Brand9 is committed to ensuring that your privacy is protected. Our services such as web-design, website management, search engine optimisation and website hosting are aimed at businesses and therefore this policy is aimed at businesses. However, it also covers any personal data that might be held by us.
General Data Protection Regulations (GDPR)
The information you need to know about us:
We are Brand9 Limited.
Brand9 is a trading name of Brand9 Limited whose company registration number is 7036182 and is registered at The Liscard Business Centre, ℅ FD Analytical, The Old School, 188 Liscard Road, Wallasey, Wirral, CH44 5TN.
The information we collect and how we use it:
What information is being collected?
Brand9 Limited will be what’s known as the ‘Data Controller’ of the personal data you provide to us. If we do collect any data, we only collect basic personal data about you which does not include any special types of information. This does, however, include information which can identify you as an individual in the terms of the GDPR including your name, address and your email. You may contact the Data Controller by emailing email@example.com.
How is it collected?
We collect data electronically from our websites through the Contact Us page. If you have given us your business card we will only use the information to contact you to fulfil a request you made or set up a meeting/pass you business. By giving us your business card you will be deemed to have given consent to this. By mutual agreement, we may pass your business card to a potential client.
How long we keep your information
If we have undertaken business-to-business engagement, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Any information we use for emailing you details about updates, invoicing and general business information in the running of Brand9 and your business isn’t covered by GDPR. However, any marketing emails you receive will be kept by us until you notify us that you no longer wish to receive this information. You may do this at any time by unsubscribing.
What we do with your information
Any personal data we process is processed by us and wholly in the UK. However, for the purposes of website, email hosting and maintenance this information is located on servers within the UK. No 3rd parties have access to your personal data unless the law allows them to do so. Your first name and email address may be stored in our MailChimp database if you have actively consented to us sending you information via email. Your information is also securely held on our HubSpot CRM system to store your business details.
Who we share your data with
We do not share or sell your data to any other company other than those data processors we use for our business operations who process your data under our control:
- Google who provide cloud storage for files and folders, analytic data and online applications
- Microsoft OneDrive who provide storage backup and online services
- HubSpot for keeping basic records of clients such as name, email address to enable to contact them
- Fasthosts who provide our hosting and emailing services
- Zoom to enable screen-sharing with clients
- MailChimp to use for bulk emailing for informing clients of updates etc
- FreeAgent to enable us to invoice clients
In all cases, the servers where your personal data is stored and processed are located in the UK, European Economic Area and the USA and are all GDPR compliant.
Sharing your data with other 3rd parties
We will only share your details under special circumstances such as when we believe in good faith that it is required by law.
How you can find out about the information we hold about you
You have the right to request a copy of the information that we hold about you.
If you would like a copy of some or all of your personal information, please email us at firstname.lastname@example.org or write to us using the contact details in this policy.
We will get in contact with you to verify your identity and If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- let you have a concise and clear copy of the information
Our legal basis for processing your information
Much of our processing will be under the basis of “contractual obligation” in other words we need and use your information for providing the services you have requested or have contracted with us.
However, when we are communicating with you regarding products and services you may be interested in receiving from us in the future, our basis for processing is in your legitimate interest (as we are communicating with you in the context of your corporate activity and identity and not in relation to your private life) we believe this to be reasonable and fair behaviour in the context of our audience. Of course, you will always have the opportunity to object as detailed below.
Asking us to suppress or remove your personal information
Should you wish to not receive information from us in future then you can quickly action this by clicking the unsubscribe link you will find in any marketing emails or by sending your details to email@example.com and we will quickly suppress your data.
Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.
What to do if you have a complaint
If you have a complaint please contact the Data Protection Officer at firstname.lastname@example.org which will deal with your request as reasonably practicable.
If you are still not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office. https://ico.org.uk/concerns/
Sale of business
In the event that this business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers’ advisers and will be passed on to the new owners of the business. It is therefore intended that any consents given above or on the relevant pages will benefit any purchaser of our business. However, if that were to occur, as part of our due-diligence process, we will ensure that they too are GDPR compliant.
Your use of our services
Please be sure you are aware of these policy terms while you use our site. should our terms change these will be shown on this page, and we may place notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times.
Security and Systems Policy
The brand9.co.uk website and all the websites it hosts are protected by a firewall. This secures the users’ data. It effectively creates a ‘buffer zone’ between our IT network and external websites. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed to access the website or websites we host.
Secure Socket Layering
Sometimes referred to as SSL and TLS is in its most basic terms is when a website uses a padlock in the address bar and in parallel uses the https address rather than the unsecured http address. The certificates are issued by Let’s Encrypt and are renewed every 3 months.
Content Delivery Network (CDN)
The Brand9 site and all the sites we host are protected by a CDN and acts as a buffer against Distributed Denial of Service attack, often referred to as DDoS. The CDN protects the website against these types of attacks protecting the website against hackers.
Protection of your data:
IT systems: All passwords used have to meet the ‘11 thousand years’ time to crack using the: https://www.my1login.com/resources/password-strength-test test as a minimum.
This is used for all computer logins, wifi password access, cloud services and more. Any sharing of data with a partner of Brand9 for general business purposes also have to adhere to these strict security guidelines.
Cloud systems: All passwords used to access cloud servers use the same level of password strength as our IT systems. On many cloud services two-factor authentication (also known as 2FA) is used when possible.
Mobile devices: Mobile phone use the 6 digital password or thumbprint protection to access it.
Any third-parties that need access to a client’s website will have access privileges that are appropriate to the work they are undertaking and all passwords would still need to comply with the ‘11 thousand year’ rule.
Protection from viruses and malware
All our IT equipment is protected by a firewall and antivirus software. Systems are routinely scanned for malware, bots and spyware. This is in addition to the pro-active systems already in place such as built-in antivirus protection.
All IT equipment such as laptops and mobile phones always use the latest software updates and are set to automatically update, so such systems are never out of date.