Last Updated: 31st May 2018
Table of Contents
Who we are What personal data we collect and why we collect it Who we share your data with How long we retain your data What rights you have over your data Where we send your data Our contact information Additional information How we protect your data What data breach procedures we have in place
Who we are
Website: https://kwd-it.co.uk/ Company Name: KWD IT Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR Telephone: 01926 730261 Mobile: 07947 317700 Email: [email protected] Company Number: 8170985
What personal data we collect and why we collect it
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
If you complete our Contact Form, the information entered will be emailed to us and stored in our website database. You will not be able to complete this form, without giving consent for the submitted data to be collected and stored. We will only use this information to contact you regarding your enquiry.
If you complete our Pre-Website Survey Form, the information entered will be emailed to us and stored in our website database. You will not be able to complete this form, without giving consent for the submitted data to be collected and stored. We will only use this information to help tailor any work that we carry out for you. If you use the “Save and Continue” feature, the information will also be sent to the email address that you enter. This form consists of multiple stages and a cookie file might be used to remember what stage of the form you are on.
We will not use your information for marketing purposes. If you are currently using our services, we may send information that would be of a legitimate interest.
By using our website and accepting our cookies, we will record information that is used to track your activity on our website via Google Analytics. This includes your IP Address and User Agent information.
You can opt out of our Google Analytics tracking, by clicking here and using the “Change your consent” or “Withdraw your consent” options.
Our server uses Plesk software that includes Webalizer and AWStats analytic tools, which also log your IP Address.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Admin Geekz manages our web server, ensuring it remains secure and continues to function correctly. They can, therefore, access any of the data in our website database. Under no circumstances do we give permission for Admin Geekz to share any information stored in our website database or use any personal data for their own means.
Our website uses third-party plugins to provide additional functionality. If any issues occur with these third-party plugins, the developers need logins to the administration area of our website, so that they can diagnose and fix the problem. Once the issue has been resolved, their access is revoked.
How long we retain your data
We aim to delete information collected by our website forms after a 3 month period, but no longer than 12 months. If we begin carrying out work for you based on the information collected by our website forms, we will not delete the information within this period. If a point reaches where we are no longer working with you, we will aim to delete your information after a 12 month period, but no longer than 24 months. You can request that we delete your data sooner, by contacting us here.
The logs created on our server by our Plesk software are automatically cleaned up after a 30 day period.
We have configured our Google Analytics account to clean up personal data after a 26 month period.
What rights you have over your data
You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Ensuring accuracy of information, you can also request corrections. For large/excessive data requests we may charge a small fee.
Where we send your data
We use the BackWPup plugin to take daily backups of our website, which uploads these backups to a secure Dropbox account. Each backup is automatically deleted after 14 days. To find out more about how Dropbox handles our data, whilst keeping within the EU regulations, please click here.
Our contact information
If you have any privacy-specific concerns, you can contact Kirk Johnston using any of the following methods… Email: [email protected] Telephone: 01926 730261 Mobile: 07792 845959 Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR Alternatively, please use our Contact Form.
As part of the services that we provide, we are given a variety of login details. Examples of the login details that we are given are:
- Web Hosting Control Panels
- Domain / DNS Management
- FTP / Database Access
- Content Management Systems (E.G. WordPress / Magento / Joomla etc)
- Payments Gateways (E.G. PayPal / SagePay)
- Email Accounts
- Social Media Accounts (E.G. Facebook / Twitter / Instagram / LinkedIn etc)
- Google Services (E.G. Analytics / AdWords / YouTube / Search Console etc)
- Email Marketing Accounts (E.G. MailChimp / Constant Contact etc)
We store all of this information using a Password Safe, which is protected by an extremely secure password. The vault that contains the passwords is shared between colleagues using Dropbox. Each user’s Dropbox account also requires an extremely secure password to gain access.
How we protect your data
The following information lists the steps that we take to help protect your data:
- Our website is always using the latest version of WordPress and Plugins.
- We deactivate and remove any plugins no longer used and only have our active theme installed.
- We use the Wordfence security plugin to help prevent unwanted access to our website and this plugin ensures that strong passwords are compulsory for all accounts that have access to our website.
- We ensure that we don’t have any more than the required amount of accounts, that can gain access to our website.
- Each team member has a unique login and we use a plugin, which tracks each users activity.
- Our website uses an SSL Certificate to encrypt the information sent between your device and our web server.
- Our server has a Firewall to help keep out unwanted visitors.
- Our computers are all protected using strong passwords.
- Any personal information that leaves our office on portable devices, is thoroughly encrypted.
What data breach procedures we have in place
If we believe your personal data has been breached, we have the following procedures in place:
- We will contact the ICO within 24 hours of becoming aware of the breach, with all the relevant information.
- If the breach has exposed any unencrypted personal data, we will also inform the impacted users.
- We will consider the needs of any law enforcement investigations before publicly announcing the breach.
If our website has been hacked, we have the following procedures in place:
- Changing all passwords.
- Changing the SALT keys in the wp-config.php file
- Creating a fresh backup.
- Identifying the hack and removing their code and means of access.
- Check All File/Folder Permissions, Open Ports & Users on Site for Anything Not Set Up Correctly.
- Changing all passwords again.
- Changing the SALT keys in the wp-config.php file again.
- Creating another fresh backup.