Awkward Works Limited
About this Privacy Notice
Awkward Works Limited (‘Awkward Works’, ‘we’, ‘us’ or ‘our‘) takes the privacy of your information very seriously. This Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal information which may be collected in person from you, obtained via our websites or apps or collected through other means such as by an online form, email, or telephone communication.
This notice applies to personal information provided by our clients, prospects, site visitors and contacts whose data we process. In this notice ‘you’ refers to any individual whose personal data we hold or process.
This notice is governed by the EU General Data Protection Regulation (the ‘GDPR’).
Personal data we collect
We collect and process the following data:
- Client Contact Information. For individuals associated with our clients or potential clients we may hold contact information such as names, email addresses, phone numbers, addresses, and job titles and/or specific roles within your organisation.
- Third Party Contact Information. For individuals associated with our suppliers, potential suppliers and other third parties we interact with we may hold contact information such as names, email addresses, phone numbers, addresses, and job titles and/or specific roles within your organisation.
- Communication information. Records of any communication or correspondence between you and us.
- Marketing information. Information we hold about you in order to provide information about our services including name, address, email address, telephone number and other information such as your preferences in receiving marketing from us and our third parties and your communication preferences.
The legal basis we rely on to process these categories of personal data
We process the above categories of personal data because:
- the processing is necessary in pursuit of a ‘legitimate interest’, meaning a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security. Examples of our legitimate interests in processing your personal data include obtaining information which is necessary to:
- provide our services to our clients;
- give our clients and our prospective clients information about our services and respond to questions and comments;
- communicate with our clients and prospective clients about our services in order to develop and grow our business and inform our marketing strategy;
- keep records updated and study how our services are used;
- run our business including the provision of administration, maintenance and IT services, troubleshooting and updating our site, updating network security, and improving and monitoring our products and services.
- you have consented to the processing for the specific purposes described in this notice;
- the processing is necessary in order for us to comply with our obligations under a contract between you and us.
We will collect information either from you directly or from a third party (for instance an introducer). If we do obtain your personal data from a third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
We retain personal data for as long as we reasonably consider it to be necessary for the purposes for which it was collected, after which we will securely delete it.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Save for marketing information, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data or (if later) the end of the relevant contract, arrangement or interaction with the data subject to whom the personal data relates.
Our policy is to delete or destroy marketing information after 3 years from the last date on which you interacted with us or used the site.
Our retention periods may be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
Sharing your information
If we collect a credit or debit card payment from you then credit and debit card information will be provided to our payment processing partner. This information will be supplied to our payment processing partner directly, even if you provide the information through our site. Our payment processing partner will be the data controller for credit and debit card information.
Our payment processing partner will have their own privacy policies and notices. But we will take steps to ensure that they are compliant with applicable data protection legislation and we will consult with them in relation to maintaining the security of payment information.
We may disclose your personal data to third parties in the following circumstances:
- as part of our services we may provide information to our third party service providers such as our contractors or other services providers who help us to provide our services;
- we may disclose information to our group companies;
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation (for example, if required to do so by court order or for the purposes of prevention of fraud or other crime);
- in order to enforce any terms and conditions or agreements for our services that may apply;
- we may transfer your personal information to a third party as part of a merger or a sale of some or all of our business and assets or as part of any business restructuring or reorganisation, but we will take steps to ensure that your privacy rights continue to be protected; and
- to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties, including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that such third party complies with the terms of this notice.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access or improper use, or accidental loss or damage.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We protect our servers by using both hardware and software firewalls, locate our data processing storage facilities in secure locations, and encrypt all data stored on our server with industry standard encryption methods.
Your privacy rights
With respect to your personal data, you have the right to:
- request that your personal data will not be processed;
- ask for a copy of any personal data that we have about you;
- request a correction of any errors in or update of the personal data that we have about you;
- request that your personal data will not be used to contact you for direct marketing purposes;
- request that your personal data will not be used for profiling purposes;
- request that your personal data will not be used to contact you at all;
- request that your personal data be transferred or exported to another organisation, or deleted from our records; or
- at any time, withdraw any permission you have given us to process your personal data.
All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our Data Protection Manager.
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
A cookie is a piece of data stored locally on your computer and contains information about your activities on the Internet. The information in a cookie does not contain any personally identifiable information you submit to our site.
Once you close your browser, our access to the cookie terminates. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To change your browser settings you should go to your advanced preferences.
If you choose not to accept the cookies, this will not affect your access to the majority of information available on our site. However, you will not be able to make full use of our online services.
An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We may use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our Site, and to administer and improve the site.
Transferring your information outside Europe
We will not transfer your personal data in a systematic way outside of the European Economic Area (‘EEA’) but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
- if you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with our services;
- we may communicate with individuals or organisations outside of the EEA in providing our services, those communications may include personal information (such as contact information) for example you may be outside of the EEA when we communicate with you;
- from time to time your information may be stored in devices which are used by our staff outside of the EEA (but staff will be subject to our cyber-security policies).
If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
We may publish customer testimonials and quotes on our site or in other marketing materials, which may contain some personal data. Awkward Works obtains consent from each customer and the featured individuals prior to publication. This consent may be withdrawn at any time. If you are featured in a customer testimonial or quote and wish to withdraw your consent, please email us at the address in the ‘Contact us’ section of this notice.
We will post details of any changes to this notice on our website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by us using the details below:
email: [email protected]
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting www.ico.org.uk for further assistance.
Read more >