Privacy
Locofoco Design is committed to safeguarding the privacy of our clients and supporters while providing the highest possible quality of service. Under the terms of Data Protection legislation, we are required to explain to you how we will treat any personal and/or private data which we collect from you.
Who we are
References to we, us and our are to Locofoco Design Limited.
References to our website or the website are to www.locofoco.co.uk.
Data Controller
The nominated representative for Locofoco Design is Director, Shona Maciver who may be contacted here.
Why we hold data
Locofoco Design Ltd. must collect and process personal data to provide its services, for example:
• details of people who contract with us to provide services to them
• details of people who make enquiries about our services
• details of people who want to receive our newsletters, event invitations and printed items designed by us (like Christmas cards).
Locofoco Design Ltd. also holds personal data on service suppliers and other professional business contacts in order to manage its business. We want to be clear with you about what we hold and how we use it.
Complying with legislation
Locofoco Design Ltd. will always comply with data protection legislation, so the data held about you must be:
• kept securely
• used lawfully, fairly and in a transparent way
• collected only for the purposes we have clearly explained to you and not used in any way incompatible with that purpose
• relevant to the purposes we have told you about and limited to those purposes
• accurate and kept up to date
• kept only as long as necessary for the purposes we have told you about
Your rights and how to exercise them
Under GDPR, you have several rights with respect to the data held by Locofoco Design:
• right to access
• rectification
• erasure
• restriction of processing
• objection to processing
• data portability
• the right to withdraw consent
• the right to lodge a complaint with a supervisory authority.
If you wish to exercise any of these rights, please contact Locofoco Design’s Data Controller, Shona Maciver here.
The basis for holding your data
For Locofoco Design, there are three lawful bases on which we hold personal data:
• contract: where we need the information to provide a service, e.g. to our clients. A person can request deletion but that will cancel the contract e.g. they can no longer be a client.
• consent: where the person explicitly consents to us using their information (e.g. to send newsletters, event invitations or printed items designed by us). If consent is withdrawn, the information must be deleted.
• legitimate interest: where we need to retain the information even if the person requests deletion of their information. For example, where we bar a person from being a client or a supplier or to maintain archival records for HMRC.
The categories of data we hold and the lawful bases for holding and processing it are:
Data: client
Category: mandatory
Processing purpose: to manage a person’s clientship, including communication about that clientship Lawful basis for processing: contract.
Data: client
Category: optional
Processing purpose: newsletter mailing list to communicate news to clients
The lawful basis for processing: consent.
Data: subscriber
Category: optional
Processing purpose: newsletter mailing list to communicate news to clients
The lawful basis for processing: consent.
Data: supplier
Category: mandatory
Processing purpose: to support the operation of Locofoco Design, including by systems
The lawful basis for processing: consent.
How we use your information
Personal data is collected by Locofoco Design to provide the following services:
• client services (for clients)
• communications (for mailing list subscribers)
It is also collected for:
• organisation management (for clients, suppliers, and volunteers).
The personal data collected is as follows:
Information about clients
We hold your name, email address, business address, company name and telephone number as mandatory information. Optionally, you may supply a short description of your business and category of business.
To work with Locofoco Design, you must provide the mandatory information requested for us to manage and provide the benefits of your clientship, including emails regarding your clientship – this is processed on the basis of “contract”.
Your email address will also be used to send you Locofoco Design newsletters, event announcements, and other emails. These communications are not part of your contract with us and are processed on the basis of “consent”. You may unsubscribe from these emails at any time without deleting your email address from your clientship record.
You may request that optional information you have supplied is deleted. However, if you request that mandatory information is deleted, Locofoco Design will have to terminate your clientship. Any work outstanding will be billed as per quotation.
If your clientship is terminated, all optional data provided will be deleted after one month. Mandatory data will be deleted after seven years to comply with our legal obligation to keep a record of accounts for HMRC.
Information about mailing list subscribers
We hold your email address, and optionally, your postal address, processed on the basis of “consent”.
This will be used to send you Locofoco Design newsletters, event announcements, and direct mail. By providing your email address, you are giving your consent to receiving these emails. You may unsubscribe at any time by clicking the “Unsubscribe” link at the foot of a Locofoco Design email and your email address will be deleted immediately.
By providing your business postal address you are giving us permission to send you direct mail items such as cards and paper invitations. Your record of service as a supplier is held in perpetuity to maintain a history of Locofoco Design Ltd; it is held on the basis of “legitimate interests”.
Who has access to your data
Personal data collected by Locofoco Design is processed by the following systems and organisations, who act as data processors on our behalf:
• our contact database, Mailchimp – accessed by Locofoco Design administrator password
• Xero online bookkeeping system– accessed by Locofoco Design administrator password
• our administrators, Capital Bookkeeping who manage our passworded Xero bookkeeping system
• website analytics, Google Analytics – accessed by Locofoco Design administrator password
All suppliers acting as data processors for Locofoco Design have committed contractually to abide by GDPR, including rights of access and deletion, security and confidentiality. You can find links to the data protection regimes below. We don’t share your data with anyone else, except when required to by law.
Where your data is held
Locofoco Design is based in Scotland but makes use of cloud-based systems provided by a range of suppliers based in a variety of countries. As a result, your personal information may be transferred outside the UK or European Economic Area. All our systems suppliers have published their own data protection policies in order to comply with GDPR:
• Capital Bookkeeping
• Google Analytics
• Xero
In the event of a data breach
If we find out that the private data we hold has been breached, or altered or deleted without authorisation, we will inform the Information Commissioner’s Office (ICO) as required under GDPR. We will also inform those affected. Notification is not required if the data concerned is already public (for example, if it is published in the member directory).
Website data
We hold your IP Address: this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used solely to record usage of the website and to create site statistics for analysis of the website.
Most browsers can be programmed to reject cookies or warn you before downloading cookies – information regarding this may be found in your browser’s help facility. For more information on cookies, please visit www.allaboutcookies.org.
This policy was published on 21st May 2018.