1. Overview
This Policy covers the data collected and processed by Serif Systems Limited, trading as Serif, who can be contacted at:
Serif Systems Limited, 7 Archbold House, Albert Road, Leeds LS27 8TT
Telephone: 0113 238 1590
Serif is the Data Controller of the personal data we process on our own behalf and the Data Processor of data processed on behalf of our clients. We have a legal duty to protect the privacy of all, personal and business data obtained from you while you are using our website, as well as in the provision of our services to you. This Privacy Policy explains what information we may collect from you and the purposes for which it will be used. This Policy complies with all current data protection and privacy regulations in the UK, including, but not limited to, the General Data Protection Regulations (the GDPR) and the Privacy and Electronic Communications Regulations (the PECR).
The GDPR relates to ‘personal data’ which covers any information which makes an individual (the Data Subject) identifiable.
2. Purpose of and Legal Basis for Processing Personal Data
Serif Systems Limited will only process personal data for the purposes of delivering the services contracted by our clients, unless we are provided with specific consent to process for other purposes, such as marketing, or the purpose of complying with local laws or regulations. Personal data will never be processed without the knowledge and/or permission of the Data Subject.
By using our services, including accessing our website and the forms, etc. therein, you give your agreement to our processing any personal data we may have as described in this policy.
3. Types of Personal Data Processed
Personal Data is any information which could potentially make an individual identifiable and can include, but may not be limited to, your name, address, date of birth, email address and IP address.
We collect data in a number of ways including, but not necessarily limited to:
- Contact forms on our website completed and submitted by a Data Subject
- As part of a Contract for Services, i.e. names and contact information of individuals, including where they are acting on behalf of a client company
- Provided to us by clients in order that we can deliver the services they have contracted us for
Our contact forms make it clear that the information will be used for the purposes of the contact (e.g. to respond to a query or provide a quote, etc.) but also provide the option for consent to expand the processing of that data for marketing purposes. Similarly, any contract for services will set out what the personal data will be used for.
Personal Data provided to us by our clients as part of our service provision will be processed only in accordance with the contract for services and no such data will be used for the benefit of Serif Systems Limited.
4. Our Website and Cookies
4.1. Who manages our website?
The content of our website is edited by the owner and the system is run by Serif Systems Limited. For help on any website please go to our Helpdesk.
4.2. Website usage information
Web usage information is collected by our web server and from other sources including page tagging techniques using JavaScript and cookies. We use cookies to analyse website usage trends, understand user journeys and gather broad demographic information for aggregate use. Our cookies are not linked to personally identifiable information and we do not collect, store or process the IP addresses of visitors browsing our website.
The type of website usage information that we collect during your visits to our site includes, for example, the date and time, pages viewed or searched for, publications ordered, guides printed, tools used, subscriptions and referrals made, some truncated postcode or telephone area code information entered on forms (which is not traceable back to you) and other information relating to your usage of our website.
Where you are a registered user of our website and have logged in, we may collect web usage information to enable us to build a demographic profile or to improve the services you have requested from us.
We may also use web usage information to create statistical data regarding the use of our website and we may then use or disclose that statistical data to others for marketing and strategic development purposes, however, no individual identities will or can be identified in such statistical data.
4.3. Cookies
Cookies are small pieces of data given to your browser by a website which may be stored as text files in the cookie directory of your computer. Cookies are not programs and cannot collect information from your computer. They do not damage your computer and are defined as “a piece of text stored on a user’s computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data” (source: Wikipedia, 2011).
Each website may send cookie data to your browser which may save it if your browser’s preferences allow it to do so. To protect your privacy your browser only returns a cookie to the website that sent you the cookie and does not send it to any other website. A website cannot access your cookie directory or information on your computer, instead relevant cookies are included by your browser within each request you make to the website. A website can only obtain cookie data that your browser sends to it.
You do not have to accept cookies and you can change the settings within your browser to accept all cookies, reject all cookies, reject cookies from certain websites, notify you if a site is requesting to set a cookie, and set various other options. Please see below in ‘4.4 Further information about cookies’ for more details on how you might do this.
Switching off cookies will still allow you to view the majority of content on our site, however, it will prevent you logging in and so accessing personalised information. It will also stop us remembering your login User ID, if you ask us to do so, and may restrict your use of our interactive tools and of some services available through linked sites.
4.4. Further information about cookies
If you would like to opt out of, or restrict the use of cookies when visiting our, or any other third party’s website, you are able to adjust the settings in your Internet browser to do this. Exactly how this is done will depend on which browser you use for access to the Internet. Each browser has its own variation on how this can be achieved, but it is usually under ‘Settings’.
Users should check their Internet browser for details of how to amend, remove or restrict the use of cookies on their computer, tablet or other internet enabled device.
For further information about cookies, please refer to browser cookies on the Information Commissioner’s website.
4.5. Third party content and linking to other websites
This privacy policy applies only to our website. We are not responsible for privacy practices within any other websites. You should always be aware of this when you leave our website and we encourage you to read the privacy statement on any other website that you visit. We embed external content from third-party websites such as YouTube, Twitter and LinkedIn including cookies. This content is not published on our website. It is delivered using devices and services from third party sites that can be inserted into our site such as media players, RSS feeds and widgets. These websites may use cookies. Their content is subject to the privacy policy of the relevant third-party provider and not ours.
5. Information sharing and disclosure
We will not sell, rent or disclose your information to any third parties other than those set out in this privacy policy without your consent, unless required to do so by law or by a regulation based on law. We do not transfer your personal information outside of the UK and the European Economic Area.
6. Retention of Data
Personal Data will always be held for the minimum amount of time required. This will depend on a number of factors, such as the terms and length of a contract or a relevant law or regulation based on law. It will be deleted a maximum of 12 months after such a period has ended under our semi-annual data clearance procedures. Personal Data that has been gathered via our website contact forms will be held for a maximum of 18 months after the initial contact, unless additional permission is obtained from the Data Subject or a contract for services is brought into force in the interim.
Electronic Personal Data is encrypted and held in a secure manner on physical and cloud-based services. The encryption used meets all current requirements for encrypted services and is updated regularly to ensure that it remains fit for purpose. Electronic Data is deleted following a secure process to ensure there is no lapse in security at the point of deletion.
Paper based Personal Data is held in secure, locked cabinets. It is destroyed under contract with a secure data destruction company.
7. Your Rights
Under current legislation, Data Subjects have the following rights:
- To be informed – This policy is one of ways in which Serif Systems Limited informs you how and why we process your data
- Of Access – All Data Subjects have the right to quest access to all of the data we hold on them. Any Data Subject requests received will be reviewed and responded to within one calendar month of receipt of the request. Most requests will be fulfilled free of charge, however, Serif Systems Limited reserve the right to charge a reasonable administration fee for any requests deemed to be excessive, unfounded or repetitive.
- Of rectification – Should you find that any data we hold about you is incorrect, you can ask us to correct it and we will investigate and respond within one calendar month of receipt of the request.
- Of Erasure – You can ask for your Personal Data to be erased permanently. All such requests will be responded to within one calendar month of the receipt of a request. Please note that, whilst we will always endeavour to fulfil requests, there may be some instances were this is not possible due to legal or regulatory reasons. We will always provide a full explanation in any such instances.
- To restrict processing – If you do not wish for your data to be erased, you may ask for it to be restricted so that we continue to hold it but not process it or use it in any way – we would essentially ‘archive’ your data. This is only applicable in certain circumstances, however we will look at all requests and respond within one calendar month of the receipt of a request.
- To data portability – All electronically held data can be transferred to another company in a structured, commonly used and machine readable format on request. Please note that this will only include the data you have provided to us and not any ancillary data produced as a result of the services we have created during the provision of our services or where that data includes information regarding a third party. All requests for moving data will be responded to within one calendar month of a request being received.
- To Object – You can object to our processing data for the purposes of marketing, scientific/ historical research and statistics, or legitimate interests or in the performing of a task in the public interest /exercise of official authority (including profiling). All such requests shall be responded to within one calendar month
- Rights related to automated decision making, including profiling – The GDPR sets out specific rights in relation to automated decision making. Please note that Serif does not use any form of automated decision making system whilst processing your data.
- To complain – You have the right to raise a complaint regarding the processing of your data or our response to a request under the above rights. As part of this, you also have the right to escalate your complaint to a supervisory authority. In respect of data handling, you have the right to escalate your complaint to the Information Commissioners Office (ICO). Please go to the ICO website for full details.
Data Subjects have the right to withdraw their consent to our processing their data at any time. In respect of any of the rights indicated above, if you would like to make a request, require further information, or have a complaint regarding our processing of your data please contact us at:
Serif Systems Limited, 7 Archbold House, Albert Road, Leeds LS27 8TT
Telephone: 0113 238 1590
8. Changes to this policy
We may make changes to this privacy policy at any time. Changes will be posted on our website and are effective immediately, except where they relate directly to a contract for services where all changes will be subject to the agreements in that contract. Regularly reviewing this Policy ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.
