This policy governs how Writing Machine will process the personal data of our customers or users of our website at www.writingmachine.com (“Website”) and/or users of our eLearning platform which is accessible at www.writingmachine.com/courses-overview or any services associated with that platform (“Platform”).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who controls your information
For the purpose of the Data Protection Act 1998 and subsequent GDPR legislation in Europe, the data controller is Writing Machine Limited, trading as Writing Machine, a company incorporated and registered in England and Wales with company number 07569246 whose registered office is at 2, Ranelagh Road, Winchester, Hampshire, SO23 9TA, UK (“we”). Our data protection officer who you may contact in relation to any queries or requests regarding this policy or our processing of your data is Paul Ayling who can be contacted at email@example.com.
Why we collect and process your information
Without collecting and using the information you provide to us or we obtain about you, it would not be possible for us to provide you with our products and/or services.
We use information held about you in the following ways:
Information you give to us
We will use this information:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
- To provide you with information about new products or services we offer that are similar to those that you have already purchased or enquired about.
- To contact you from time to time for market research purposes. We may contact you by email, phone, fax or mail.
Information we collect about you
We will use this information:
- To administer our products and services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our products and services to ensure that content is presented in the most effective manner for you.
- As part of our efforts to keep our products and services safe and secure.
- To measure or understand the effectiveness of marketing and product information we serve to you and others, and to help deliver the most relevant information to you.
Legal compliance reasons for collecting and using your personal information
We must have lawful bases to collect and use your personal information, the below sets these out:
Needed for your contract
Personal information about you and other users registered to under the same subscription plan is held and used to:
- Provide you with a quote.
- Provide you with information about the product or service.
- Receive payment.
- Provide customer care and service.
- Required by law: we use your personal information to comply with any law and regulations where we are required to do so.
Our legitimate interest
We use your personal information for our legitimate interests as shown below. We have taken account of any privacy risks and ensured that your data protection rights are not affected. We believe these uses benefit our customers. You can contact us if you have any questions using the contact details below:
- For internal training
For customer service training and compliance purposes. We will let you know if a call is being recorded at the start of the call so you can decide whether to continue with the call or not.
- Statistical Analysis
We combine and group personal information for analysis to help us understand our customers and develop better products and services.
- With your consent
For certain of our uses, we rely on your consent to collect and use your personal information. You are given the choice to provide consent or not. When we collect your consent, we explain what we need it for and how you can change your mind in the future.
Information we may collect from you
We may collect and process the following data about you:
Information you give us (“Submitted Information”)
You may give us information about yourself by filling in forms on the Platform, the Website and/or our other websites (together “our Sites”), or by corresponding with us (for example, by email or chat). This includes information you provide when you subscribe to use the Platform or register with our Sites when you report a problem with the Platform or any of our Sites. The information you give us may include your name, address, email address and phone number, username, password and other registration information, financial and credit card information, your location, and details of your progress through or use of the Platform.
Information we collect about you and your Device
Each time you visit one of our Sites or use the Platform we may automatically collect the following information:
- Device Information
technical information, including the type of device you use to access the Platform or Sites (“Device”), a unique Device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use and time zone setting;
- Log Information
details of your use of the Platform or your visits to any of our Sites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes to track your use of the Platform or Sites;
- Location information
We may also use GPS technology or other technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose.
You can withdraw your consent at any time by sending a written or email communication to the contact details at the start of this Policy; and
Information we receive from other sources (Third Party Information)
We are working closely with third parties (including, for example, an administrator who is tracking your use of the Platform on behalf of the entity that has purchased your licence to access the Platform, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
If you contact us, we may keep a record of that correspondence.
Uses made of the information
We use information held about you in the following ways:
- Submitted information
This will be used to enable us to maintain and update the Sites and Platform.
- Device information
This will be used to recognise a User’s Device, without uniquely identifying the individual User, which makes it easier to log on and use the Site, provides feedback on which pages of the Site are visited, so we can assess the effectiveness of the Site and provide a better user experience.
- Log information
- Location information
We may use this information to optimise your experience.
- Third Party information
We use “Worldpay Payment Gateway” to process payments which stores Device information.
We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this policy for as long as it is combined.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We will be using the following cookies:
- Session cookies
These are used to keep track of your movements from page to page so that you aren’t asked to repeat information you’ve already given, and to remember your selection for the shopping cart.
- Persistent cookies
These remember your information and settings for when you visit the site in the future. They are used to keep track of your progress and to remember your login details.
We may use the following cookies:
- Strictly necessary cookies
These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of the Website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies
These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
The cookies we use are not currently configured to expire after a specific period.
Who we share your personal information with (disclosure of information)
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
The circumstances under which we may share your information with third parties
We may disclose your personal information to third parties if:
- we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets
- we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request
- it is needed to protect the rights, property or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Types of third parties that we may share your information with
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Communication companies that require the data to select and serve relevant marketing information to you and others.
- Third-party service providers to provide website and application development, hosting
- Data storage partners and who provide virtual infrastructure
- Partners who provide payment processing facilities on our behalf
- Analytics and search engine providers that assist us in the improvement and optimisation of our products or services.
If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted in Secured Sockets Layer technology for web and mobile data encryption. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Platform or Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may collect and store personal data on your Device using web browser storage technology (HTML5).
Data Retention Periods
It is our aim to only hold your data for as long as this is necessary. While you continue as a customer with us we will retain your data as detailed above in this statement. The retention period will be 24 months from the date of termination of our terms of service. We have a high number of customers who re-engage with our service after a period of absence from the end of their contract. This retention period allows for the data to be reused where necessary. However, you can request that your Data is deleted at anytime within this period. We will respond to your request and complete the full deletion within 30 days.
Specific legal periods are in place for payments details, tax and invoicing data, and this would be retained in accordance with the law (which is currently six years).
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use.
As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is also not completely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Any transmission of data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access.
As an individual, under EU law you have the right to request that we:
- provide you with information as to whether we process your data and details relating to our processing, and that we provide you with a copy of your data (‘access right’)
- rectify and/or update any inaccurate data we might have about your without undue delay (‘right to rectification’)
- the right to object to processing of data relating to you (‘right to object’)
- under certain circumstances, be restricted from processing your data (‘right to restriction’)
- under certain circumstances, erase your personal data without undue delay (i.e. the “right to erasure”) and, under certain circumstances, furnish you with the personal data which you provided us within a structured, commonly used and machine readable format (‘right to data portability’).
Where we process your data solely on the basis of your consent, you are entitled to withdraw your consent at any time. This will not affect the lawfulness of our processing before the withdrawal.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by sending a written or email communication to the contact details at the start of this Policy.
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which the Platform is advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
You also have the right to lodge a complaint with the Data Protection Commission at any time.
The exercise of your rights might be subject to certain conditions and we might require further information from you before we can respond to your request.
You may exercise your rights by contacting our Data Protection Officer at the address or e-mail address provided below.
Access to information
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with that Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
You can access your personal data via the Platform if you are the purchaser of your licence to use the Platform or by sending written or email communication to the contact details at the start of this Policy. You can also request that we make any corrections, updates, or deletions to that data.
Questions, comments, requests and complaints regarding this Statement and the information we hold are welcome and should be addressed to us at firstname.lastname@example.org. We endeavour to deal with all requests promptly and efficiently.
Data Protection Officer, Paul Ayling, email@example.com
Last updated: 25 May 2018