At Lisden Limited (Lisden Technology), we respect your right to privacy and are committed to maintaining it and we respect the EU’s General Data Protection Regulations (GDPR). This Privacy Notice explains how we, as a Data Controller, treat any personally identifiable information you provide to us.
What information we collect about you & how we use it
Clients & suppliers:
We collect and store names and contact details, financial details and copies of contracts & non-disclosure agreements. This is for the purposes of performing our contract with you to deliver our services (or our contract with you as our supplier) and undertaking our legal obligations.
Potential customers & general email contact:
We collect and store the names and contact details of potential customers. This may be necessary in order to respond to an enquiry or to take other steps at your request prior to entering into a contract (e.g. providing further information or a quotation). This may also be on the basis of our legitimate interest commercially with regard to the services that we offer and in this case you are free to advise us that you do not wish to receive further communications at any time.
When enquiries are submitted to us by email, we will only use the information supplied to us to deal with the enquiry and any subsequent issues. We do not transfer personally identifiable information from email contact/enquiries, such as your name and contact details, into a database or other form of storage: if we begin to do so, we will update this privacy notice to make such data processing activities transparent.
We do not currently engage in any direct marketing activities using personally identifiable information targeting potential customers: if we begin to do so, we will update this privacy notice to make such data processing activities transparent.
Visitors to our website & contacting us via web form or social media:
When someone visits our site, we also use an analytics service to collect standard internet log information and details of visitor behaviour patterns to monitor the performance of our site (e.g. the number of visitors to the site; visits to and time spent on various parts of the site). This information is only processed in a way which does not identify anyone and we do not make any attempt to find out the identities of those visiting our website.
We have Twitter, Facebook and LinkedIn social media accounts. If you contact us via social media, for example, by sending us a private or direct message, we do not use the information provided by you (i.e. username and social media account details) for any other purpose than to respond to you. We do use a third party social media management tool to manage these social media channels.
We do not currently engage in any direct marketing activities using personally identifiable information acquired from your contact with us via our website, email or social media: if we begin to do so, we will update this privacy notice to make such data processing activities transparent.
Special category data:
Certain categories of personal information have additional protection under the GDPR, including information about your health, racial or ethnic origin. We do not currently collect, store or otherwise process such information; however, if we begin to do so, we will update this privacy notice to make such data processing activities transparent and the ways in which we meet the additional protection requirements.
We do not carry out profiling and/or automated decision-making; however, if we begin to do so, we will update this privacy notice to make such data processing activities transparent.
Use of data processors & transfer outside of the EEA:
We use third-party data processors to provide the following services for us: email, cloud storage, website publishing/site plugins, web analytics, social media management, payment services and accountancy and invoicing services. The categories of personal data that they process are outlined above (“What information we collect about you & how we use it”). We have undertaken due diligence to ascertain that the third party data processors we use are compliant with GDPR.
In some circumstances, your personal information may be transferred to outside of the European Economic Area (EEA) by third-party processors namely because of the location of their servers. In these cases, we have ascertained that the third party data processors we use will adequately protect your privacy and your rights: for example, the third party is located in a country which the EU has deemed to have adequate data protection laws in place, the third party is certified on the EU-US Privacy Shield or there is a contract in place with the third party which includes the European Commission’s model data protection contract clauses.
How long will we store your information?
We will hold on to your information for at least as long as it is needed for us to be able to provide services to you (or to deal with your enquiry and subsequent issues) and in order to meet our legal or regulatory obligations. As a small organisation, our current approach is not to have a retention policy stipulating set retention periods for each category of personal data; rather we will comply with the principle of storage limitation via regular review of the personal data that we hold (commensurate to resources and privacy risk) and anonymise or delete any data we no longer need. We adhere to the security principle of GDPR and process your personal data securely by means of appropriate technical and organisational measures.
You have rights as an individual that you can exercise in relation to the personally identifiable information that we hold about you.
The right to be informed about what we do with your personal information:
This Privacy Notice and any subsequent updates and amendments will keep you informed about how we use your personal information.
The right to access your personal information (often known as subject access requests):
You can request access to the personal information that we hold about you. In most cases, responding to such requests is free of charge and we must respond within the stipulated timescales.
The right to correct your personal information:
If we hold personal information about you and you believe that this information may be incorrect, you can ask us to correct any mistakes (and to advise any other parties with whom incorrect information may have been shared to make similar corrections).
The right to object to, or restrict, our processing of your personal information:
In certain circumstances, you can ask us to stop processing your information or ask for us to limit the ways in which we process this information. However, we can refuse a request in some cases but we will provide you with information explaining why we have refused your request if we do so. If we are relying on legitimate interests to process your information, you have the right to object to us doing this and, unless our legitimate interests override your rights, we will stop processing your information in this way.
The right to delete your personal information (often known as the right to be forgotten):
Unless we have a reason for keeping your personal information (for example, where we require the information to provide a service to you, to deal with an ongoing issue, or to meet our legal or regulatory obligations), you can request that we stop holding your personal information.
The right to stop direct marketing messages:
We do not currently engage in any direct marketing activities using personally identifiable information: if we begin to do so, we will update this privacy notice to make such data processing activities transparent and inform you how you can exercise this right.
The right to portability of your personal information:
You have the right to receive personal data that you provided to us as a Data Controller in a commonly used format so that you can use this information elsewhere.
In circumstances where we process your personal information on the basis of your express consent to do so, you have the right to withdraw your consent at any time.
To exercise any of these rights, please contact us via the contact details provided at the end of this Privacy Notice.
Complaints or queries & the right to complain to the regulator:
In the first instance, we ask people to bring complaints or queries about our processing of personal information to our attention. However, if you believe that we have not handled your personal information correctly or we have not dealt adequately with a request, you have the right to lodge a complaint with the Information Commissioner’s Office as the relevant regulatory authority in the UK.
Changes to this privacy notice
This privacy notice was effective as of 24 May 2018 and will be kept under review with regard to any updates on or changes in our data processing activities.
We, Lisden Limited (Lisden Technology), also act as a Data Processor under contract to our customer/clients acting as Data Controllers. In these cases, our data processing activities in relation to any personally identifiable information will be determined by the Data Controller and specified by the contracts in place and, where necessary, additional specific privacy notices will be made available as appropriate to those products and services.
How to contact us
You can contact us via email, telephone or post:
Lisden Limited (Lisden Technology)
Registered Address: Cholmondeley House, Dee Hills Park, Chester, Cheshire, United Kingdom, CH3 5AR
Tel. 01244 458507 / Email. firstname.lastname@example.org