Rest assured that we take your privacy seriously and are 100% committed to protecting it.
We’ve been in business for many years; during which we’ve been customers of hundreds of suppliers ourselves. So, we completely understand how important it is to respect the information you give us about yourself.
The new rules contained within the General Data Protection Regulation (GDPR) govern what can and can’t be done with information about you- and we’ve studied them to make sure we’re crystal clear about our obligations.
We’ve written our Privacy & Data Protection policy to cut through the legal jargon and spell out exactly what we do with what you’ve told us about yourself and your business.
In a nutshell, it all boils down to five Wordplay Group Ltd Privacy Pledges. We promise that we will:
1. only use the information you give us to improve the service we deliver
2. protect your data like it’s our own
3. only ever talk your language. No nonsense, no spam, and no cleverly worded sentences that
leave you baffled
4. give you the power to decide what and how you hear from us
5. delete your information as soon as we no longer need it or you ask us to do so
This Privacy Notice sets out what personal data we, Wordplay, hold about you and how we collect and use it. It applies to all clients whether you’re a business or an individual buying our services or browsing our website.
We are required by data protection law to give you the information in this Privacy Notice. It is
important that you read it carefully together with any other similar or additional information that we might give you from time to time about how we collect and use your personal data.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation came into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.
Who is the controller?
Wordplay Group Ltd (The Old Wheelhouse, Client Road, Hampsthwaite, North Yorkshire HG3 3AA) is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
We also have a Data Protection Coordinator who is committed to making sure Wordplay is looking after all your information. If you have any queries, you can reach us in relation to Data Protection at firstname.lastname@example.org
So, what is personal data?
Personal data means any information relating to a living individual who can be identified (directly or indirectly) using the information you give us (eg name, job title, company address, email address, mobile number etc.). It can be factual (eg contact details or date of birth), or an opinion about an individual’s actions or behaviour.
Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data). But don’t worry; we don’t collect special category data from our clients!
What type of ordinary personal data do we hold about you and why?
We collect, hold, and use the following types of ordinary personal data about you:
- Publicly available information about you, such as your business social media presence,
Numbers your web sites and business cards, contact email details etc
- Data including name, address, email address, company registration number, company VAT
number, your account activity, contact number etc
- If we should ever record ‘phone calls for quality and training purposes, we would hold the recordings so that we can:
o process your enquiry or project brief and correspond with you about it
o make sure you are receiving the quality of service you expect
o invoice you for our services
o chase outstanding payments
o maintain your account with us
o maintain any ongoing commitments
In addition to this, there’s our marketing programme.
If you’ve said we can do so, we’ll send you marketing messages by email, text and snail mail to keep you aware of what we’re up to and to help you see and find our products and services.
You can stop receiving marketing messages from us at any time, by:
- calling us to tell us not to talk to you any more
- clicking on the ‘unsubscribe’ link in any marketing email
- contacting us at email@example.com
Once you do this, we’ll update our records to ensure that you don’t receive further marketing
messages. Please note though, that it might take a few days for all our records to be updated and so you might get messages from us while we process your request.
What are our legal grounds for using your ordinary personal data?
The new regulations set out specific reasons under which we can process this information about
When we ask you for your details, we will use one or more of the following reasons as to why we are asking for it:
- we need it to take steps (at your request) to enter a contract with you
- we need it to comply with a legal obligation, eg the obligation to provide the service you
- it is necessary for our legitimate interests (or those of a third party) and your interests and
your rights (we will cover these later!) do not override those interests (legitimate interest)
For example, if you send us an enquiry through our website, it is in our legitimate interest to get in touch with you to follow up on the query.
How do we collect your data?
You provide us with most of the personal data about you that we hold and use, for example when you reach out to us via online channels such as our web site or in response to our marketing.
Some of the personal data we hold and use about you is generated from internal sources. For
example, we may make notes against your account on our internal CRM system to specify your
Some of the personal data about you that we hold and use may come from external sources.
For example if you send out copies of your brochure.
Who do we share your personal data with?
We may share some of your data with the following people, the types of data and our legal grounds for doing so are detailed below:
- Where you make an enquiry on our website about a service provided by one of our strategic partners, we may pass some of your information onto one or more of them. We have a legitimate interest in sending your details to them so they can help you with your needs. The data we share may include: name, address, contact number, email address etc
- We may share client information with delivery companies when we need to send information to you quickly that doesn’t suit electronic channels. We use companies such as royal mail and reputable delivery companies for this. We need to share your data with these companies to perform the contract we entered into with you
- Every year we submit business information to our financial advisors and corporate authorities (eg HMRC and Companies House), and as part of this process they will have access to client information to make sure we aren’t being fraudulent in our activities. This is a legal obligation that we have as part of our business operations
- We may share a client’s details with county courts and debt collectors if the client fails to pay a debt owed to us
- In special circumstances at your request, we may share your personal data with suppliers and manufacturers
- We also invest in understanding how you came to find us on the internet. This means we share things like mouse-clicks and IP addresses with companies like inspectlet.com. We have a legitimate business interest in finding out this information as it helps to improve our websites
- When you communicate with us via our web site, this is hosted by a third-party company
who host all of our data. We are satisfied that they have taken steps to ensure that this is
secure and only the necessary Wordplay employees can see your personal data. We have a
legitimate business interest in using their services and hosting platform
- If you choose to request any email newsletter that we produce and explicitly give your consent for us to send you subsequent issues and other marketing material via our opt-in process, the email address that you submit to us will be stored in our database and forwarded to any third parties who provide us with email marketing services
- We may share your information with our suppliers to tell you about the launch of a new product or service. For example, we may share your company address with a printing supplier to send you information
Consequences of not providing personal data
If you do not wish to provide us with your information, that’s entirely your choice. Please bear in
mind that if you don’t provide us with the information we require for the reasons we have stated,
we won’t be able to supply you with information about our services and may not be able to trade with you.
How long will we keep your personal data?
We hate saying to goodbye, but we’ll only hold onto your information for as long as it’s needed to be able to fulfil our contract to supply you and provide our services to you.
If we think it’s reasonably necessary or if we’re required to meet legal or regulatory requirements, resolve disputes, prevent fraud, and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required even after you have closed your Account with us – assuming it’s no longer needed to provide services to you.
The regulations set out the rights that everyone has if a business is processing data about you,
- The right to make a subject access request. This enables you to receive certain information
about how we use your data, as well as to receive a copy of the personal data we hold about
you and to check that we are doing exactly what we say we are doing!
- The right to request that we correct incomplete or inaccurate personal data that we hold
about you. This speaks for itself, if we have the wrong email address or phone number, you
have the right to tell us to make it right!
- The right to request that we delete or remove personal data that we hold about you where
we don’t have a good reason for keeping hold of it. You also have the right to ask us to
delete or remove your personal data where you have exercised your right to object to
processing (see below)
- The right to object to our processing your personal data where we are relying on our
legitimate interest (or those of a third party), where we cannot give a good reason for
processing the data about you
- The right to request that we restrict our processing of your personal data. This enables you
to ask us to suspend the processing of personal data about you, for example if you want us
to tell you how accurate the information is, or you want to know why we are asking for this
- The right to withdraw your consent to us using your personal data. Alongside this, you also
have the right to request that we delete or remove that data, if we do not have another
good reason to continue using it
- The right to request that we transfer your personal data to another party, in respect of data
that you have provided where our legal ground for using the data is that it is necessary for
the performance of a contract or that you have consented to us using it (this is known as the
right to “data portability”)
If, for whatever reason, you want to exercise any of these rights, please contact us at firstname.lastname@example.org
Wordplay Group Web Sites
Wordplay Group web sites also collect and use personal information. We do so as follows:
- Tracking Site Visits
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to study the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and
operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you, but Google do not grant us access to this. We consider Google to be a third-party data processor.
Cookies are very small harmless files that most websites put on to your computer when you roam their pages, to help the site run efficiently and make your user experience more enjoyable. Most Cookies are critical to a website’s performance and your enjoyment of it. We have reviewed and adjusted our Cookie Notice to meet the requirements of GDPR.
- Information Cookies to gather anonymous information to assess how visitors are using the website. This will then help us to improve certain pages of our site which may currently be poorly designed or unclear for the user. Information Cookies also highlight the most visited pages or broken links
- Helpful Cookies to help you when you return to the website. For example, they will save information such as name and email address and so make it a quicker and easier process for you
- Third Party Cookies to monitor and record your typical browsing habits whilst working in the background so only relevant ads (wherever ads become used) are displayed
The basic rule is that we must:
- Tell you Cookies are in place and being used to monitor and record your usage of our websites. (Consider yourself told)
- Explain what the cookies are doing and why. (Tick)
- Get your consent to store a Cookie on your device. (You’ll have seen the pop up when you landed on our site)
If we do this the first time we set Cookies, the rules say we don’t have to repeat it every time you visit our website.
That said we accept that devices may be used by different people. So, bearing in mind that there could be more than one user of your device, we plan to repeat the process at suitable intervals.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
In addition to Google Analytics, this website may collect information (held in the public domain)
attributed to the IP address of the computer or device that is being used to access it. The
information is supplied to us from Whoisvisiting.com. Whoisvisiting.com is a service offered by
Whoisdata Limited. The Whoisvisiting system does not use your IP address to identify you, the
individual, in any way. No cookies are used by the Whoisvisiting system. The Whoisvisiting system will only lookup information when a static IP address is being used. When a device is assigned a static IP address, the address does not change.
Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page or via email links, none of the data that you supply will be stored by this website or passed to/be processed by any of the third-party data processors. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
Email newsletters and promotional flyers
Your email address will remain within our database until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via an email to email@example.com
When requesting removal via email, please send your email to us using the email account that is
subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining any email
Newsletters we may produce.
While your email address remains within our database, you will receive periodic marketing communications from us.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we can.
If you have any questions or concerns about how your personal data is being used by us, you can contact our us on firstname.lastname@example.org
If you aren’t happy with how Wordplay is processing your data, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk