Privacy

Last updated: 22 May 2018

Overview

In accordance with the General Data Protection Regulation, personal data is “any information relating to an identified or identifiable natural person” such as a name, email address, postal address or IP address. Processing of personal data refers to “any operation or set of operations which is performed on personal data”.

This privacy policy sets out how and why McGregor Media processes any personal data that you give us when you use this website. It is written in plain language with as little jargon as possible. It is set out in sections to make it easier to understand.

Contact Forms

What personal data do we process?

There are various contact forms on our website. Every form will collect your name and email address. Additionally, you may supply your telephone number on certain forms if you’d prefer that method of contact. Contact form data is emailed to us securely.

Why do we process this personal data?

We collect your email address so we can reply to your message if necessary. Every contact form will send an automated reply to notify you that your message has been sent. Your telephone number is collected if you require that method of contact. The lawful bases for processing this data are consent or contractual necessity should a reply be required.

How long do we keep this personal data for?

Personal data from contact forms is kept for varying lengths of time depending on the reason for contact. General queries from the public will be archived for 12 months. Messages that require further input may be retained for longer.

Who has access to this personal data?

Our website team has access to this personal data. It is not shared with any third party unless we are legally required to do so.

Mailing Lists

What personal data do we process?

We operate an email mailing list for current clients to facilitate sending account notifications or necessary information that affects their services with us. Clients can also opt to receive promotional emails.

We collect clients’ first name, surname and email address. Clients can additionally add their mobile number and opt in to SMS updates for account notifications.

Why do we process this personal data?

Your email address is required to send you necessary client emails. Your first name and surname are required to personalise the ‘To’ field and greeting line of the email. Your mobile number is required to send SMS text messages. The lawful basis for processing this data is contractual necessity in the case of email notifications that affect your services with us or consent in the case of promotional emails.

How long do we keep this personal data for?

This data is kept for as long as you are a client or until it is manually removed. If you unsubscribe, your data will remain on the list but will be marked as ‘Unsubscribed’ and you will not receive any further emails. This is to keep any preferences you may have set when you were subscribed in the event of you re-subscribing to the list.

Who has access to this personal data?

Our email mailing list provider is MailChimp. You can find their privacy policy at mailchimp.com/legal/privacy.

Our SMS systems provider is Text Local. You can find their privacy policy at textlocal.com/legal/privacy. Your mobile number is stored on their servers for the timescale mentioned above.

Our website team has access to this personal data. It is not shared with any other third party unless we are legally required to do so.

How do I delete my personal data?

Contact us and let us know you want your personal data to be deleted from the mailing list. We will manually remove your data and confirm this to you by email when it is completed.

Google Analytics

What personal data do we process?

We track users’ visits to our website using Google Analytics including where the user was directed to our website from, which pages they visited and for how long, whether they are a first-time visitor or returning visitor. Google Analytics will also track anonymous user demographics including age range, gender and users’ interests depending on whether the user is signed into a Google account on their browser at the time of their visit to our website. Users’ IP addresses are anonymised.

Why do we process this personal data?

We use this data to track our website’s popularity and to see which pages are our most visited, allowing us to enhance our website accordingly. The lawful basis for processing this data is legitimate interests.

How long do we keep this personal data for?

Google Analytics data is held for 26 months.

Who has access to this personal data?

Our website team has access to this personal data. It is not shared with any other third party unless we are legally required to do so.

Client data

What personal data do we process?

When you become a McGregor Media client, we set up a client account for you with our accounting provider. We store your business name, business postal address, business telephone number, company number (if applicable), your name, telephone number, mobile number and email address.

Why do we process this personal data?

We use this data for accounting and contact purposes

How long do we keep this personal data for?

We hold this data until six years after you have ceased to be a McGregor Media client.

Who has access to this personal data?

Our accounting team has access to this personal data. It is not shared with any other third party unless we are legally required to do so. Our accounting provider is QuickFile. You can find their privacy policy at quickfile.co.uk/privacy-policy.

Website Security

Our website is secured by SSL to ensure data transferred between our server and your device is encrypted. Our email server is also secured by SSL.

We have security software and procedures in place on our website to reduce the risks of a data breach. For example, login forms are protected so that if you enter the wrong login details five times within five minutes, you will be suspended from logging in for a further five minutes. This deters brute force attacks from bots. We have a firewall on our website that will immediately ban or limit suspicious web traffic depending on its type.

Our entire server is backed up on daily basis and is securely transferred to an Amazon Web Services storage facility in Ireland. We retain Monday to Saturday’s backups for seven days. Sunday’s backup is retained for one calendar month.

Data breaches

We have procedures in place to detect, report and investigate personal data breaches.

If a data breach is detected, in the first instance we will evaluate the risk to the rights and freedoms of individuals. If a data breach is likely to result in a risk to these rights and freedoms we will notify the Information Commissioner’s Office within the required 72 hours of discovery of the data breach. If a data breach is not likely to result in a risk to the rights and freedoms of individuals, we are not required to notify the ICO of the breach but will document the breach and our reasons for not notifying the ICO.

Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected individuals without undue delay.

Can I see the personal data you hold relating to me?

Please contact us if you would like to see what personal data we are processing. We will provide all your personal data held within one month. If you find any discrepancies in the data, let us know and we will rectify it immediately.

No client data is held on our website.