Privacy Policy - Moghill Web Services

This privacy policy sets out how and why Moghill Web Services collects personal data, what we do with it and how we protect it. It also covers your rights in relation to the data we hold on you.

This policy applies when you:

Visit our website
Make an enquiry about our services
Commission our services

Moghill Ltd is registered with the Information Commissioner’s Office under the Data Protection Act. Registration number: ZB041821

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.

If you have any questions regarding this policy or your personal data, please contact our Data Protection Officer directly via our contact form, making clear you are making a data protection request.

We may change this policy from time to time by updating this page. This policy was last updated on February 20 2022.

What is personal data?

Personal data relates to a living person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

Who are we?

Moghill Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations. We decide how personal data is processed and for what purposes in relation to our business.

What data do we collect?

Website visitors

You can browse this site anonymously and our website does not collect any personal information, unless you use our enquiry form or sign up to our newsletter.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

We may collect:

Identity data, including first name, last name, IP address
Contact data, including billing address, email address and telephone numbers
Transaction data, including details about payments to and from you, and other details of services you have purchased from us
Marketing and communications data, which includes your preferences in receiving marketing from us

As a principle we collect only data necessary to provide our services.

Commercially-sensitive data

Although not included in the GDPR, we treat commercially-sensitive data you provide us in the course of a project in the same way as we treat sensitive personal data.

We operate in complete confidentiality, and any data is held securely, and destroyed securely when no longer required.

What we do with the information we collect

We only use your personal information to provide the services you have requested from us, subject to your instructions, data protection law and our duty of confidentiality.

Your information, whether public or private, will not be sold, exchanged, transferred or given to any other company for any reason without your consent, other than for the express purpose of delivering the purchased services.

The email address you provide for order processing will be used to send you information and updates regarding your order and our services.

How we protect your data

We have put in place a range of security measures to maintain the safety of your personal information when you provide information, whether through this website or otherwise, including but not limited to:

Ensuring privacy and security by design in all our services
Making use of a secure, resilient hosting platform, with SSL encryption on our website and all third party apps
Ensuring our website and all devices used in the course of our work are operating on the latest software versions, and with all security patches, and running virus protection software on all devices
Requiring GDPR compliance of all third party services we use, and further encryption where necessary
Transmitting all sensitive/credit card information via SSL
Otherwise following our basic security policy – including, for example, strong and unique passwords – details of which are available on request.

Our work for you may require us to pass your information to our third-party service providers in order to provide our Services to you. However, when we use third party service providers, we disclose only the personal information necessary to deliver those services and we require them to keep your information secure and not use it for their own direct marketing purposes.

We currently use (to varying degrees) the following trusted third parties. Each service name includes a link to the service’s privacy policy.

Email: Microsoft Office 365
Web/Domain Name Hosting: SiteGround, Heart Internet, or Jolt
Accounts/billing: FreeAgent
Support: Freshdesk
Project Management: Teamwork
Document storage: Dropbox
Proposals: Bidsketch
Website Statistics: Google Analytics and WordPress.com
Website Content Editing: GatherContent
Payment handling: Stripe, GoCardless and Barclays Bank

We will not pass on your personal information to third parties unless we are required by law to do so.

Website comments

If you leave a comment on this website, it may be checked through an automated spam detection service. A privacy notice is displayed under our comment forms describing this.

Links to third party websites

Our website may contain links to other websites of interest. We are not responsible for the content or privacy of these websites.

Transferring your information outside of Europe

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring safeguards are implemented.

How we use cookies

See our Cookies Policy

How long do we keep your data?

We only retain personal data for as long as it’s necessary to fulfil the purposes we collected it for, and to satisfy legal or accounting requirements

We are required under UK tax law to keep basic personal data for a minimum of 7 years.

We conduct a data audit every six months, during which we delete or securely destroy (in the case of paper records) data no longer required.

If you leave a comment on this website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

What are your rights?

Under the GDPR, unless subject to an exemption, you have the following rights with respect to your personal data:

The right to request a copy of your personal data which we hold about you.
The right to request that we correct any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for us to retain such data.
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
The right to object to the processing of personal data, e.g. marketing, profiling etc.
The right to lodge a complaint with the Information Commissioners Office (ICO).

If you wish to discuss or exercise any of these rights, please contact our Data Protection Officer.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

When using our site, if at any point you are asked for personal information, you will have the opportunity to provide your consent (or not) in line with this privacy policy.

Exceptions to this are when such information is necessary, for example, as part of a transaction.