Privacy Policy

KWD IT are fully committed to complying with the General Data Protection Regulation (GDPR) enforceable by 25th May 2018. This privacy policy outlines how we use personal information we collect about you when you use this website and our services.

Last Updated: 31st May 2018

Table of Contents

Who we are
What personal data we collect and why we collect it
Who we share your data with
How long we retain your data
What rights you have over your data
Where we send your data
Our contact information
Additional information
How we protect your data
What data breach procedures we have in place

 

Who we are

Website: https://kwd-it.co.uk/
Company Name: KWD IT
Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR
Telephone: 01926 730261
Mobile: 07947 317700
Email: [email protected]
Company Number: 8170985

 

What personal data we collect and why we collect it

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Website Forms

If you complete our Contact Form, the information entered will be emailed to us and stored in our website database. You will not be able to complete this form, without giving consent for the submitted data to be collected and stored. We will only use this information to contact you regarding your enquiry.

If you complete our Pre-Website Survey Form, the information entered will be emailed to us and stored in our website database. You will not be able to complete this form, without giving consent for the submitted data to be collected and stored. We will only use this information to help tailor any work that we carry out for you. If you use the “Save and Continue” feature, the information will also be sent to the email address that you enter. This form consists of multiple stages and a cookie file might be used to remember what stage of the form you are on.

The Gravity Forms plugin used for our website forms may also record your IP Address and User Agent information, which helps identify you and can assist with preventing SPAM.

We will not use your information for marketing purposes. If you are currently using our services, we may send information that would be of a legitimate interest.

Analytics

By using our website and accepting our cookies, we will record information that is used to track your activity on our website via Google Analytics. This includes your IP Address and User Agent information.

You can opt out of our Google Analytics tracking, by clicking here and using the “Change your consent” or “Withdraw your consent” options.

You can view Google’s Privacy Policy here.

We use the Google Analytics for WordPress by MonsterInsights plugin to connect our website to Google Analytics and you can view their Privacy Policy here.

Our server uses Plesk software that includes Webalizer and AWStats analytic tools, which also log your IP Address.

Social Media

By using any of the Social Media Share buttons on our website, the AddToAny plugin used may temporarily store an IP address and set a client cookie for security purposes.

Security

Our website uses the Wordfence plugin to protect itself against malicious users and this plugin uses cookie files. You can view their Privacy Policy here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

Who we share your data with

Admin Geekz

Admin Geekz manages our web server, ensuring it remains secure and continues to function correctly. They can, therefore, access any of the data in our website database. Under no circumstances do we give permission for Admin Geekz to share any information stored in our website database or use any personal data for their own means.

Plugin Developers

Our website uses third-party plugins to provide additional functionality. If any issues occur with these third-party plugins, the developers need logins to the administration area of our website, so that they can diagnose and fix the problem. Once the issue has been resolved, their access is revoked.

 

How long we retain your data

Website Forms

We aim to delete information collected by our website forms after a 3 month period, but no longer than 12 months. If we begin carrying out work for you based on the information collected by our website forms, we will not delete the information within this period. If a point reaches where we are no longer working with you, we will aim to delete your information after a 12 month period, but no longer than 24 months. You can request that we delete your data sooner, by contacting us here.

Analytics

The logs created on our server by our Plesk software are automatically cleaned up after a 30 day period.

We have configured our Google Analytics account to clean up personal data after a 26 month period.

 

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Ensuring accuracy of information, you can also request corrections. For large/excessive data requests we may charge a small fee.

 

Where we send your data

We use the BackWPup plugin to take daily backups of our website, which uploads these backups to a secure Dropbox account. Each backup is automatically deleted after 14 days. To find out more about how Dropbox handles our data, whilst keeping within the EU regulations, please click here.

 

Our contact information

If you have any privacy-specific concerns, you can contact Kirk Johnston using any of the following methods…
Email: [email protected]
Telephone: 01926 730261
Mobile: 07792 845959
Address: 3 Dencer Drive, Kenilworth, Warwickshire, CV8 2QR
Alternatively, please use our Contact Form.

 

Additional information

As part of the services that we provide, we are given a variety of login details.
Examples of the login details that we are given are:

  • Web Hosting Control Panels
  • Domain / DNS Management
  • FTP / Database Access
  • Content Management Systems (E.G. WordPress / Magento / Joomla etc)
  • eBay
  • Payments Gateways (E.G. PayPal / SagePay)
  • Email Accounts
  • Social Media Accounts (E.G. Facebook / Twitter / Instagram / LinkedIn etc)
  • Google Services (E.G. Analytics / AdWords / YouTube / Search Console etc)
  • Email Marketing Accounts (E.G. MailChimp / Constant Contact etc)

We store all of this information using a Password Safe, which is protected by an extremely secure password. The vault that contains the passwords is shared between colleagues using Dropbox. Each user’s Dropbox account also requires an extremely secure password to gain access.

 

How we protect your data

The following information lists the steps that we take to help protect your data:

  • Our website is always using the latest version of WordPress and Plugins.
  • We deactivate and remove any plugins no longer used and only have our active theme installed.
  • We use the Wordfence security plugin to help prevent unwanted access to our website and this plugin ensures that strong passwords are compulsory for all accounts that have access to our website.
  • We ensure that we don’t have any more than the required amount of accounts, that can gain access to our website.
  • Each team member has a unique login and we use a plugin, which tracks each users activity.
  • Our website uses an SSL Certificate to encrypt the information sent between your device and our web server.
  • Our server has a Firewall to help keep out unwanted visitors.
  • Our computers are all protected using strong passwords.
  • Any personal information that leaves our office on portable devices, is thoroughly encrypted.

 

What data breach procedures we have in place

If we believe your personal data has been breached, we have the following procedures in place:

  • We will contact the ICO within 24 hours of becoming aware of the breach, with all the relevant information.
  • If the breach has exposed any unencrypted personal data, we will also inform the impacted users.
  • We will consider the needs of any law enforcement investigations before publicly announcing the breach.

If our website has been hacked, we have the following procedures in place:

  • Changing all passwords.
  • Changing the SALT keys in the wp-config.php file
  • Creating a fresh backup.
  • Identifying the hack and removing their code and means of access.
  • Check All File/Folder Permissions, Open Ports & Users on Site for Anything Not Set Up Correctly.
  • Changing all passwords again.
  • Changing the SALT keys in the wp-config.php file again.
  • Creating another fresh backup.