch devices or need to come back another day. Read our privacy policy here.

We will also store comments or reviews, if you choose to leave them.

Analytics

By using our website and accepting our cookies, we will record information that is used to track your activity on our website via Google Analytics. This includes your IP Address and User Agent information.

You can opt out of our Google Analytics tracking, by clicking here and using the “Change your consent” or “Withdraw your consent” options.

You can view Google’s Privacy Policy here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Stripe

We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Please see the Stripe Privacy Policy for more details.

Plugin Developers

Our website uses third-party plugins to provide additional functionality. If any issues occur with these third-party plugins, the developers need logins to the administration area of our website, so that they can diagnose and fix the problem. Once the issue has been resolved, their access is revoked.

How long we retain your data

Online Orders

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

MailChimp will keep a record of your email and the basket contents for up to 30 days. Read their privacy policy here.

Analytics

We have configured our Google Analytics account to clean up personal data after a 26 month period.

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Ensuring accuracy of information, you can also request corrections. For large/excessive data requests we may charge a small fee.

Where we send your data

We use Digital Ocean Spaces to take daily backups of our website. Each backup is automatically deleted after 7 days. To find out more about how Digital Ocean handles our data, please click here.

Our contact information

If you have any privacy-specific concerns, you can contact Kirk Johnston using any of the following methods… 
Email: [email protected] 
Telephone: 07792 845959  
Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR

Additional information

As part of the services that we provide, we are given a variety of login details. Examples of the login details that we are given are:

• Web Hosting Control Panels
• Domain / DNS Management
• FTP / Database Access
• Content Management Systems (E.G. WordPress / Shopify etc)
• eBay
• Payments Gateways (E.G. Stripe / PayPal)
• Email Accounts
• Social Media Accounts (E.G. Facebook / Twitter / Instagram / LinkedIn etc)
• Google Services (E.G. Analytics / AdWords / YouTube / Search Console etc)
• Email Marketing Accounts (E.G. MailChimp / Constant Contact etc)

We store all of this information using a Password Safe, which is protected by an extremely secure password.

How we protect your data

The following information lists the steps that we take to help protect your data:

• Our website is always using the latest version of WordPress and Plugins.
• We deactivate and remove any plugins no longer used and only have our active theme installed.
• We use the Limit Login Attempts Reloaded plugin to help prevent unwanted access to our website.
• We ensure that we don’t have any more than the required amount of accounts, that can gain access to our website.
• Each team member has a unique login and server logs allows us to track each users activity.
• Our website uses an SSL Certificate to encrypt the information sent between your device and our web server.
• Our server has a Firewall to help keep out unwanted visitors.
• Our computers are all protected using strong passwords.
• Any personal information that leaves our office on portable devices, is thoroughly encrypted.

What data breach procedures we have in place

If we believe your personal data has been breached, we have the following procedures in place:

• We will contact the ICO within 24 hours of becoming aware of the breach, with all the relevant information.
• If the breach has exposed any unencrypted personal data, we will also inform the impacted users.
• We will consider the needs of any law enforcement investigations before publicly announcing the breach.

If our website has been hacked, we have the following procedures in place:

• Changing all passwords.
• Changing the SALT keys in the wp-config.php file
• Creating a fresh backup.
• Identifying the hack and removing their code and means of access.
• Check All File/Folder Permissions, Open Ports & Users on Site for Anything Not Set Up Correctly.
• Changing all passwords again.
• Changing the SALT keys in the wp-config.php file again.
• Creating another fresh backup.