Privacy Notice

Please read this Privacy Notice, together with any other privacy notice that we may provide to you, as it contains important information about how we collect, manage, use, disclose and protect your personal data. This Notice relates to your use of this website, including your Client Portal (if you have one), interactions with us on social media, and opt-in of any ‘marketing’ type communications.

By accessing the oneredsock.co.uk website (the “site”) or otherwise providing information to us, you agree to our privacy practices as set out in this Privacy Notice. We may change this Privacy Notice from time to time. Please check this page frequently to ensure you are aware of the most recent version and the date that it was last updated. If you have any questions regarding this Notice, our privacy practices, or the information we hold on you personally, please contact us, marking your query for the attention of the Siân Harris.

Last updated: 22 July 2020.

tl;dr

We are committed to protecting and respecting your privacy and strive for privacy by default. This means we will only collect personal information in a way that is fair, lawful and limited to our needs for specific purposes. Those purposes will be shared with you when or before we collect your information and will be clear, limited and relevant to the circumstances. We will collect the minimum amount of information necessary for the task at hand and keep it only for as long as necessary to fulfill that task, then we will destroy it securely.

Sometimes we will share data with other third parties to enable us to carry out our business, for example subcontractors, CRM software providers, printers, etc. They will always have been screened to ensure they comply with the relevant privacy regulations. We will NOT sell, trade, or rent your personal identification information to others.

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information.

You have a number of rights over how we collect, hold, process and delete your data. If you would like to exercise any of these rights please contact us using the details set out in the Contact section of this website, or at the bottom of this Notice.

The following topics are covered in this Privacy Notice

  • Who we are
  • What personal data we collect and why we collect it
    • Personal identification information
    • Non-personal identification information
    • Comments
    • Media
    • Contact forms
    • Cookies
    • Embedded content from other websites
  • How we use collected information
    • Communications with you
  • Who we share your data with
    • International transfers of personal data
    • Third party websites
    • For users who register with any of the websites under our control
  • What is our legal basis for using your information?
  • How long we retain your data
  • What rights you have over your data
    • Ensuring the accuracy of your data
  • How we protect your data
  • Contact Us

Who we are

This is the website for One Red Sock, owned and run by Siân Harris, based in Scotland, United Kingdom. One Red Sock specialises in helping misfits and rebels level up to attract better clients, make more money and change the world. We do this with branding, graphic design, copywriting, coaching and other small business support. Our website address is: https://oneredsock.co.uk.

The official address is 35 Waverley Place, Edinburgh, EH7 5SA, United Kingdom, and you can contact us by phone on +44 (0)7725 697909 or via email; hello@oneredsock.co.uk. We are registered with the ICO, under reference number ZA669416.

What personal data we collect and why we collect it

Personal identification information

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you. What information we collect with depend on your interactions with us.

We may collect personal identification information from you in a variety of ways, including, but not limited to, when you visit our site, fill out a form, respond to a survey, or interact with us on social media, and in connection with other activities, services, features or resources we make available on our site. You may be asked for, as appropriate, name, address, email address, phone number, and business details, as well as anything else necessary to perform the task at hand (eg data about your business or feedback about an event).

You may, however, visit our site anonymously and may never be asked for this information. We will collect personal identification information from you only if you voluntarily submit such information to us. You can always refuse to supply personal identification information, but doing so may prevent you from being able to access certain functions on the site.

Non-personal identification information

We may collect non-personal identification information about you whenever you interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about how you connect to and interact with our site, such as the operating system, Internet service provider, length of visits to certain pages, and other similar information.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

If you submit a form or complete a survey, the contents are often transferred to one of the third-parties we use to help us process data, (eg Google, Active Campaign, SurveyMonkey, Stripe, etc). We only ever use suppliers who are also compliant with the required levels of privacy.

Cookies

Our site may use “cookies” to enhance your experience. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you. You may choose to set your browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of the site may not function properly.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How we use collected information

We use information held about you in the following ways:

  • To run, operate and improve our site
. We may need your information to display content on the site correctly. We may use feedback you provide to improve our resources and services, to ensure that content is presented in the most effective manner for you and for your devices. We may use your information for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • To send emails. We may use your email address to respond to your inquiries, questions, and/or other requests. We may use your email address to notify you about changes to our services, or resources.
  • To fundraise and promote special interests of the charities and good causes we support. If you have opted-in, we may use your email address to provide you with information about news, events, resources, activities and appeals, including our newsletters.

We may combine this information with other information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above and for the following purposes (depending on the types of information we receive):

  • To maintain our own accounts and records
  • To understand our customer demographic
  • To consider your project proposal
  • To process and administer any work undertaken for you
  • To understand which charities and good causes are important to you
  • To establish, exercise or defend legal claims.

Communications with you

We may, with your consent, text, e-mail or write to you the post to provide you with promotional information about our activities and campaigns, membership services, fundraising, feedback, competitions, and other activities and those of other carefully selected organisations, or provide you with our e-mail newsletter, which is used to inform you about news, tips, promotions, and events we think may be useful or interesting to you. You can un-subscribe at any time through an automated system. This process is detailed at the footer of each ‘marketing’ email. If an automated un-subscription system is unavailable, the email not a marketing one but instead necessary for us to carry out our business with you. You have the right to contact us at any time and opt-out of receiving any communications.

Who we share your data with

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information.

We will NOT sell, trade, or rent your personal identification information to others.

We may use third party service providers to help us conduct our business, to operate our websites or administer activities on our behalf. We may share your information with these selected third parties for these limited purposes, including:

  • When we use other companies to provide services on our behalf, e.g. processing, mailing or delivering orders, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, detecting spam, when using auditors/advisors or processing credit/debit card payments.
  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register.
  • If we merge with another organisation or form a new entity, your personal data may be transferred to that new entity.

We may disclose your personal information to third parties to:

  • Comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities;
  • Enforce or apply our terms of use and any other agreements;
  • Protect the rights, property, or safety of us, our employees or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may share generic aggregated non-identifiable information regarding visitors and users with our partners, trusted affiliates and advertisers.

For users who register with any of the websites under our control

For users that register on one of our websites (if any), we also store the personal information you provide in your user profile. All users can see, edit, or delete your personal information at any time (except you cannot change your username). Website administrators can also see and edit that information.

International transfers of personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) for the purposes described in this policy. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.

If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law, for example we may use the model contracts in a form approved by regulators. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

Third party websites

You may find advertising or other content on our site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our site, is subject to that website’s own terms and policies.

What is our legal basis for using your information?

There are a number of lawful reasons for us to process your personal data.

One of these is called ‘legitimate interest’ and means that we can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests.

We will use your personal data for the purposes of administration, fundraising, processing donations, training staff, clergy and other authorised ministers, our charity work, promoting the church and supporting clergy and vestries.

Whenever we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection law.

Other legal bases that we may rely on include:

  • If you enter into a contract with us, we may process your personal data in order to fulfil our contract with you.
  • If we are providing you with promotional e-mail communications, we will only do so with your consent. If you have given us your consent, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of the emails or using the details in the Contact section of this website, or at the bottom of this Notice.
  • Where we are required to comply with our legal obligations, to establish and defend our legal rights, or to prevent and detect crimes such as fraud.

Sometimes your personal data may be used for statistical purposes but only in a form that no longer identifies you.

How long we retain your data

We will hold your personal data on our systems for as long as is necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting or other reporting requirements.

By law, we are required to retain certain information for a prescribed period of time. For example, we will keep a record of financial transactions for ten years to comply with VATMOS rules. In circumstances where there are no such legal requirements, to determine the appropriate retention period, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we are processing your personal data and whether we can achieve those purposes through other means.

Therefore, some information may be kept for more or less time depending on how long we reasonably feel it is required for. If you leave a comment on the website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

We review our retention periods for personal data on a regular basis.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If you ask us to delete your information in accordance with your rights set out below, we may retain basic information on a suppression list to record your request and avoid sending you unwanted materials in the future.

What rights you have over your data

You have a number of rights. If you would like to exercise any of these rights, please contact us using the details set out in the Contact section of our website, or at the bottom of this Notice. If you exercise any of these rights we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.

If you wish to raise a complaint in relation to our processing of your personal data, you can contact us at hello@oneredsock.co.uk or by writing to One Red Sock, 35 Waverley Place, Edinburgh, EH7 5SA and marking your query for the attention of Siân Harris. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law you also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/.

Your rights include:

  • transparency over how we use your data and to make a subject access request (right of access);
  • a right to have your personal data updated and corrected (right of correction/rectifcation) ;
  • a right to ask us to delete your information (right to be forgotten);
  • a right to ask us to stop processing your information (right to restriction);
  • a right to object to (i) processing based on our legitimate interests; (ii) processing of your information for direct marketing purposes; and (iii) automated decision making and profiling (right to object);
  • a right to receive a copy of your information, or have this sent to a third party (right to data portability); and
  • a right to claim compensation for material or non-material damage caused if we breach the data protection rules (right to compensation).

If you would like to find out more about your rights, you can visit the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr).

Ensuring the accuracy of your data

We strive to maintain accurate, complete, and relevant personal information for the purposes identified in this privacy statement. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. It is important that the personal information we hold about you is accurate and current.

How we protect your data

We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. Details of these measures can be obtained on request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Our security measures are reviewed regularly.

Contact Us

If you have any questions regarding this Notice or about our privacy practices, wish to exercise any of your rights, or to make a complaint, please contact us at:

  • Post: One Red Sock, 35 Waverley Place, Edinburgh, EH7 5SA, Scotland, United Kingdom
  • Telephone: +44 (0) 7725 697909
  • E-mail: hello@oneredsock.co.uk.
>