This Privacy Policy outlines Dezines Internet Solutions Limited ( " the Company ") practices with respect to information collected from users who access our website at www.dezines.online (" Site "), or otherwise share personal information with us (collectively: " Users ").

We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.

  Why are we providing a Privacy Policy?

The General Data Protection Regulation (GDPR) came into force on Friday the 25th May 2018, so in line with the change in European Law, we felt it was required that our Privacy Policy should be improved as we update certain parts within our business. This policy explains how we collect, handle and store your Personal Information – hopefully in a way that makes sense to you.

The GDPR has been introduced across Europe to offer greater protection for consumers and it is a detailed enhancement to the previous Data Protection Act 1988 which has become widely ineffective, with companies across Europe frequently breaching the spirit of the Act and the Personal Information it was designed to protect.

GDPR focuses on improving an individual’s rights of privacy. Our new policy helps you to identify key points about the Personal Information we collect from you, why and how it is collected and where it is stored securely.

We have always taken this seriously as a front end web development company and introduced best practices to all of our clients who we work for; so we view GDPR as an important improvement that will sharpen up slack processes across the data landscape. The relationship we have with Personal Information is only within a business to business framework. We do not ordinarily collect any Personal Information from consumers.

  What is Personal Information?

Personal Information is any information that in anyway describes your personal circumstances e.g. your name, your address, your mobile or home phone numbers and so forth. It may also include any employment information or personal attributes such as your sex, cultural or social identity.

However, in relation to the context in which we use Personal Information, we generally only collect and store data from businesses or their direct members of staff and such Personal Information may include:

     Title, name, contact details, work address – data that helps us identify the business client relationship.
     Employment data relating to our staff e.g. PAYE data, employment contracts, history, qualifications,  previous employment details.
     Bank Account details of our clients, accounts & invoice data, VAT tax data, company credit references.
     Email addresses that may be subscribed to an email marketing campaign list.
     Personal Information used to access certain online services for which we have your permission to use e.g. an Internet Domain Name Registry or a Merchant Account facility.

 Why do we need to deal with your Personal Information?

When you initially interact with Dezines Internet Solutions Limited in relation to any of the commercial services we offer – we might request a business card in the first instance, and offer a potential client one of ours. We may take other information in the course of our respective commercial discussions. Equally if it is in relation to employment within our company – we will request more detailed information from an individual and that might for example include copies of training certificates or degrees issued by a university and so forth. We believe such Personal Information would be essential in order to enter a contract whether that be as a client of Dezines Internet Solutions or as an employee or Director.

In order to perform the contractual agreement – we would have a right to use your Personal Information. At the end of any contract period, we would retain the right to use your Personal Information, providing it is in our legitimate business interest to do so and of course that your rights are not affected in any way. The reason why we might need to use your Personal Information in this way is to make contact with you in relation to the service provision, or to secure specific content for a project, to set up an online Merchant Account facility that links to an ecommerce website we are developing, or to seek your feedback.

We might also capture your Personal Information electronically through our website’s main Contact Form. Our web forms are protected by 256 bit TLS encryption – providing excellent digital protection to any Personal Information sent to us via our website. This would be Personal Information you choose to send us.

We might also need to use your Personal Information in order to comply with the Law e.g. a Court Order has been issued to allow the Police to examine emails or online trading activity.

What are the Legal Grounds for processing your Personal Information?

We use the following legal bases under European Data Protection rules for processing your Personal Information:

1. The performance of, or entry into, a contract. The Personal Information that we are required to collect in order to comply with our professional obligations which must be provided to us, so we can perform the contract. Clearly we would not be able to act for you without such Personal Information.

2. Compliance with a legal obligation to which we are subject e.g. a Court Order.

3. We have a legitimate interest in doing so as a full service design and ecommerce development company. Such a legitimate interest will include the way we manage the commercial relationship with our clients, build digital infrastructure associated with web development projects, or capture digital photographic or video content that might include people, administering visits to our offices and ascertaining the achievement of proper standards and project management, practices or procedures.

4. We do not ordinarily handle or use ‘Special Category’ Personal Information in the normal context of what we do. However, where there is a commercial need to do so, and we have your express permission, we would take the appropriate responsibility to be compliant, but accept that such consent may be withdrawn at any time.

5.  We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us.

In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our trusted third party providers, who may be located in different jurisdictions across the world, for any of the following purposes:

     Hosting and operating our Site;
     Providing you with our services, including providing a personalized display of our Site;
     Storing and processing such information on our behalf;
     Serving you with advertisements and assist us in evaluating the success of our advertising campaigns and help us retarget users;
     Providing you with marketing offers and promotional materials related to our Site and services;
     Performing research, technical diagnostics or analytics;

We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.

How do we collect Your Personal Data?

In most cases your Personal Information will be given to us by you, although we might collect and record your Personal Information from a variety of sources e.g. by taking your business card on display at a trade show or being given a business card as a result of talking with you at an event. However, it is often the case you will give us your Personal Information at initial project meetings or exploratory discussions to determine our suitability as a professional partner for your business. You might provide your Personal Information to us verbally, in writing (includes via electronic web forms) and email.

Additionally, there may be certain occasions where your Personal Information is given to us by your employer in connection with our and their legitimate interest to conduct business. We may also secure your Personal Information from verified and trusted sources where we have paid subscription services and have a legitimate interest to connect with you e.g. you have visited our website from your commercial premises and our technology determines your businesses identity, and we can select your Personal Information from a list of employees or Directors at that business. Our commercial partner that offers this type of facility to us as an approved Platinum Partner is Lead Forensics – a business intelligence platform. We may also use online credit check/score platforms to assist us in identifying business credentials or identify the owners or Directors. We will only process such information where you have expressed your consent or we have consent from our commercial processing partners who are compliant with the GDPR, but we will only ever exercise such actions as part of our legitimate business interest.

What systems do we use?

Our partnership with trusted global technology companies affords us access to their worldwide and highly secure server infrastructure – datacentres on which we position all our website and ecommerce developments. European Datacentres are positioned in London, England and Dublin, Republic of Ireland and both are compliant with European rules and are part of the Amazon Web Services (AWS) framework. Datacentres are secure facilities and only engineers with a legitimate need to be on site are granted access. Our technology partners' server engineers around the world have significant expertise in preventing, detecting and effectively combating Direct Denial of Service (DDoS) attacks from organized criminals or rogue states. To date none of our website developments have ever been hacked, and in part this is because we trust the partnership we have with our technology partners', and the fact we always set strong password and security protocols for our clients.

Our SaaS/PaaS website technology is Level 1 PCI DSS 2.0 Compliant (PCI DSS = Payment Card Industry Data Security Standards). As such our technology does not store full details of credit card transactions, but it will capture the Personal Information of a user e.g. name, address, billing address, the transaction reference authorisation number and any other unique identifiers that can be linked to a specific transactional process. The Payment Gateway e.g. Sage Pay, Stripe etc., will determine where that information is additionally shared e.g. the payment bank and the receiving bank or Merchant Account or Paypal Account. The transaction information will also be shared with the issuing credit or debit card Merchant e.g. Visa, Mastercard or American Express.

Our fully integrated Platform as a Service (PaaS) or Software as a Service (SaaS) website technology are secure systems that include multiple software provisions – including a dedicated email marketing system and Customer Relationship Management (CRM) system. Both of these facilities will store all of our electronic Personal Information within our datacentre servers – in effect ‘in the cloud’. Our clients operate around the world – so we determine the best datacentre on which to position their website or ecommerce development, based on their location and or country of operation. All of our website developments have a 256 bit encryption TSL Certificate that in effect wraps around the website and protects the transmission of any Personal Information from a user’s computer/tablet/mobile device to a datacentre. Equally, when we use our website’s integrated platform to upload or manage Personal Information, we have secure protection in place to protect Personal Information transmissions.

Our electronic mail systems (email) are secured by 256 bit encryption. However, whilst our system is secure and we use McAfee Total Protection across our digital computer/tablet/mobile assets, it does not mean you have sufficient security in place at your end. We highly recommend our clients to upgrade their systems on a regular basis to combat the effects of cyber security. We always provide advise on this when we meet for initial commercial discussions. Furthermore we use McAfee Total Protection anti-virus and intrusion software across our digital estate. This software provides us with firewall protection and screening for viruses and trojan's which can disrupt and steal Personal Information.

Furthermore, our commercial premises have high security perimeter fencing and electric gates, access control systems, intruder detection, fire detection and CCTV all of which is monitored 24/7/365 by ADT Fire & Security plc. This means our offices are protected in ways that most companies are not. We take security extremely seriously and will continue to do so in the future.

Our paper records and files connected to specific client projects are secured in locked cabinets and are only accessed by staff on a need to know basis. When files are not in use – they are returned to prevent any potential leak of Personal Information, including but not limited to Merchant Account data, logins for other web portals e.g. Google Accounts and so forth.

What happens to Your Personal Information when it is disclosed to us?

In the course of handling Your Personal Information we will:

1.  Record and store Your Personal Information in our paper files, mobile devices and electronically on our local computer systems and hard drives, and also where applicable on the Cloud. This information can only be accessed by employees within our company and only when it is necessary to provide our service to you, and to perform any project tasks associated with or incidental to our core service provision.

2.  Submit your Personal Information when consent has been given (normally your name and email address) to our email marketing list positioned within our secure email marketing system on our PaaS/SaaS website technology within the European or global Datacentre. This is essential in order for us to communicate with you and offer updates about our work or provide incentives to customers and special offers. You can always unsubscribe from our Newsletters at any time.

3.  Use Your Personal Information for the purpose of communicating with you in relation to general administration or any ongoing project discussions, initial exploratory discussions, the sharing of confidential plans or drawings, photographs, video, programming code, or any other reason that has a legitimate interest. We may also need to inform you of any developments in relation your project or certain outcomes or intelligence we have gathered and need to pass to you. Equally, where we have your explicit consent to setup or manage your various online accounts e.g. Google, we may need to use your Personal Information to create certain workflow notifications or regular usage statistics and so forth.

Do we Share Your Personal Information?

Ordinarily we do not share your Personal Information with third party organisation's other than as mentioned in the Sections above. From time to time however, it may be necessary to share your Personal Information in the following ways:

•  Transactional Personal Information as a result of making a payment on our website. Such payment information will be shared between our server and CRM system, a Merchant Account (the authorizing bank) and the Payment Gateway provider e.g. Sage Pay.

•  To setup new online accounts that complement our website developments and are mission critical in the current digital world e.g. Domain Names, Google, Social Media technology.

•  To create new Merchant Accounts on your behalf to connect seamless payment gateways to our ecommerce technology in order to allow you to trade safely and securely online – mitigating cyber security risks. We only work with ‘best of breed’ brands e.g. Sage Pay, Stripe and wherever it is necessary, we will include payment verification services such as 3D Secure, Visa Verify or Mastercard SecureCode.

•  To refer you to Welsh Government, UK Government, Department of International Trade, or any UK Local Authority to assist in applying for Grants or other information that may be of help. We would only do this with your explicit consent.

•  Where we need to add your name and email address to a Project Management software system such as Basecamp, in order to include you in the project review process. We would only do this with your explicit consent.

In each case, your Personal Information will only be shared for the purposes set out in this GDPR Customer Privacy policy i.e. to progress your commercial project and or to provide you with our professional services or assistance and where we believe we have a legitimate interest, whilst respecting your rights.

We should point out that where we might share your Personal Information, it does not entitle third party organisations to send you marketing or promotional messages via email, text or telephone. It is shared to ensure we can adequately meet our responsibilities and your commercial expectations, and or as otherwise set out in this policy.

For UK or EEA only clients, your Personal Information will not be transferred outside of the European Economic Area. Your Personal Information will only be stored securely within our commercial premises or within a secure European Datacentre in as previously mentioned.

What about the Security of your Personal Information?

Your privacy is important to us and we will keep Your Personal Information secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Information against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.

Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have legal right to such information we will retain records indefinitely.

Personal Information - what are your rights?

We are always willing to help you understand your rights. You can:

•  Request copies of Your Personal Information that is under our control.

•  Ask us to explain how we use your Personal Information.

•  Ask us to correct, delete or request us to restrict or stop using your Personal Information (the extent to which we could provide such assistance would be clarified at the time).

•  Request we send an electronic copy of our Personal Information to another organisation should you wish.

•  Change the basis of any consent you may have provided, to enable us to market to you in the future (including withdrawing any consent in its entirety.

Updates or amendments to this Privacy Policy

We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

Contacting us about your Personal Information

If you have any questions or comments about this policy, or if you wish to make contact with us in order to exercise any of your rights set out within our policy, please contact:

The Data Protection Officer, K Ballard, Dezines Internet Solutions Limited, 4 Factory Road, Newport, Gwent, NP20 5FA. Telephone: +44 (0)1633 212388. We are licensed by the Data Protection Registrar.

If we believe we have a legal right not to deal with your request, or you cannot verify your identity through reasonable means prior to us taking action or if in order to take action, we need to do this in different way to how you have requested, we will inform you at the time. Please take note that we have a duty to protect Personal Information and if we are not satisfied of your identity – it may cause delays to any reasonable request.

If you become aware of any unauthorised disclosure of your Personal Information and you think that it has something to do with Dezines Internet Solutions Limited, you must please let us know of the cyber security risks you are facing as soon as possible so we may take action and mitigate the impact to you or our systems. This is also important so that we can fulfil our regulatory duties where a data breach may have occurred.

If you have any concerns or complaints as to how we have handled your Personal Information you may lodge a complaint with the UK's Data Protection regulator – at the Information Commissioners office (ICO), who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Last Modified: 22-06-2021

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "Cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'Session Cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'Persistent Cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'Third Party Cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy .

Last Modified: 01-03-2021