Proud to operate
high standards of data
protection and transparency
Any business will by its very nature acquire and store data on other businesses and individuals. At Pixooma we are committed to upholding high standards of data protection and transparency, so below is a summary of the data we may hold on you as an individual and/or your company.
So, whilst three years may have elapsed since the big changes, we thought we would further explain what we do with do with data we have acquired and store on other businesses and individuals.
We take your data seriously
Rest assured at Pixooma we are committed to upholding high standards of data protection and transparency. We NEVER add your data to lists that are sold or otherwise provided to other companies for them to use and we maintain robust systems to help ensure your data is always protected. If you have any concerns or requests regarding the data we may hold on you please contact our data controller.
If you want to find out more, below is a summary of the data we may hold on you as an individual and/or your company, we thought it was worth stating again how seriously we take the law and we do everything to abide by it.
Who collects the data?
Data on individuals and companies is collected by Pixooma Ltd for legitimate business reasons only. The data controller and processor is Mark Coster.
How we collect data:
Website – Our website (pixooma.co.uk) collects data in the form of cookies which help us with our website analytics (number of visitors, pages visited etc). This data is automatically transferred securely between Google and Pixooma and is not provided to third parties. The data is needed to analyse the way our website is used so we can continue to provide a useful service and source of information.
Consent – If any member of Pixooma staff, or anyone acting on behalf of Pixooma, gain consent from a business contact to keep in touch, that contact is sent a data confirmation statement which links to this article confirming that they gave consent. The consent may be gained verbally (on the phone, at a meeting or event), via email, via signup forms on our website, or via a social media direct message. For our mailing lists we use a double-opt-in process to ensure that no one is signed up without their knowledge or consent. This data is held securely and not added to data lists for resale or transfer to third parties. We may, with your explicit permission provide your details to one of our contacts to refer, recommend or otherwise introduce you both for mutual benefit.
How we protect your data
Website – Our website (pixooma.co.uk) has an SSL certificate meaning that when you connect to it via your web browser the connection is secure and encrypted. A security plugin (WP Cerber Security) is used to protect against malicious attacks and access to the admin control panel for the website is protected by a username, password and two-factor authentication. The site is backed-up hourly by the hosting company and weekly backups are also made by our trusted WordPress developer.
Pixooma hardware – Connection to the internet for Pixooma computers is via two firewalls (router and the computer) and requires a personal login and password. The computer is monitored and protected via an anti-virus program (Intego VirsuBarrier), separate malware software (Malware Bytes) and frequent malware checks are also made using 'Clean My Mac'. The computer hard disk is also encrypted with a password.
Cloud software – All the cloud software we use which contains personal data is protected via a login and password, and two-factor authentication.
Backups and clones – All client files are saved on OneDrive automatically. In the main, these are marketing materials so they will contact addresses etc on them, but this is intended for public viewing anyway. However, we do try to minimise the effects of ransomware and other malware attacks by using Office 365 for Business which comes with 30 days ‘Versioning’ (giving us access to 30 days’ worth of changes to every file) and we get automated warning emails if there is a suspected ransomware attack – meaning we can deal with the threat early and minimise the damage it causes. Access to Onedrive is always via two-factor authentication. We also back up data every hour to an external drive, which is one of three backup dirves that are rotated in sequence every day with the non-live backup being removed to an off-site location.
What data we hold
CRM – The CRM system we use, Capsule, stores contact information in the form of one or more of the following: Name, company address, email, phone, website, and social media. Capsule requires a login and password and we protect it further via two-factor authentication. Capsule has its own data protection policies in place that mean it can comply with GDPR
Mailing list – The mailing system we use, Mailchimp, stores contact information in the form of name and email address. MailChimp requires a login and password and we protect it further via two-factor authentication. MailChimp has its own data protection policies in place that mean it can comply with GDPR.
Telephones – Phone numbers and names are stored on our telephone system(s) to enable us to easily call our contacts.
Xero – Our cloud-based accountancy software, Xero, stores client data in the form of name, address and email to enable us to invoice our clients electronically. Xero requires a login and password and we protect it further via two-factor authentication. Xero has its own data protection policies in place that mean it can comply with GDPR.
Payment systems – We collect some of our client invoice payments via Direct Debit using a system called GoCardless. This system collects sort code and account number information securely, but it is not transferred to Pixooma in any way. GoCardless is FCA compliant and therefore conforms to GDPR.
Why we hold your data
We hold data on individuals and companies due to one or more of the following criteria, and under the following lawful bases as defined within GDPR:
GDPR gives everyone greater control of their data and puts the emphasis firmly back with the individual rather than the company, which is a great step. Therefore, you have the right to ask what data we hold on you, restrict the processing of it and to request that it be deleted (if doing so does not conflict with a regulatory requirement or other need).
Should you wish to know what data we hold, amend your records, or simply request that we delete them then please contact the data controller.