Updated 17th May 2018
How we handle data
We only ever ask for, use and store data relevant to carrying out a website design and development business. We do not send out newsletters nor any other marketing, we do not store any personal information received via our website.
What data we collect
We collect information in our contact form, name, email address and telephone number, but this is not shared with anyone and we do not sell data to any third parties. We do not store this information and neither the database nor regular back ups hold any of this information.
Cookies are packets of data that your computer stores in order to make your visit to websites easier, they remember your preferences and can be used to show you messages only once. These cookies can be controlled by you using settings on your computer, so you only store those from certain websites.
Part of using cookies is website analytics. These provide anonymous data about your visit to the webmaster who can see how long you spend on a website as well as pages viewed and the keywords you typed into a search engine to arrive at that website. This provides the website with valuable information about how we can improve our website and make it easier for customers to find us.
Google analytics is disabled as routine but it would be useful for us if you enabled it. We have tweaked the tracking code to report IPaddresses anonymously.
Our website uses a WordPress installation making use of as many security features as possible, minimal plugins, and updates are run regularly to ensure security is maintained.
The plugins we use on the website which collect data include Ninja forms and Wordfence security.
Third party data controllers
We use these data controllers /processors within normal operations, please click on the links to view the updated GDPR compliant privacy policies.
Facebook (Social Media)
Twitter (Social Media)
Instagram (Social Media)
LinkedIn (Social Media)
Ninja Forms (Plugin)
Our response policy in the event of a data breach
We endeavour to keep the sites we design as secure as possible by keeping all plugins and components up to date on our client sites.
We also apply security updates as they are released.
We also ensure that passwords are as secure as possible using a combination of upper and lower case letters and special characters.
Data breach within a single client site
In the event of a client reporting a data breach on their site, we will change all passwords relevant to that account and restore the site from a clean backup where possible (assuming we have been notified in time to use a backup). If the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.
Data breach within our own internal systems
The immediate priority is to identify and isolate the breach by locking down all systems and resetting all system passwords.
We would then reset all client passwords and check the logs to see if any client sites have been accessed as a result of the breach.
We would notify all clients of the breach, explaining what had happened and what steps we had taken to prevent future occurrence.
If we detected that any client sites had been accessed as a result of the breach, then we would notify them and if the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.
In the event that client websites had been accessed as a result of the breach of our system, we would then report the breach to the relevant authorities within 72 hours as per the GDPR requirements.
Data Processor for Red Card Design
If you would like to know what personal information we hold on you, which would only be if we work for you in some capacity, please contact our data processor on firstname.lastname@example.org or 01603 447667.