Last updated: 4th May, 2019
We take our commitment to your privacy seriously, and we treat any information you provide to us with care. This policy describes what Eira Studios (“we“, “our” or “us“) do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services, over the phone, online, through our website or when interacting with us on social media (our “Services“).
Who we are
- We are Eira Studios, a small family-run digital studio based in Tideswell, United Kingdom.
What Information We Collect
- When you contact us via our contact form or interact with our website we may ask you for certain information and you may submit personal data to us (e.g. your name, phone number, email address and contact details). We may also record which products and services you are interested in as well as customer traffic patterns and site use.
- Some examples of how information may be collected by us:
- The Information You Provide Us: We receive and store information that you submit when using our website or that you provide us in any other way (e.g. by email or phone). This information may be provided when contacting us by phone; email; or by submitting support requests or queries via our contact form.
- Information We Collect When You Use Our Services: We receive, process and store certain information whenever you interact with our websites. Like many websites, we use “cookies” and other tracking technologies which obtain certain information automatically when your web browser accesses our website. Information automatically received by us may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, landing page, and referring URL; clickstream/path analysis of your journey through our website; and products or services you searched for. We may also use software tools to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks).
- Email Communications: To help us make our email newsletters more useful and interesting for our subscribers we attempt to receive a confirmation when you open and click on email newsletters from us (if your email software/service supports this option). If you no longer wish to receive email newsletters you can unsubscribe in the footer of our email newsletters or by contacting us at any time.
- Information from Third Parties: We may receive information about you from other sources and add this to our account information. For example, we may update address information using data from third parties (such as the Royal Mail “Change of Address” File), which we may use to correct our records.
- Commenting on Our Blog: When you leave comments on our blog we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.
How We Share Information
- We may share the information we collect in various ways, including the following:
- Service Providers:
- We may share information with third-party service providers that provide services on our behalf, such as helping to provide our Services, for promotional and/or marketing purposes.
- Marketing Campaigns:
- We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “double opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them during signup or other interactions on our website and have confirmed your email address.
- Aggregate Information: Where legally permissible, we may use and share information about users with our partners in an aggregated or de-identified form that can’t reasonably be used to identify you.
- Third-Party Partners: We may also share information about users with third-party partners in order to receive additional publicly available information about you.
- Business Transfers: Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- Service Providers:
- Our site uses TLS encryption technology, to keep the information you give us as secure as possible. We only accept contact requests through web browsers that allow communication through Transport Layer Security (TLS – The successor to the SSL protocol) protocol. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- We employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website (e.g. SerenDash our CRM platform), you are responsible for keeping this password confidential. It’s important that you also take responsibility for protecting your account information. Make sure your password is strong, don’t share it with others, and try not to use the same one for lots of online accounts. Don’t send your password by email – we’ll never ask you to do so. We won’t ask you for your password information over the phone; we’ll advise you on how to reset it.
- We only use third-party services that are fully vetted and adhere to the highest levels of privacy and security practices.
- We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
- When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your Data Protection Rights Under The General Data Protection Regulation (GDPR)
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us here.
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request the portability of your personal information. Again, you can exercise these rights by contacting us here.
- You have the right to require us to erase or anonymise your personal data which we are handling in the following circumstances:
- We no longer need to use your personal data for the reasons we told you we collected it for.
- Where we needed your consent to use your personal data and you have withdrawn your consent and there is no other lawful way we can continue to use your personal data.
- You object to our use of your personal data and we have no compelling reason to carry on handling your personal data.
- Our handling of your personal data has broken the law.
- We must erase your personal data to comply with a law we are subject to.
- You have the right to receive the personal data we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your personal data.
This right only applies to your personal data that we are handling because you consented to us using it or because there is a contract in place between us.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing emails we send you or by contacting us.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
- Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Our site connects you to different websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Where We Store Your Personal Information
What Data Breach Procedures Do We Have In Place
- Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report any such incident to any required data protection authority.
- We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.
Changes To This Policy