PLEASE READ THESE TERMS CAREFULLY
This policy was last updated: 4th June 2018
1. About this Policy
CATO Creative understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, http://www.catocreative.com and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your legal rights.
For the purposes of the General Data Protection Regulation (GDPR) and relevant legislation, the Data Controller is CATO Creative Limited. For any issues relating to data protection the person responsible is Mark Barratt.
2. Changes to this Policy
3. Who we are and how to contact us
CATO Creative Limited is registered under Company Registration Number 08024009. Our registered office address is International House, 142 Cromwell Road, Kensington, London SW7 4EF. We are registered with the Information Commissioner’s Office (ICO) for data protection reference number A8372333
If you have any concerns about how we handle your data, you can contact the Data Controller by email to firstname.lastname@example.org or you can formally raise a complaint to the ICO directly on 0303 123 1113, or see the options for reporting issues at https://ico.org.uk/concerns
4. What personal data do we collect?
Information that you provide to us is retained and processed in accordance with UK data protection legislation.
The types of data CATO Creative holds includes personal information such as your name, contact details and address. Data we process may relate to the following categories of personnel:
- Employees or other workers
- Professional Advisors and Consultants
- Enquirers and Complainants
5. Where do we collect data from?
We collect your data from the following interactions with us:
If you comment on our blog posts we may record and publish your name. Details about your device may also be collated by us and/or third parties. Data is on the grounds of being legitimate to our business interests. You can request that personal data is not published.
- Contact us
When you submit a query to us through the website we collect details of your name, phone number and email, as well as the message you submit. This is so that we can contact you and provide details of our services to you and deal with general company enquiries. Data is held on the grounds of being legitimate to our business interests.
From time to time we may contact you to provide details of services that may be of interest to you including Newsletters by email and details from partners we work with. Data is processed on the basis of valid consent obtained from you. If at any time you wish to update the information which we hold about you, or if you wish to stop receiving information or Newsletters from CATO Creative, please contact email@example.com. Your rights as a data subject are also listed below.
- Phone calls
Phone calls to us may be recorded (manually or electronically and in note form), and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
- Social media
We use social media to engage with users and link to our Pinterest, Facebook, Twitter, Instagram, LinkedIn and Google+ pages. We do not keep any specific data that identifies you as an individual user, but hold details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.
We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.
- Information collected automatically
- Information we get from other sources
6. How do we use your data?
We may use the information we collect from you in the following ways:
- To administer and improve the website
- To personalise the content and your experience of the website
- To allow us to respond to communications sent to us
- To administer a site feature
- To send you email notifications which you have specifically requested
- To send to you Newsletters and marketing communications, where expressly agreed
- To provide third parties with statistical information about our users
- To ask for feedback, or testimonials
- To publish photographs representative of our services for promotional purposes
- To deal with enquiries and complaints made by or about you relating to the website.
Users contacting our website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
By providing us with your data, you warrant that you are over 13 years of age.
7. How is Information Shared?
We sometimes need to share personal data with others to provide our services and to comply with all aspects of data protection legislation. We recognise that individuals have a right to be informed about the collection and use of their personal data and that this should meet the principle of transparency under the GDPR.
- CATO Creative will share data in the following ways:
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
We will ask for your consent to photographs and will only take identifying pictures if we have your permission to do so. Photos may be used for the marketing purposes of CATO Creative and may appear in printed promotional material, or on social media. You have the right to withdraw consent for photographs at any time by contacting us at firstname.lastname@example.org
Our Data Processors
We may use Data Processors who act on our instruction in relation to the management of personal data and they must adhere to all data protection laws and regulations. This includes 3rd parties that we use to supply our services. They are provided with personal data on a need-to-know basis and must follow our data security procedures as appropriate.
We will ensure that Data Processors we use only operate on our written instructions and comply with their obligations under the GDPR (General Data Protection Regulation) and all other relevant data protection legislation as may be in force from time to time.
We will only send you emails or other marketing communications where you have previously used our services or registered for our Newsletter or Blog and this will be on the basis of being legitimate to our business. You have the option to request that we remove your details from our mailings at any time by contacting us at email@example.com
Non-personally identifiable visitor information may be provided to third parties for marketing, advertising or other uses.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
CATO Creative uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
We may ask you for a testimonial in relation to our services that may be used on our website or social media. Your full name and company may be used. Data is only published on the basis of valid consent obtained from you.
CATO Creative does not accept payment for services online and does not store or process payment data on our servers. We do not share financial details with 3rd parties.
Payments made directly to us do not require us to process your personal data and only transactional data will be held, both in our manual and electronic filing systems.
8. How long is data kept for?
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.
9. What Security Measures do we take?
Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
We take appropriate steps to ensure a safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
10. Where is Personal Data Stored?
Our website is hosted in the US and is compliant with the EU-US Privacy Shield. Any information that you supply to us may be stored and processed by servers located in the EEA or a country that provides adequate safeguards of data. Your data may be transferred in accordance with the relevant data protection laws.
11.What are Your Rights?
CATO Creative recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
- Subject access requests
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to firstname.lastname@example.org. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
- Right to rectification
Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.
- Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.
- Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful - data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
- Right to data portability
Data subjects have the right to obtain and request the transfer of their data to different service providers.
- Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.
- Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
- Using your rights
If you wish to invoke any of these rights, you should contact the person responsible for data protection by emailing us at email@example.com
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised.
If a data breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. All relevant breaches will be reported to the Information Commissioner’s Office (ICO), see Important Information below.
1. What are Cookies?
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session cookies may be used to validate your access to different parts of the website.
2. Disabling Cookies
To the extent that cookies data constitutes personally identifiable information, we process such data on the basis of your consent.
4. Types of Cookies
Cookies may also be classed by the time that they are placed on a user’s device.
- Persistent cookies - these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
- Session cookies - these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies are used for different purposes and these may fall into one of the below categories:
- Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
- Some cookies may be unclassified.
5. Cookies we use
The Cookies we use are shown in this table below.
|_ga||catocreative.com/ Google Analytics||HTML||Statistical data on how user uses the website||2 years|
|_gid||catocreative.com/ Google Analytics||HTML||Registers unique ID for statistics on website use||Session|
|_gat||catocreative.com/ Google Analytics||HTML||Used to throttle request rate||Session|
|collect||Google-analytics.com||Pixel||Used to track visitors device & behaviour||Session|
|lidc||HTTP||Tracks use of embedded services||Session|
6. Consent to Cookies
CATO Creative uses tracking software provided by Google Analytics to monitor its visitors, and to better understand how they use the site. See above table. The software will save a cookie to the user’s hard drive in order to track and monitor engagement and usage of the website. The cookie will not store, save or collect personal information.
8. Further Information on Cookies
Information is also available at www.ec.europa.eu/ipg/basics/legal/cookies/index_en.html
Third Party Rights
Jurisdiction and Governing Law
Copyright © 2018 CATO Creative Limited