GDPR compliance: How we deal with your data safely

Any business will by its very nature acquire and store data on other businesses and individuals. At Pixooma we are committed to upholding high standards of data protection and transparency, so below is a summary of the data we may hold on you as an individual and/or your company. We NEVER add your data to lists that are sold or otherwise provided to other companies for them to use. If you have any concerns or requests regarding the data we may hold on you please contact our data controller.

Who collects the data?

Data on individuals and companies is collected by Pixooma Ltd for legitimate business reasons only. The data controller and processor is Mark Coster.

How we collect data:

Website – This website ( collects data in the form of cookies which help us with our website analytics (number of visitors, pages visited etc). This data is automatically transferred between Google and Pixooma and is not provided to third-parties.

Consent – If any member of Pixooma staff or anyone acting on behalf of Pixooma gain consent from a business contact to keep in touch, that contact is sent a data confirmation statement which links to this article confirming that they gave consent. The consent may be gained verbally (on the phone, at a meeting or event), via email, via signup forms on our website, or via a social media direct message. For our mailing lists we use a double-opt-in process to ensure that no one is signed up without their knowledge or consent. This data is held securely and not added to data lists for resale or transfer to third parties. We may, with your explicit permission provide your details to one of our contacts in order to refer, recommend or otherwise introduce you both for mutual benefit.

How we protect your data

Website – This website ( has an SSL certificate meaning that when you connect to it via your web browser the connection is secure and encrypted. A security plugin (Wordfence) is used to protect against malicious attacks and access to the admin control panel for the website is protected by a username, password and two-factor authentication. The site is backed-up hourly by the hosting company and weekly backups are also made by our trusted WordPress developer.

Pixooma hardware – Connection to the internet for Pixooma computers is via two firewalls (router and the computer) and requires a personal login and password. The computer is monitored and protected via an anti-virus program and separate malware software.

Cloud software – The cloud software we use which contains personal data is protected via a login and password, and two-factor authentication.

Backups and clones – All client files are saved on Dropbox automatically. In the main these are marketing materials so they will contact addresses etc on them, but this is intended for public viewing anyway. However, we do try to minimise the effects of ransomware and other malware attacks by using the Pro version of Dropbox which comes with 30 day ‘Versioning’ (giving us access to 30 days worth of changes to every file) and we get automated warning emails if large numbers of files are changed in one go – which is a possible sign of a ransomware attack – meaning we can deal with the threat early and minimise the damage it causes. We also back up data every hour to an external drive, which is one of a pair of drives that are swapped every week with the non-live backup being removed to an off-site location.

What data we hold

CRM – The CRM system we use, Capsule, stores contact information in the form of one or more of the following: Name, company address, email, phone, website, and social media. Capsule requires a login and password and we protect it further via two-factor authentication. Capsule has its own data protection policies in place that mean it is able to comply with GDPR

Mailing list – The mailing system we use, Mailchimp, stores contact information in the form of name and email address. MailChimp requires a login and password and we protect it further via two-factor authentication. MailChimp has its own data protection policies in place that mean it is able to comply with GDPR.

Telephones – Phone numbers and names are stored on our telephone system(s) to enable us to easily call our contacts.

Xero –  Our cloud-based accountancy software, Xero, stores client data in the form of name, address and email to enable us to invoice our clients electronically. Xero requires a login and password and we protect it further via two-factor authentication. Xero has its own data protection policies in place that mean it is able to comply with GDPR.

Payment systems – We collect some of our client invoice payments via Direct Debit using a system called GoCardless. This system collects sort code and account number information securely, but it is not transferred to Pixooma in any way. GoCardless is FCA compliant and therefore conforms to GDPR.

Why we hold your data

We hold data on individuals and companies due to one or more of the following criteria:

  1. The contact is a current customer
  2. The contact has been a customer historically
  3. The contact gave us direct consent to hold their data
  4. The contact provides a service which means it could be a useful supplier to Pixooma, or to one of its customers and we’d like to keep their details on file for this purpose
  5. The contact has signed up for one or more of our mailing lists

Should you wish to know what data we hold, amend your records, or simply request that we delete them then please contact the data controller.



Share this article: Share on LinkedIn
Tweet about this on Twitter
Share on Facebook
Share on Google+