This policy applies when you:
- Visit our website
- Make an enquiry about our services
- Commission our services
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
If you have any questions regarding this policy or your personal data, please contact our Data Protection Officer directly via our contact form, making clear you are making a data protection request.
We may change this policy from time to time by updating this page. This policy was last updated on July 25 2018.
What is personal data?
Personal data relates to a living person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Who are we?
Moghill Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations. We decide how personal data is processed and for what purposes in relation to our business.
What data do we collect?
You can browse this site anonymously and our website does not collect any personal information, unless you use our enquiry form or sign up to our newsletter.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you contact us, subscribe to our e-newsletter, leave a comment on our blog or commission our services
We may collect:
- Identity data, including first name, last name, IP address
- Contact data, including billing address, email address and telephone numbers
- Transaction data, including details about payments to and from you, and other details of services you have purchased from us
- Marketing and communications data, which includes your preferences in receiving marketing from us
As a principle we collect only data necessary to provide our services.
Although not included in the GDPR, we treat commercially-sensitive data you provide us in the course of a project in the same way as we treat sensitive personal data.
We operate in complete confidentiality, and any data is held securely, and destroyed securely when no longer required.
What we do with the information we collect
We only use your personal information to provide the services you have requested from us, subject to your instructions, data protection law and our duty of confidentiality.
Your information, whether public or private, will not be sold, exchanged, transferred or given to any other company for any reason without your consent, other than for the express purpose of delivering the purchased services.
The email address you provide for order processing will be used to send you information and updates regarding your order and our services.
How we protect your data
We have put in place a range of security measures to maintain the safety of your personal information when you provide information, whether through this website or otherwise, including but not limited to:
- Ensuring privacy and security by design in all our services
- Making use of a secure, resilient hosting platform, with SSL encryption on our website and all third party apps
- Ensuring our website and all devices used in the course of our work are operating on the latest software versions, and with all security patches, and running virus protection software on all devices
- Requiring GDPR compliance of all third party services we use, and further encryption where necessary
- Transmitting all sensitive/credit card information via SSL
- Otherwise following our basic security policy – including, for example, strong and unique passwords – details of which are available on request.
Who do we share information with?
Our work for you may require us to pass your information to our third-party service providers in order to provide our Services to you. However, when we use third party service providers, we disclose only the personal information necessary to deliver those services and we require them to keep your information secure and not use it for their own direct marketing purposes.
Email: Microsoft Office 365
Web/Domain Name Hosting: SiteGround, Heart Internet, or Jolt
Project Management: Teamwork
Document storage: Dropbox
Website Statistics: Google Analytics and WordPress.com
Website Content Editing: GatherContent
Payment handling: Stripe, GoCardless and Barclays Bank
We will not pass on your personal information to third parties unless we are required by law to do so.
If you leave a comment on this website, it may be checked through an automated spam detection service. A privacy notice is displayed under our comment forms describing this.
Links to third party websites
Our website may contain links to other websites of interest. We are not responsible for the content or privacy of these websites.
Transferring your information outside of Europe
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring safeguards are implemented.
See our Cookies Policy
How long do we keep your data?
We only retain personal data for as long as it’s necessary to fulfil the purposes we collected it for, and to satisfy legal or accounting requirements
We are required under UK tax law to keep basic personal data for a minimum of 7 years.
We conduct a data audit every six months, during which we delete or securely destroy (in the case of paper records) data no longer required.
If you leave a comment on this website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
What are your rights?
Under the GDPR, unless subject to an exemption, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, e.g. marketing, profiling etc.
- The right to lodge a complaint with the Information Commissioners Office (ICO).
If you wish to discuss or exercise any of these rights, please contact our Data Protection Officer using this form.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Exceptions to this are when such information is necessary, for example, as part of a transaction.