The EU General Data Protection Regulation (GDPR) gives you more control over how and where your personal data is stored and processed.
Whenever we store or process your personal data, it must have a valid lawful basis. This will come under one of the following bases (as set out in the GDPR):
- Consent - You have given clear consent for us to use of your personal data for a specified purpose. You have the right to withdraw this consent at any time by contacting us.
- Contract - The data is needed to fulfill a contract we have with you. (This doesn't have to be a written, signed contract and can include for instance, an agreement to provide a proposal/quote for a project).
- Legal Obligation - The data is needed to comply with the law or a statutory obligation we have (not including contractual obligations).
- Legitimate Interests - The data is necessary for our legitimate business interests (usually required to carry out our day to day business operations).
Who We Store and Process Personal Data About
Basis: Contract, Legitimate Interest
We may need to use your personal information in order to fulfill an agreement we have with you (written or otherwise). E.g. to produce a written quote, based on a project enquiry or to invoice for work carried out.
We may need to use your personal information (such as email addresses, Facebook IDs, Google usernames or other online account IDs) in order to provide or setup any relevant third party services for you, as agreed for a project. For instance client Facebook user IDs will be required to give access to the backend control panel for a Facebook app.
We archive project contracts, agreements and written approvals for work we've carried out, as necessary for our business records.
Clients/Customers, Suppliers & Business Partners
Basis: Legal Obligation, Legitimate Interest
We have a legal obligation to record business accounts (invoices etc.) to report to relevant authorities (e.g. for tax purposes).
We may store and keep contact records of current and prospective suppliers, clients/customers and business partners, including contact details and copies of emails, in order to provide and receive products and services necessary to operate our business.
You can sign up to our mailing list using the sign-up form on our website, to receive information relating to what we do from time to time.
We use double opt-in for all mailing list subscriptions. This means after subscribing, you'll need to confirm by clicking a link in the confirmation email you receive in order to be added.
We won't bombard you with junk and you can unsubscribe at any time (just click the link at the bottom of one of our email newsletters, or contact us).
Our mailing list service provider is MailChimp, who store and process our mailing list on our behalf.
Data Capture on Behalf of Our Clients
When we host finished projects on behalf of our clients, we may occasionally (at the client's request) collect and store personal information voluntarily submitted by players within that particular game. This will typically be names and email addresses, to allow our client to run a competition or promotion.
Submitting any personal information is always optional and we always store and pass the information on to our client in a secure manner. We never keep this data longer than is necessary and always delete any data stored on behalf of the client after it's been passed over to them.
In these instances we act as data processor, our client will be the data controller. You’ll need to contact them for any queries, or to withdraw your consent to the storing and processing of your personal data (please see the relevant competition rules/Ts&Cs linked at the point where you submitted your data).
How and Where We Store and Share Your Data
The data we hold is stored either as digital files or printed documents.
Digital files may be stored on our local computers and/or devices (e.g. desktop computers, laptops and mobile devices as necessary). They may also be transferred to remote computer systems/services as required. For example:
- Any web based content (including emails) may be stored on our web server (located in our web hosting service provider's data centre).
- Your data may be transferred to third party services, in order to carry out the intended use of that data. E.g. our mailing list is stored with a mailing list service provider and we may use your personal data to set up services on your behalf, as agreed as part of work we carry out for you.
- We make regular, secure off-site backups of data to avoid data loss in the event of computer hardware failure, fire, or some other unforeseen event. These include copies on removable physical media at a different location and copies on a remote server.
- We store digital copies of all accounts related documents (including supplier and client invoices) on a third party online accounting service.
- We may occasionally be required to share your data with third party organisations in order to fulfill our legal obligations, such as auditors.
In some cases this means your data may be transferred to and stored by third party service providers outside the EU.
We don't keep data longer than is necessary for the intended purpose of that data.
In some instances we may have a legal obligation to keep personal data (for instance, invoices for accounting purposes). In these cases we will remove this data when we no longer have a legal obligation to keep it.
All other data will be removed when it's no longer necessary for the purpose it was intended for.
Accessing or Rectifying Your Data
You have the right to access any personal data we store about you. You can also request we correct any personal information that you think may be incorrect or incomplete. If you wish to do so, please contact us.
Getting Data Stored About You Removed
You can request that we erase or stop processing information we store about you, if there is no longer a reason for us to do so.
In some circumstances we may also be able to restrict the use of your data. So we'll still store it, but will no longer process it.
If you want to object to how we use your data, ask us to remove it, or restrict how we process it, please contact us.
Like many other Web sites, www.themotionmonkey.co.uk makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyse trends, administer the site, track user's movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable. Log files are stored on the server that hosts the website.
We use Simple Analytics for website analytics. Simple Analytics collects and processes anonymous metrics and provides us with information to help us understand how visitors use our website and where our traffic comes from.
Simple Analytics allows us to improve our website and create a better experience for our visitors.
Simple Analytics is a privacy-friendly tool and does not collect your personal data. Go to their documentation to learn more about what Simple Analytics collects and processes (and most importantly what they don't).
You also have the right to report any concerns to the appropriate supervisory authority. In the UK that is the Information Commissioner's Office.