Your privacy is very important to us.
1. General information
Who we are
Our website address is: https://lanedesignstudio.com.
Lane Design Studio Limited is designated as a data controller and a data processor.
What is a data controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
What is a data processor?
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
What is data processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
2. What information we collect and why we collect it
We collect your personal data. When we say your “personal data” we mean any information that identifies any person, that you provide to us or that is contained in any other information that you provide to us, or that you authorise a third party to give to us on your behalf.
Personal data relates to any information about a natural person that makes that person identifiable, which may include (but is not limited to):
- Names and contact information (ie. postal addresses, email addresses and telephone numbers)
- National Insurance numbers
- Employment history
- Employee numbers
- Credit history
- Personal tax details
- Payroll and accounting data
- Bank account details
Sensitive personal data
We do not collect or process sensitive personal data, as defined under GDPR, for example:
- Medical conditions
- Religious or philosophical beliefs and political opinions
- Racial or ethnic origin
- Biometric data (eg. photo in an electronic passport)
Children under the age of sixteen
We do not knowingly collect or solicit any personal data from anyone under the age of sixteen. In the event that we learn that we have collected personal data from a child under the age of sixteen without verification of parental consent, we will delete that information as quickly as possible.
Credit and debit card details
We do not accept payment by credit or debit card so we will neither collect nor store any credit or debit card details from you.
3. How do we collect information about you?
We may receive your personal data via email from you. Emails are sent normally over the internet and this can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems.
Via telephone, online or face-to-face meeting
If we receive personal data from you via non-electronic means we will ensure that the data is transferred to electronic storage as soon as possible.
Via our website
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
An IP (or Internet Protocol) address is a unique numerical address assigned to a computer as it logs on to the internet. Your IP address is logged when visiting our website, but our Analytics software only uses this information to track how many visitors we have from particular regions.
Via internet-based advertising
If we choose to use internet-based advertising, for example Linkedin, Facebook or Twitter advertising services, we will install tracking codes on our website so that we can manage the effectiveness of these campaigns. We will not store any personal data within this type of tracking. At present, we do not use internet-based advertising.
4. How we use your data?
We use your personal data to provide the services you have requested from us. We will only use your data subject to your instructions, be they given to us by telephone, email or any other method.
We will use your data to contact you for business reasons, eg. to discuss a proposed, ongoing or past project, for accounting purposes or to facilitate our ongoing client/supplier relationship (for example to update you on office opening hours or similar).
We will only use your data in this way where:
- you have provided consent, or
- we have legitimate business reasons for doing so, or
- we have a contract with you, or
- we are otherwise entitled by law to do so.
If you would like us to stop using your details for these reasons, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
For our business-to-business clients and contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
For our business-to-consumer clients and contacts our lawful reason for processing your personal information will be “a contract with the individual”, for example to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.
Our work for you may require us to pass your information to third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, or for other business-related reasons. However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the services and we will only share your data with third-parties that we trust, and where there are assurances in place as to how they will protect the data.
We will not use your data for marketing purposes.
We will not sell or pass your data to a third-party for marketing purposes.
We may use your personal data to comply with any legal obligations to which we are subject.
Transferring your information outside of Europe
As part of the services offered to you by us, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are in place so that your privacy rights continue to be protected as outlined in this Policy. By submitting your personal data, you agree to this transfer, storing or processing. If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
5. How do we keep your data secure?
Your own personal data
When you give us personal information, we take steps to make sure that it’s treated securely. The majority of your personal data which is not generally publically available (for example, your bank account details) is stored on a third-party service, which had end-to-end encryption and is protected with the following software: 128 Bit encryption on SSL.
The personal data of others
If you need to send us the personal information of your own contacts (for example, a list of your shareholders/clients for mailing purposes), we will ask you to send this directly to the third-party we have chosen for your mailing, whether that be an electronic or a hardcopy mailing. Data should be sent via a secure share-file service of your choosing and any passwords should be sent to the third-party in a separate email and from a separate email address.
Information received using internet-based email clients
Non-sensitive details (such as name, job title, telephone number, email address etc.) are sent normally via email over the internet, which can never be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any information you transmit to us via a non-secure system and therefore you use a non-secure system at your own risk. Once we receive your information, we make our best effort to ensure its security on our own systems. Our emails are stored and secured by Google Cloud. Information about their services can be found at: https://cloud.google.com/security/gdpr/resource-center/
We make secure, encrypted backups which are are stored and secured by Apple iCloud Storage. This includes two‑factor authentication for added security. Learn more about iCloud Security.
6. How long will we hold your data?
We will hold your data indefinitely. The reason for this is that many countries require us retain our business records going back several years, even if we cease trading.
Reviewing your data
It is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
Amending your data
It is your right to ask us to amend your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
Deleting your data
It is your right to ask us to delete your data at any point. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form. Asking us to delete your data will necessarily terminate our client relationship with you.
Supplying your data
It is your right to ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to a specific data controller. Please contact us using the details below. We will send you the appropriate form of instruction and will carry out your request within 30 days of receipt of your correctly completed form.
If you feel that your personal data has been processed in a way that does not meet the GDPR, it is your right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website at https://ico.org.uk.
8. How to contact us
Data Controller, Lane Design Studio Limited, Matrix House, 12-16 Lionel Road, Canvey Island, England, SS8 9DE.