Effective date: 7th Feb, 2019
In accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 introduced in 2018, users of personal data have to protect your data to a high standard and advise why they need the data, and for how long they store it for. You also have a right to be forgotten and have your data erased. This section will advise you on our policies to abide by this regulation.
MediaSkyscraper is committed to respect and uphold everybody’s right to privacy, to process personal data securely and to comply with legislation prevailing in the UK. This policy describes what we do to achieve this.
Definition of terms used in this policy
‘We’, ‘Us’ and ‘Our’ refer to MediaSkyscraper
‘You’ and ‘Your’ refer to a client of MediaSkyscraper. You may be a customer or member of our emailing list.
‘Processing’ means collecting and storing data, and using it to contact you if consent is given.
‘Our website’ means https://mediaskyscraper.com.
‘Device’ means any computer, tablet, smartphone or other equipment equipped with a web browser and connected to the internet.
‘GDPR’ means the General Data Protection Regulation.
‘PCI-DSS’ means Payment Card Industry Data Security Standard.
‘HMRC’ means Her Majesty’s Revenue and Customs, the UK tax authority.
‘Full card details’ means the card number, expiry date, name of account holder and CVC number of any debit, credit or charge card.
‘Information’ and ‘Data’ are used interchangeably.
mediaskyscraper.com is a secure website protected by Secure Socket Layer (SSL), as indicated by the padlock symbol in your browser. SSL protects data by encrypting it as it travels over the internet between your web browser and the server.
Information collection and use
We collect several different types of information for various purposes to provide and improve our service for you.
Types of data collected:
While using our service, we may ask you to provide us with certain personally identifiable information that can be used to provide you our service, contact or identify you (“Personal Data"). Personally identifiable information may include, but is not limited to:
First name and last name
Address, State, Province, ZIP/Postal code, City
Cookies and Usage Data
We may also collect information about how the service is accessed and used (“Usage Data"). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
WordPress specific related data:
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
-Embedded content from other websites, that are used on the WordPress platform, that our website uses, and has therefore added
Why do we process personal data?
We need to collect and store your personal information so that we can fulfil your order, contact you, and identify you.
Our legal basis under Article 6 of the GDPR for processing personal data in any given instance is one or more of:
6.b) Processing is necessary for the performance of a contract to which you are party, specifically the supply of online services by MediaSkyscraper.
6.c) Processing is necessary for compliance with a legal obligation to which we are subject, in particular, the retention of records for a specified time for tax purposes (see below).
6.f) Processing is necessary for the purposes of legitimate interests pursued by the data controller, specifically the collection of statistical data to assist in improving our offer and website to the mutual benefit of you and us.
What data do we process?
The personal information we collect and store is limited to that shown on our order confirmations and invoices, as follows:
– Your name and address
– Your telephone number
– Your email address
– Your payment reference or method
– The services you purchased from us
Disclosure of data
MediaSkyscraper may disclose your Personal Data in the good faith belief that such action is necessary to:
-To comply with a legal obligation
-To protect and defend the rights or property of MediaSkyscraper
-To prevent or investigate possible wrongdoing in connection with the service
-To protect the personal safety of users of the service or the public
-To protect against legal liability
Security of data
The security of your data is of vital importance to us. You must be aware that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Visitors comments may be checked through an automated spam detection service.
Online payments and financial data
Online payments are made through the secure website of our Payment Service Provider (PSP) Stripe. Our PSP (Stripe) is PCI-DSS compliant to the highest level, ensuring that your card details are secure. We (MediaSkyscraper) never see your full card details because you enter them directly through the PSP website. The only payment information we see and store is either the last 4 digits of the card number and the expiry date, details may be shown on our invoices for your reference.
We may employ third party companies and individuals to facilitate our Service (“Service Providers"), to provide the service on our behalf, to perform service-related services or to assist us in analysing how our service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Providing you have entered your email address on our website, you are likely to receive emails from us for marketing, service fulfilment, and informational reasons. You can unsubscribe at any time using the “unsubscribe" link at the bottom of every email we send to you. Apart from when we are sending emails to deliver on our contract with you. In this case, you can write to our email address listed at the bottom of this document to have your account terminated but this will make fulfilment of our contract with you impossible and therefore nullify our said contract obligations.
We may use third-party Service Providers to monitor and analyse the use of our service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Links to other sites
We have no control over and assume no responsibility or liability for the content, privacy policies or practices of any third party sites or services.
Our service does not knowingly address anyone under the age of 18 (“Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
How is personal information stored?
Personal information is stored electronically and is encrypted to prevent unauthorised access.
Your right to rectification
In accordance with article 16 of the GDPR, if you notice that we have stored any of your personal data incorrectly, please contact us via email and we will correct it straight away.
How long do we keep your data for?
HMRC rules require us to keep records for at least 6 years after the January tax return submission date. To make sure we comply, we keep sales and purchase invoices for 7 years before deleting or destroying them.
If you have opted into our emailing list you may request that your email address is removed from the list at any time. If we have not had any contact with you for 6 years, all your personal data will automatically be deleted including your entry in our emailing list.
All old computer equipment will have the hard drives removed, and destroyed. We never dispose of old computers with the hard drives fitted.
-Wordpress specific related data retention periods
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Your ‘right to be forgotten’
In accordance with article 17 of the GDPR, your personal data will be deleted when:
- a) The information is no longer necessary for the purposes for which it was collected, or
- b) You withdraw consent and there is no other legal ground for processing under Article 6 (see ‘Why do we process personal data?’ above).
Can we supply a copy of the data we hold?
Yes, send a self-addressed envelope with postage attached and we will be able to forward you any information that we hold. The self-addressed envelope must be to the name and address that we have on file so that we are not sending to the wrong person.
If you have moved, then please contact us as we may need proof of name and address to ensure we are sending to the correct person.
Although we are happy to send you the data we hold, this is typically only the following information:
Method of payment (but not payment data such as card numbers)
GDPR compliant partners
We will never share your personal data knowingly with third parties, except where necessary in order to process your orders, limited data may be passed to carefully selected partners with the view of fulfilling your order.
Our payment partner who will process your payments on our behalf;
We may also share your personal information for the purposes of law enforcement if requested by the Police, or if a chargeback occurs which needs to be investigated.
In the unlikely event of a data breach, we will contact the UK supervising authority (Information Commissioner’s Office) and yourself in accordance with articles 33 and 34 of the GDPR.
By email: firstname.lastname@example.org
By post: MediaSkyscraper
27 Old Gloucester Street