Whitesands Media Limited
Privacy Policy and Notice

25th May 2018

Whitesands Media Limited trading as Sawley Studios ("us", "we" or "our") is committed to respecting your privacy and to complying with applicable data protection and privacy laws.

You can visit our website(s) without disclosing any personally identifiable information about yourself (although please note that we may use cookies and collect other non-personally identifiable information about your browsing activity - see our cookie policy for detailed information).

If you do submit personal information by ordering products, services or completing a web form registration, for example, you can be assured that we will use your personal information only to support your continuing relationship with Whitesands Media.

We have provided this Privacy Policy Statement to help you understand how we collect, use and protect your information when you visit our website(s) and when you generally use our products and services.

We wish to help you make informed decisions, so please take a few moments to read the sections below and learn how we may use your personal information.

Personal Information Collection

We endeavour to collect and use your personal information only with your knowledge and consent and typically when you order and subsequently use our products and services, make customer enquiries or register for information, request product information, submit a job application or when you respond to communications from us (such as questionnaires or surveys).

The type of personal information we collect is kept to an absolute minimum for us to communicate and supply you with enquiry responses or our goods and services. This is typically only your name and the other elements are business details, such as, postal address, telephone number, email address and other key contact information. We understand many of our clients have a cross-over with personal and business contact information so treat all data captured in the same way, as personally identifiable data.

If you choose to provide us with personal information it will only be used in support of the intended purposes stated at the time at which it was collected.

Non-personal Identifying Information

We may also collect non-personally identifying information about your visit to our websites using cookies. This information may include the pages you browse and products and services viewed. We also use ASP.Net session cookies to enhance your browsing experience and allow our website to function.

No personal data is stored in these cookies and they are only stored for the duration of your visit to our web pages.

Further information on cookies can be found in our Cookie Policy here.

How will we use your information?

We only use your information for the purpose in which you gave it to us. This could be for an enquiry or for billing and contact information for our products and services.

How long do we keep your information for?

To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it for the purposes we acquired it for in the first place.

In most cases, this means we will keep your information for as long as you continue to use our services, and for a reasonable period afterwards. After that we will delete it, other than where we lawfully need to keep any data (7 years for accounting records and VAT reporting).

We keep data on our prospects for no longer than 3 years from receipt, subject to an individual's right to unsubscribe or be forgotten at any time.

Access to your Information

You can write to us at any time to obtain details of the personal information we may hold about you, request amendments or remove data (where we have no legal obligation to store such information). Please write to: info@sawleystudios.co.uk or Data Information, Whitesands Media, 23 Gloucester Road, Southport, PR8 2AU.

Please quote your name and address together with a preferred contact method (e.g. Telephone Number).

We will respond to any requests no later than the nearest subsequent business day on the equivalent date of the day after receiving the initial enquiry in the following Calender month or, where there isn't such a date the nearest subsequent business day according to the last day of the following month. Any changes or deletions will also be handled within the same timescale of receiving the request. This is usually within 28 days of receiving the initial request.

We will take all reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.

Information Security

Whitesands Media recognises that it is important to protect personal information from misuse and abuse and about privacy in general. We are constantly reviewing and enhancing our technical, physical and managerial procedures and rules to protect your personal data from unauthorised access, accidental loss and/or destruction. We use industry standard certificates to provide encryption of data in transit where applicable, for example, all access to the management portals and servers we use internally are covered by secure connections.

Please be aware that communications over the Internet, such as emails/webmails, are not secure unless they have been encrypted. Your communications may route through several countries before being delivered - this is the nature of the World Wide Web/Internet. Whitesands Media cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

Whitesands Media as a Data Processor

Several clients use our services to host websites and access emails and/or manage website data via various management consoles (e.g. Quaystone and Wordpress) and for these clients Whitesands Media act as a Data Processor.

As a Data Processor we have procedures and access rules in place to ensure the personal data stored on behalf of clients is fully restricted and securely stored and accessed. This extends to our suppliers and anyone with access to personal data stored on our facilities.

Our two hosting providers (UKFast and Fasthosts) both have, amongst other procedures and practices, ISO 27001 accreditation. This is designed specifically as a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. By continuing to use Whitesands Media as a data processor (to host websites, emails and personal data) clients agree to use UKFast and Fasthosts as third-party suppliers.

Whitesands Media works closely with its hosting providers to ensure all hosting and storage of information is done in accordance with the latest GDPR, and other, legislation.

We never access personal data without the documented request of the client and this is always handled in accordance with relevant data laws and security procedures.

Remote admin access to our servers is strictly restricted to key personnel within our technical support team and our team will only access a server to resolve an issue reported, and documented, by the client or to ensure that the hosting service level expected by a client is met (e.g. system monitoring for performance and/or security reasons).

At no point will Whitesands Media, or any third party supplier, access any personal data stored on any of our servers without the express, documented, permission of the client (data controller). Where access is granted, or required for legal reasons, this will be done under the strictest confidentiality and the data will never be removed, duplicated or used away from the secure environments or for any purpose for which expression has not been explicitly given.

Data centre staff will have physical access to the servers, but our suppliers have strict protocols in place to ensure they only do so, if requested by a member of our technical support team and such a request will only be in cases when they need to carry out a visual check of a server or carry out physical maintenance on the server itself.

Where it is required to access personal data for the purposes of software development the use of this data is strictly prohibited to this use and any copies made on our secure development environment will be destroyed as soon as the development is complete.

As a Data Processor Whitesands Media are not responsible for gaining permissions to store and process personal data under GDPR legislation. This remains the sole responsibility of the data controllers (our clients).

Whitesands Media assumes all data stored has been done so with the permission of the subject and is only responsible (along with our third party providers) for the security and integrity of the data once submitted to our servers. The type of data stored, retention periods, management and deletion of personal data is the responsibility of the Data Controllers.

GDPR compliance is the sole responsibility of the client but as a Data Processor Whitesands Media is also responsible for its own GDPR compliance, and that of our suppliers.

Whitesands Media will work with our clients to help their use of our services remain GDPR compliant throughout their contract with us and we will take all reasonable measures to supply clients with any supporting documentation pertaining to their contracts, comply and assist with all legal requirements (such as audits and inspections), assist as much as possible in helping clients with their own GDPR compliance generally (specifically around access and management of data held on subjects) and fully comply with all required practices in the unlikely event of a data breach.

Our facilities and services are constantly monitored and reviewed for security and integrity purposes and in the event of a data breach at any level this will be reported to clients immediately, and certainly within 72 hours, upon noticing the breach with full disclosure of any breach and likely impact on personal data stored on the facility.

If you believe there has been a breach for any reason clients must contact us immediately and, again, no later than 72 hours, with as much information as possible at: info@sawleystudios.co.uk or Data Information, Whitesands Media, 23 Gloucester Road, Southport, PR8 2AU.

Upon termination of a contract with Whitesands Media any personal information held on behalf of our clients will be deleted. We will retain the client's details for legal reasons (tax reporting and accounting) but any subjects data will be removed along with as much personal data pertaining to the client as possible.

Privacy Support

Whitesands Media reserves the right to amend or modify this Privacy Policy Statement at any time and in response to changes in applicable data protection and privacy legislation.

If we decide to change our Privacy Policy, we will post the changes on our website so you know what information we collect and how we use it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will tell you. You will have a choice as to whether we are able to use your information in this different manner.