Privacy Policy

The dreary but important legal stuff about our privacy policy and what we do with cookies when you browse the site.

Last updated: 4th May, 2019

We take our commitment to your privacy seriously, and we treat any information you provide to us with care. This policy describes what Eira Studios (“we“, “our” or “us“) do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

This policy applies to you if you use our products or services, over the phone, online, through our website or when interacting with us on social media (our “Services“).

We recommend that you read this Privacy Policy in full to ensure you are fully informed. If you have any questions about this policy or our data collection, use, and disclosure practices, please contact us.

Who we are

  • We are Eira Studios, a small family-run digital studio based in Tideswell, United Kingdom.

What Information We Collect

  • When you contact us via our contact form or interact with our website we may ask you for certain information and you may submit personal data to us (e.g. your name, phone number, email address and contact details). We may also record which products and services you are interested in as well as customer traffic patterns and site use.
  • Some examples of how information may be collected by us:
    • The Information You Provide Us: We receive and store information that you submit when using our website or that you provide us in any other way (e.g. by email or phone). This information may be provided when contacting us by phone; email; or by submitting support requests or queries via our contact form.
    • Information We Collect When You Use Our Services: We receive, process and store certain information whenever you interact with our websites. Like many websites, we use “cookies” and other tracking technologies which obtain certain information automatically when your web browser accesses our website. Information automatically received by us may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, landing page, and referring URL; clickstream/path analysis of your journey through our website; and products or services you searched for. We may also use software tools to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks).
    • Email Communications: To help us make our email newsletters more useful and interesting for our subscribers we attempt to receive a confirmation when you open and click on email newsletters from us (if your email software/service supports this option). If you no longer wish to receive email newsletters you can unsubscribe in the footer of our email newsletters or by contacting us at any time.
    • Information from Third Parties: We may receive information about you from other sources and add this to our account information. For example, we may update address information using data from third parties (such as the Royal Mail “Change of Address” File), which we may use to correct our records.
    • Commenting on Our Blog: When you leave comments on our blog we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.

How We Share Information

  • We may share the information we collect in various ways, including the following:
    • Service Providers:
      • We may share information with third-party service providers that provide services on our behalf, such as helping to provide our Services, for promotional and/or marketing purposes.
    • Marketing Campaigns:
      • We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “double opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them during signup or other interactions on our website and have confirmed your email address.
      • We use MailChimp for our email marketing. MailChimp’s privacy policy is available here.
      • We may utilise social media and web advertising campaigns. These service providers use cookies on our websites and/or pixel tracking to serve ads across different platforms.
    • Aggregate Information: Where legally permissible, we may use and share information about users with our partners in an aggregated or de-identified form that can’t reasonably be used to identify you.
    • Third-Party Partners: We may also share information about users with third-party partners in order to receive additional publicly available information about you.
    • Analytics: We use analytics providers such as Google Analytics. Google Analytics uses cookies to collect non-identifying information. Google provides some additional privacy options regarding its Analytics cookies at policies.google.com/technologies/partner-sites.
    • Embedded Content from Other Websites: Embeds are pieces from other websites that are shown from time to time on our websites. They behave in the exact same way as if the visitor has visited the other website and may use cookies or capture information. Typically, embedded content is from websites that share videos, images, or other content. These services may collect your IP Address, your User Agent, store and retrieve cookies on your browser, embed additional third-party tracking, and monitor your interaction with that embedded content, including correlating your interaction with the content with your account with that service, if you are logged in to that service. Links to the privacy policies of the most common services have been included below.
    • Business Transfers: Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
    • As Required by Law and Similar Disclosures: We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms and Conditions, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organisations for fraud protection and spam/malware prevention.

Data Security

  • Our site uses TLS encryption technology, to keep the information you give us as secure as possible. We only accept contact requests through web browsers that allow communication through Transport Layer Security (TLS – The successor to the SSL protocol) protocol. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
  • We employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
  • Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website (e.g. SerenDash our CRM platform), you are responsible for keeping this password confidential. It’s important that you also take responsibility for protecting your account information. Make sure your password is strong, don’t share it with others, and try not to use the same one for lots of online accounts. Don’t send your password by email – we’ll never ask you to do so. We won’t ask you for your password information over the phone; we’ll advise you on how to reset it.
  • We only use third-party services that are fully vetted and adhere to the highest levels of privacy and security practices.

Data Retention

  • We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
  • When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your Data Protection Rights Under The General Data Protection Regulation (GDPR)

  • If you wish to accesscorrectupdate, or request deletion of your personal information, you can do so at any time by contacting us here.
  • In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request the portability of your personal information. Again, you can exercise these rights by contacting us here.
  • You have the right to require us to erase or anonymise your personal data which we are handling in the following circumstances:
    • We no longer need to use your personal data for the reasons we told you we collected it for.
    • Where we needed your consent to use your personal data and you have withdrawn your consent and there is no other lawful way we can continue to use your personal data.
    • You object to our use of your personal data and we have no compelling reason to carry on handling your personal data.
    • Our handling of your personal data has broken the law.
    • We must erase your personal data to comply with a law we are subject to.
  • You have the right to receive the personal data we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your personal data.
    This right only applies to your personal data that we are handling because you consented to us using it or because there is a contract in place between us.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing emails we send you or by contacting us.
  • Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.

Third-Party Websites

  • Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Our site connects you to different websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Where We Store Your Personal Information

  • The information that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

What Data Breach Procedures Do We Have In Place

  • Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report any such incident to any required data protection authority.
  • We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.

Your Consent

  • In using our website, you consent to the collection and use of this information by Eira Studios in the ways described above. If you have any further questions about our privacy policy or its implementation, please contact us. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and in what circumstances we disclose it.

Changes To This Policy

  • We may change this Privacy Policy from time to time. If we make significant changes in the way we treat your personal information, or to the privacy policy, we will make that clear on our websites, or by some other means such as email, so that you are able to review the changes before you continue to use our service.

Changelog:

  • 4th May 2019 – Made the policy language more user-friendly, specifically outlined data use and the collection as per the General Data Protection Regulations (GDPR). This was done last year on our client-facing Privacy Policy, but it seems I missed the public facing one.