Respecting your privacy
At The Pixel Parlour we respect your right to privacy online and understand that you want to keep control of your personal information. That’s why we are committed to protecting any information you share with us and practice Privacy by Default (PbD) in the design of our services.
We will never sell, distribute or intentionally make your personal information public. All your interactions with our website are protected by strong 256-bit encryption and we collect the minimum of personal information needed to provide an effective service.
Unless otherwise stated any personal data is captured on the lawful basis of legitimate commercial interests. That is to say we are using your data in a way that you might reasonably expect and which has a minimal privacy impact.
Our legal bases for processing
We collect and process information about you only where we have legal bases for doing so. This legal bases will depend on the individual services you use and how you use them. Additional information is provided below but in general terms we will only collect and use your information where:
- It is necessary for us to provide you with a service, including for support or to protect the safety and security of the services itself.
- It satisfies a legitimate interest which is not overridden by your data protection interests. Such as for research and development.
- You have given us consent to do so for a specific purpose.
- We need to process your data to comply with a legal obligation.
In cases where you have consented to our use of your personal information for a specific purpose you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, but in some cases this may mean your are no longer able to access our services.
Third party data processors
Like most businesses we rely on a number of third-party providers to support our day-to-day operations, for example in areas such as online file storage and email delivery. We may also hire third parties to operate, maintain or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.
All our third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.
Amazon Web Services (Email delivery & file storage): https://aws.amazon.com/compliance/data-privacy-faq/
DropBox: (Data storage): https://www.dropbox.com/privacy
Google (Website analytics): https://support.google.com/analytics/answer/6004245?hl=en
HeartInternet (Hosting & email services): https://www.heartinternet.uk/terms/heart-internet-privacy-statement
MailChimp (Email marketing): https://mailchimp.com/legal/privacy/
Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.
Our website is hosted in the UK in a data centre managed by Heart Internet. When you visit our website or access one of the files stored on our web server information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Heart Internet will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.
Like most businesses we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for 14 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.
Our website and emails contain a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and we do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, its owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.
Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings, but it is important to be aware that some cookies are essential and our website may not function as expected without them.
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features. But you can still block or delete them by changing your browser preferences.
- analytics, third-party (The Pixel Parlour) – used by our website to remember your cookie preferences. Expire after 6 months.
These cookies are used to enhance the performance and functionality of our websites. They are non-essential but without them certain functionality may become unavailable.
- YSC (YouTube) – used to support playback of embedded YouTube videos. Expires at the end of your session.
- VISITOR_INFO1_LIVE (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
- PREF (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
Analytics and customisation cookies
These cookies collect information to help us understand how our website is being used or customise it in order to enhance your experience.
- _ga (Google Analytics) – used to distinguish between users. Expires after 2 years.
- _gat (Google Analytics) – used to distinguish between users. Expires after 24 hours.
- _gid – (Google Analytics) – used to throttle the request rate. Expires after 1 minute.
These cookies are used to make advertising messages more relevant to you and your interests.
- None currently in use
Project briefing forms
When you submit one of our online enquiry forms the information provided (which can include your name, email address and phone number) is sent to us by email. Additionally we record your IP address and a timestamp for the purposes of fulfilling our obligation under GDPR to appropriately log submissions of personal data.
Enquiry emails are only available to a limited number of team members who are all bound by a strict confidentiality agreement. By default we treat all information provided as confidential and won’t share it beyond the company without your explicit consent. Because your submission can include attachments and other information we can’t limit what information you share with us. Therefore we request that you only share information directly relating to your enquiry and that you have the appropriate consent to disclose the information you share with us and accept that we are not responsible for its loss, theft or accidental disclosure.
On the receiving end email is hosted by Heart Internet on servers located within the UK. Your email may be stored there for up to 12 months before being archived offline or permanently deleted. Our policy is to retain all email correspondence relating to active clients. If however you don’t go on to take up our services within 12 months your enquiry along with any accompanying attachments will be permanently deleted.
To help ensure that only those who really consent to receiving our emails are signed-up we use a double opt-in process where a confirmation email will be sent to the email address supplied with a link to click. Only after clicking that link will you be opted-in to receive our emails. At this point MailChimp will also collect your IP address, which along with a timestamp helps provide our evidence of consent should we need to provide this to the regulator.
By default we will retain your data in MailChimp for as long as you choose to stayed subscribed or such time as we consider your account to be in-active (ie. you are no longer opening or engaging with our emails).
You can update your details or opt-out of our emails at any time using the ‘Unsubscribe’ or ‘Email Preferences’ links found at the bottom of every email we send via MailChimp. If you unsubscribe MailChimp will retain your email address for the purposes of a suppression list to ensure that no further marketing messages can be sent unless you actively choose to opt-in again.
We may also combine the information you provide us at sign-up with data from other sources, such as our website, to help us improve the relevance of the emails we send you. For example if you are also a customer of ours using our website hosting services we will record that information in your MailChimp subscriber profile to ensure that the content of our emails reflects that.
When you send us an email, either to one of the addresses displayed on our website or an an individual member of staff, we will collect your email address and any other information you provide within your email.
The information you provide will only be processed in relation to the purpose of your correspondence with us. We have no fixed retention period for email correspondence, but we are committed to only storing your data for no longer than is necessary to serve our legitimate interests of record keeping or to perform a contract we have entered into with you.
If you become one of our customers we may collect additional data in the course of on-boarding and delivering our services, including personal identification and contact data such as name, email address, phone number, physical address, address, job title and IP address.
This may be information you supply us with directly or which is collected automatically through your use of our service. When you sign up to use any of our services you will enter an agreement consenting to this information being collected, used and stored by us for the following purposes:
- To provide, support, and improve the services we offer: This might also include sharing your information with third parties in order to provide certain services, for example domain name registration. In these cases we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.
- To promote use of our services to you: If you use any of our services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send.
- To bill and collect money owed to us: This includes sending you emails, invoices, receipts and late payment notices.
- To send you important service updates: For example, to inform you of changes to our services and policies and any planned closures.
- To meet legal requirements: This includes complying with court orders, subpoenas, and other appropriate legal mechanisms.
We will retain the data until such time as the agreement is terminated by either party, after which it will be permanently erased. Please be aware that it may take up to 6 months for all records to be removed from our primary and backup systems.
We act as a data processor for a number of our clients so if you are their customer we may be involved in processing or storing some of your personal data on their behalf. In these cases we apply the same principles of data minimisation and responsible handling as the data we collect directly.
As with our own data we have implemented and will maintain appropriate technical and organisational security measures to protect the data from loss and to preserve the security and confidentiality of this customer data.
Prior to receiving your data our clients are required to confirm to us that they hold the appropriate consent to share it with us and have a clear legal basis for processing it. Except under the instruction or with the explicit permission of the original data controller we won’t share any of your personal information with unauthorised third parties.
We do not process any of what is classified under the GDPR as ‘sensitive’ personal data, such as medical records and financial information. We also won’t process the personal data of any data subjects under 16 years of age.
We will only hold your data for the period of processing, after which it will be permanently erased. In practice it may take up to 6 months for all copies of the data to be automatically removed from our backups. We use both DropBox and Amazon S3 for file storage / remote backup so your data may be temporarily stored in one or both of these places as well as on our local file storage system. Wherever possible we encrypt in transit and at rest and use other security precautions such as two-factor authentication to protect and restrict access to just those personnel directly involved in the processing.
We are obligated to assist our clients in dealing with any requests for access, rectification or erasure of personal data which you might make. In the first instances these requests should be directed to the original data controller, but if you do not receive a satisfactory response within one month you can also contact us directly if you believe we are involved in processing your data.
Children under 16
Our website and services are not for use by children under the age of 16 years and we will not knowingly collect or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted to do so.
Questions & data access/removal requests
In accordance with the General Data Protection Regulation (2018) you have the right to access your personal data for the purposes of verifying the lawfulness of its processing. You are also entitled to have your personal data rectified if it is inaccurate or request that it be removed.
We will respond to any such requests within 14 days confirming it has been received and outlining what follow-up action will be taken and when. While we will make every effort to act quickly please note it can take up to 3 months before some types of data can be fully removed from both our primary and backup systems.
The Pixel Parlour is registered with the UK Information Commissioner’s Office as a tier 1 data controller/processor, reference number: ZA516200.
11 May 2019 – Details of our registration as a data controller/processor with the UK Information Commissioner’s Office added.
23 April 2018 – Information about the processing of personal data shared as part of email correspondence added.
10 April 2018 – Additional information added about the collection and use of customer data