This Policy covers the data collected and processed by Serif Systems Limited, trading as Serif, who can be contacted at:
Serif Systems Limited, 7 Archbold House, Albert Road, Leeds LS27 8TT
Telephone: 0113 238 1590
The GDPR relates to ‘personal data’ which covers any information which makes an individual (the Data Subject) identifiable.
2. Purpose of and Legal Basis for Processing Personal Data
Serif Systems Limited will only process personal data for the purposes of delivering the services contracted by our clients, unless we are provided with specific consent to process for other purposes, such as marketing, or the purpose of complying with local laws or regulations. Personal data will never be processed without the knowledge and/or permission of the Data Subject.
By using our services, including accessing our website and the forms, etc. therein, you give your agreement to our processing any personal data we may have as described in this policy.
3. Types of Personal Data Processed
Personal Data is any information which could potentially make an individual identifiable and can include, but may not be limited to, your name, address, date of birth, email address and IP address.
We collect data in a number of ways including, but not necessarily limited to:
- Contact forms on our website completed and submitted by a Data Subject
- As part of a Contract for Services, i.e. names and contact information of individuals, including where they are acting on behalf of a client company
- Provided to us by clients in order that we can deliver the services they have contracted us for
Our contact forms make it clear that the information will be used for the purposes of the contact (e.g. to respond to a query or provide a quote, etc.) but also provide the option for consent to expand the processing of that data for marketing purposes. Similarly, any contract for services will set out what the personal data will be used for.
Personal Data provided to us by our clients as part of our service provision will be processed only in accordance with the contract for services and no such data will be used for the benefit of Serif Systems Limited.
4. Our Website and Cookies
4.1. Who manages our website?
The content of our website is edited by the owner and the system is run by Serif Systems Limited. For help on any website please go to our Helpdesk.
4.2. Website usage information
The type of website usage information that we collect during your visits to our site includes, for example, the date and time, pages viewed or searched for, publications ordered, guides printed, tools used, subscriptions and referrals made, some truncated postcode or telephone area code information entered on forms (which is not traceable back to you) and other information relating to your usage of our website.
Where you are a registered user of our website and have logged in, we may collect web usage information to enable us to build a demographic profile or to improve the services you have requested from us.
We may also use web usage information to create statistical data regarding the use of our website and we may then use or disclose that statistical data to others for marketing and strategic development purposes, however, no individual identities will or can be identified in such statistical data.
Cookies are small pieces of data given to your browser by a website which may be stored as text files in the cookie directory of your computer. Cookies are not programs and cannot collect information from your computer. They do not damage your computer and are defined as “a piece of text stored on a user’s computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data” (source: Wikipedia, 2011).
Each website may send cookie data to your browser which may save it if your browser’s preferences allow it to do so. To protect your privacy your browser only returns a cookie to the website that sent you the cookie and does not send it to any other website. A website cannot access your cookie directory or information on your computer, instead relevant cookies are included by your browser within each request you make to the website. A website can only obtain cookie data that your browser sends to it.
You do not have to accept cookies and you can change the settings within your browser to accept all cookies, reject all cookies, reject cookies from certain websites, notify you if a site is requesting to set a cookie, and set various other options. Please see below in ‘4.4 Further information about cookies’ for more details on how you might do this.
Switching off cookies will still allow you to view the majority of content on our site, however, it will prevent you logging in and so accessing personalised information. It will also stop us remembering your login User ID, if you ask us to do so, and may restrict your use of our interactive tools and of some services available through linked sites.
4.4. Further information about cookies
For further information about cookies, please refer to browser cookies on the Information Commissioner’s website.
4.5. Third party content and linking to other websites
5. Information sharing and disclosure
6. Retention of Data
Personal Data will always be held for the minimum amount of time required. This will depend on a number of factors, such as the terms and length of a contract or a relevant law or regulation based on law. It will be deleted a maximum of 12 months after such a period has ended under our semi-annual data clearance procedures. Personal Data that has been gathered via our website contact forms will be held for a maximum of 18 months after the initial contact, unless additional permission is obtained from the Data Subject or a contract for services is brought into force in the interim.
Electronic Personal Data is encrypted and held in a secure manner on physical and cloud-based services. The encryption used meets all current requirements for encrypted services and is updated regularly to ensure that it remains fit for purpose. Electronic Data is deleted following a secure process to ensure there is no lapse in security at the point of deletion.
Paper based Personal Data is held in secure, locked cabinets. It is destroyed under contract with a secure data destruction company.
7. Your Rights
Under current legislation, Data Subjects have the following rights:
- To be informed – This policy is one of ways in which Serif Systems Limited informs you how and why we process your data
- Of Access – All Data Subjects have the right to quest access to all of the data we hold on them. Any Data Subject requests received will be reviewed and responded to within one calendar month of receipt of the request. Most requests will be fulfilled free of charge, however, Serif Systems Limited reserve the right to charge a reasonable administration fee for any requests deemed to be excessive, unfounded or repetitive.
- Of rectification – Should you find that any data we hold about you is incorrect, you can ask us to correct it and we will investigate and respond within one calendar month of receipt of the request.
- Of Erasure – You can ask for your Personal Data to be erased permanently. All such requests will be responded to within one calendar month of the receipt of a request. Please note that, whilst we will always endeavour to fulfil requests, there may be some instances were this is not possible due to legal or regulatory reasons. We will always provide a full explanation in any such instances.
- To restrict processing – If you do not wish for your data to be erased, you may ask for it to be restricted so that we continue to hold it but not process it or use it in any way – we would essentially ‘archive’ your data. This is only applicable in certain circumstances, however we will look at all requests and respond within one calendar month of the receipt of a request.
- To data portability – All electronically held data can be transferred to another company in a structured, commonly used and machine readable format on request. Please note that this will only include the data you have provided to us and not any ancillary data produced as a result of the services we have created during the provision of our services or where that data includes information regarding a third party. All requests for moving data will be responded to within one calendar month of a request being received.
- To Object – You can object to our processing data for the purposes of marketing, scientific/ historical research and statistics, or legitimate interests or in the performing of a task in the public interest /exercise of official authority (including profiling). All such requests shall be responded to within one calendar month
- Rights related to automated decision making, including profiling – The GDPR sets out specific rights in relation to automated decision making. Please note that Serif does not use any form of automated decision making system whilst processing your data.
- To complain – You have the right to raise a complaint regarding the processing of your data or our response to a request under the above rights. As part of this, you also have the right to escalate your complaint to a supervisory authority. In respect of data handling, you have the right to escalate your complaint to the Information Commissioners Office (ICO). Please go to the ICO website for full details.
Data Subjects have the right to withdraw their consent to our processing their data at any time. In respect of any of the rights indicated above, if you would like to make a request, require further information, or have a complaint regarding our processing of your data please contact us at:
Serif Systems Limited, 7 Archbold House, Albert Road, Leeds LS27 8TT
Telephone: 0113 238 1590
8. Changes to this policy