Data Controllers Privacy Notice

Scope

For all GDPR related matters please contact us by any of the means below:

By Mail: Richard McNeilly, Chief Executive Officer, Dains Accountants Limited, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

By Email: privacy@dains.com

Introduction

Our business is made up of different legal entities, details of which can be found below (“Dains Group”). This privacy policy is issued on behalf of the Dains Group so when we mention “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Dains Group responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us via our engagement terms or otherwise in writing.

Dains Accountants Limited registered in England and Wales. Registered Company number 13775282. Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Dains Audit Limited – Registered in England and Wales. Registered Company number 13775287. Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Dains Probate Limited – Registered Company number 15094778. Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
HSKSG Greenhalgh Ltd Company number 07686667. Registered office: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
HSKSG Audit Limited, Company number is 12612063. Registered office: Dains 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Isosceles Finance Limited – Registered in England and Wales. Registered Company number: 03610160. Registered office One, High Street, Egham, UK, TW20 9HJ.
William Duncan + Co (Group) Limited registered in Scotland. Registered Company number: SC706241. Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY.
William Duncan + Co Limited registered in Scotland. Registered Company number: Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY.
William Duncan + Co (Audit) Limited registered in Scotland. Registered Company number: SC739965. Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY.
William Duncan (Business Recovery) Ltd registered in Scotland. Registered Company number: Registered office – 18 Bothwell Street Glasgow G2 6NU.
Opto Group Limited Company Number 11735424. Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Lavat Consulting Limited trading as PSTAX. Company Number 04810070, Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
S3TAX Limited trading as S3Tax. Company Number 13882665. Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Magma Partners Limited Company Number 10498735. Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Magma Audit LLP Company Number OC370086: Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
Magma Trusts & Estates Limited, Company Number 09425334. Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.
McInerney Saunders Audit Limited Company number 747740. Registered office: 38 Main Street, Swords, Dublin, Ireland.
McInerney Saunders Professional Services Limited Company number 747730. Registered office: 38 Main Street, Swords, Dublin, Ireland.
McInerney Saunders Chartered Accountants Company Number 255322. Registered office: 38 Main Street, Swords, Dublin, Ireland.

If any member of the Dains Group processes your data in a way that is different to that set out in this policy then that member will notify you separately in writing.

Where we process personal data other than in connection with an engagement, for example if you provide us details via our website then the Data Controller will be Dains Accountants Limited.

The privacy policy explains how we use any personal information we collect about you when you use this website and our wider services. Further information in relation to job applicant privacy can be found here.

Glossary of Terms

What is personal data?

Personal data relates to any information about a living person that makes you identifiable which may include (but is not limited to):

Names and contact information eg addresses, emails and telephone numbers
National Insurance Numbers
Employment history
Employee numbers
Credit History
Personal taxation information
Payroll and accounting data

What are “special categories” of personal data?

Special category data is sensitive personal data including:

Medical conditions
Religious or philosophical beliefs and political opinions
Racial or ethnic origin
Sex life or sexual orientation
Political opinions and trade union membership
Genetic data
Biometric data

What is a Data Controller?

The “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

What is a Data Processor?

A “data processor” is a person or organisation which processes personal data for the controller.

What is Data Processing?

Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of this include: staff management and payroll administration; access to/consultation of a contacts database containing personal data; shredding documents containing personal data; sending promotional emails; using a photo of a person on a website; storing IP or MAC addresses; or video recording (CCTV).

What do we mean by Business Clients?

Public Limited Companies, Private Limited Companies, LLP incorporated partnerships, trusts and foundations, local authorities and government institutions.

What do we mean by Consumer Clients?

Private clients, individuals, sole traders, unincorporated partnerships, trusts and foundations.

What is a lawful basis?

In order to process personal data there must be a lawful basis to do so. The following lawful bases are relevant to us:

Legitimate interest: means the interest of an organisation in conducting and managing its business. In assessing whether an interest is legitimate, an organisation must ensure that it considers and balances any potential impact on the data subject (both positive and negative) and the data subject’s rights before it process personal data for those interests. An organisation should not use personal data for activities where its interests are overridden by the impact on the data subject (unless it has consent from the data subject or is otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract: means processing of personal data where it is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into such a contract.

Comply with a legal obligation: means processing personal data where it is necessary for compliance with a legal obligation that a party is subject to.

What are Cookies?

Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. For more information visit www.aboutcookies.org or www.allaboutcookies.org.

What information do we collect about you and how?

We as a Data Controller, are bound by the requirements of the UK General Data Protection Regulations (UK GDPR).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. Please see the sections below on IP addresses and link tracking for more information.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature or service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We collect Criminal Offence Data as follows:

in connection with job applications in accordance with our Job Applicant Privacy Policy; and
for forensic accounting cases, where required by: the police, the insolvency service or other competent authority and which is necessary for the administration of justice, preventing or detecting unlawful acts, or protecting the public against dishonesty. In these circumstances we would be unable to obtain your consent as it may prejudice the work of the police, the insolvency service or other competent authority.

We do not collect any Special Categories of Personal Data about you (unless you apply for a job with us, in which case we explain what Special Category data we collect in our Job Applicant Privacy Policy.

If You Fail To Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service we are providing to you, but we will notify you if this is the case at the time.

How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- enquire about or request our services;
- create an account or fill in a form on our website;
- sign up to an event we are organising;
- subscribe to our service or publications;
- enter a survey we have organised;
- request marketing to be sent to you; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

Data from the following parties:

your employer with whom we have a business relationship;
analytics providers (please see the section on analytics below);
Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.

When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes, they will not use your data for any purposes and will only hold the data in line with our policy on data retention.

Cookies

You can set your browser not to accept cookies and the below websites tell you how to remove cookies from your browser. Please note in a few cases some of our website features may not function because of this.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, and remember your preferences.

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Strictly Necessary:

Domain	Name of the Cookie	Purpose	Expiration	Link to Privacy Notice
CookieYes	cookielawinfo-checkbox-performance	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”.	6 months	More info
CookieYes	cookielawinfo-checkbox-analytics	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.	6 months	More info
CookieYes	cookielawinfo-checkbox-functional	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.	6 months	More info
CookieYes	cookielaw-info-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.	4 months	More info
CookieYes	viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.	6 months	More info
CookieYes	CookieLawInfoConsent	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.	6 months	More info
CookieYes	cookie-lawinfo-checkbox-advertisement	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Advertisement” category .	6 months	More info
CookieYes	cookielawinfo-checkbox-others	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other.	6 months	More info
FullStory	fs_uid	The ‘fs_uid’ cookie can be thought of as the capture cookie. When an end-user visits a customer’s site, that cookie is used to track the user across sessions and pages. The same user may visit a site multiple times and may navigate to many pages within a single session. This cookie ensures that all captured session traffic is associated with one user. A session cannot be captured without this cookie and the users anonymized visit will not be logged.	1 year	More info
Google	_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	More info
Google	_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	More info
LinkedIn	ln_or	Various, first-party domain	1 day	More info
Moneypenny	MoneypennyAgentAvatar	Loads the avatar for the agent on the MoneyPenny live chat service. This is a functional cookie.	1 hour	More info
Moneypenny	MoneypennyVisit	Logs a visit to the website in MoneyPenny’s analytics. MoneyPenny is our live chat service provider. This is a performance cookie.	Session	More info
OneTrust	OptanonAlertBoxClosed	Determines whether the visitor has accepted the cookie consent box. This ensure that the cookie consent box will not be presented again upon re-entry	1 year	More info
OneTrust	OptanonConsent	Determines whether the visitor has accepted the cookie consent box. This ensure that the cookie consent box will not be presented again upon re-entry	1 year	More info
Osano	cookieconsent_status	Name of the cookie that keeps track of users choice		More info
Twitter	auth_token	This cookie is for account login and authentication	13 months	More info
Twitter	ct0	This cookie is for authentication	13 months	More info
Twitter	d_prefs	This cookie is for your cookie preferences	13 months	More info
Twitter	Dnt	This cookie is for opt-out of ads personalization	13 months	More info
Vimeo	__ssid, _abexps, _ce.s, _clck,	Our website uses Vimeo to embed videos from our Vimeo channel as well as other channels. These cookies support video playback.	2 years	More info
Vimeo	__cf_bm	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	1 day	More info
Vimeo	_lc2_fpi		1 year	More info
Vimeo	sd_client_id	These are vimeo cookies and are used to play/upload videos.	1 year	More info
Vimeo	singular_device_id	These are vimeo cookies and are used to play/upload videos.	1 year	More info
WordPress	wp-settings-1380	WordPress uses this cookie to customise your view of admin interface, and possibly also the main site interface.	1 year	More info
WordPress	wp-settings-time-1380	WordPress uses this cookie to customise your view of admin interface, and possibly also the main site interface.	1 year	More info

Analytical or Performance:

Domain	Name of the Cookie	Purpose	Expiration	Link to Privacy Notice
Leadforensics	_hjSessionUser_#	In order to process data about your visit to a website, Hotjar stores first-party cookies on your browser.	1 year	More info
Moneypenny	MoneypennyUserAlias	Used to log which agent a user is assigned to as part of the live chat service. This is a functional cookie.	6 months	More info
Vimeo	_scid	This cookie collects information about your actions on websites that have embedded a Vimeo video.	1 month	More info

Functional:

Domain	Name of the Cookie	Purpose	Expiration	Link to Privacy Notice
Delighted	_delighted_web	This cookie is used for storing user preferences and identifiers. We use this to manage satisfaction surveys online in order to improve our products or services	10 years	More info
Moneypenny	MoneypennyHistory	Tracks how many times a user has encountered the MoneyPenny live chat service on our site. This is a functional cookie.	6 months	More info
Moneypenny	MoneypennyNoProactiveChat			More info
Twitter	Twid	This cookie is for authentication	13 months	More info
Vimeo	Player	This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your preferred settings back.	1 year	More info
Vimeo	Vuid	This is a cookie used by Vimeo to store the user’s usage history.	2 years	More info

Targeting:

Domain	Name of the Cookie	Purpose	Expiration	Link to Privacy Notice
Google	_gcl_au	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.	3 months	More info
Leadforensics	lfuuid	The _lfuuid cookie allows a website to track visitor behaviour on the sites on which the cookie is installed. Tracking is performed anonymously until a user identifies himself by submitting a form.	10+ years	More info
Microsoft	_uetsid	Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.	1 day	More info
Microsoft	_uetvid	Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.	13 months	More info
Moneypenny	MoneypennyRef	Tracks the URL of the page in which a user has had the MoneyPenny live chat service box appear. This is a targeting cookie.	1 hour	More info
TikTok	_tt_enable_cookie	This cookie is used as a means of tracking your website activity to help us optimise our advertising.	13 months	More info
TikTok	_ttp	This cookie is used as a means of tracking your website activity to help us optimise our advertising.	13 months	More info
Twitter	guest_id	This cookie is for authentication	13 months	More info
Twitter	guest_id_ads	This cookie is for advertising when logged out	13 months	More info
Twitter	guest_id_marketing	This cookie is for advertising when logged out	13 months	More info
Twitter	kdt	This cookie is to authenticate a known device	13 months	More info
Twitter	personalization_id	This cookie tracks activities on and off Twitter for a personalized experience	13 months	More info
Vimeo	_fbp	This cookie collects information about your actions on websites that have embedded a Vimeo video.	3 months	More info
Vimeo	AF_SYNC	This cookie collects information about your actions on websites that have embedded a Vimeo video.	7 days	More info
Vimeo	afUserId	This cookie collects information about your actions on websites that have embedded a Vimeo video.	2 years	More info
Vimeo	has_logged_in	Collects data on the user’s interactions with the video	10 years	More info
Vimeo	intercom-device-id-qu19dquh	Cookies necessary to identify anonymous users and their sessions.	9 Months	More info
Vimeo	is_logged_in	Collects data on the user’s interactions with the video	10 years	More info

We do not share the information collected by the cookies with any third parties.

You can choose which analytical, functionality and targeting cookies we can set by clicking on the button(s):

Strictly essential cookies OFF

Analytical or performance cookies OFF

Functionality cookies OFF

Targeting cookies OFF

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Except for essential cookies, all cookies will expire after the expiry period noted in the tables above.

Analytics – eg how visitors use our website

We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience.

Google Analytics is a third-party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. These cookies do not store any personal information about you we do not share the data. You can view Google’s privacy policy below:

Google – http://www.google.com/intl/en/policies/privacy/

IP addresses

An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Dains do not have access to any personal identifiable information related to your IP address (such as your physical location when accessing our site) and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software does not use it to track any level of detail beyond your organisation (for example, it may be able to determine which internet service provider you are using but not where you are located.

Link tracking

If you have clicked a link within a marketing email or provided us with personal data, completing a contact form, for example, we may associate this personal data with other information. This will allow us to identify and record what is most relevant to you.

Business Valuation Questionnaire Form

By completing the evaluation form, which is located on our site under “business valuation” and also “exit planning tool” and submitting your email address, you are consenting to receive the report outlined in the introduction for this form. We agree to:

keep this confidential information, confidential
not to use this confidential information except in connection with the purpose of preparing the report and preparation for subsequent discussions, and
not to disclose the disclosing party’s confidential information to anyone else

We will destroy all data upon written request or within 1 month of our mutual agreement that discussions have concluded.]

Internet Based Advertising

We use Linkedin, Facebook and Twitter advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.

How will we use the information about you and why?

We take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement, and supporting Schedules and for the purposes we have identified below. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.

Please see the glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes For Which We Will Use Your Personal Data

We have set out below, a description of all the ways we plan to use your personal data.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

Updating and enhancing client records, including registering you or your business as a new client;
To provide services to you or your business, including the management of payments and charges, and collect and recover money owed to us;
Analysis for management purposes;
Carrying out credit checks in relation to you and to detect and cut fraud.];
Completing statutory returns;
Legal and regulatory compliance, including anti-money laundering checks
Crime prevention;
To manage our relationship with you or your business including notifying you about changes to our terms or privacy policy; to send you updates on our business and areas of interest to you and to invite you to seminars and other events;
To administer and protect our business;
To deliver relevant website and other content to you;
To use data analytics to improve our website or services;
To make suggestions and recommendations to you about services that may be of interest to you.

For Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason, and we are not harming any of your rights and interests.

For Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering a contract.

Anti-money Laundering

We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, as otherwise permitted by law or with your express consent.

Website Collected Data

We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.

Creating Preferences

We may analyse your personal information to create a record of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively.

Sharing Data with Third Parties

We may share your information within the Dains group of companies where there is an appropriate reason to do this.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, sub-contracted finance personnel, statutory compliance services, administration and processing services and marketing services.

All our group companies and third-party service providers are required to take appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

The UK GDPR allows personal data to be shared with law enforcement authorities (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions. The UK GDPR and the DPA 2018 allow for this type of data sharing where it is necessary, proportionate, and appropriately authorised.

We will not share your information for marketing purposes with companies so that they may offer you their products and services.

Transferring your information outside of the United Kingdom

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the UK. Where we transfer your data to organisations inside the European Economic Area (“EEA”) they are subject to similar protections as in the UK.

Some of our third-party providers may be located outside of the UK and also outside of the EEA. Where this is the case, we ensure a similar degree of protection is afforded to you by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
Where we use certain service providers, we may use specific contracts approved for use in the UK and/or the EEA which give personal data the same protection it has in the UK and/or the EEA.

We will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.

If you use our services while you are outside the UK or the EEA, your information may be transferred outside the UK or the EEA to give you those services.

Supplier	Personal data	Location	Information
Google analytics & adwords	IP addresses, domains	The cloud	Signed data processing terms
Typeform	Name, company, tel, emal, answers to form questions	Amazon Web Services for our hosting. The main servers are located in Virginia, USA and backup servers in Frankfurt, Germany. Company is based in spain	EU SSC agreement
Zapier	Name, company, tel, email, answers to form questions	Data stored in the US, hosted on AWS Data is only stored for 7 days then deleted.	Signed data processing addendum
Stripe	Name, Bank card number, bank account info, email, billing address	Standard contractual clauses & signed DPA addendum
MonsterInsights	IP addresses, domains	Cloud MonsterInsights Google Analytics application uses the Google Analytics Reporting API to gather analytics about your website and present them in an actionable way via charts, graphs and tables inside your WordPress dashboard to any user with administrator level privileges on your website.	See Google analytics above
A full list can be provided on request by contacting privacy@dains.com

Security precautions in place about data collected

When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we take appropriate measures to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make appropriate effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and cut fraud and credit risk.

Marketing and Opting Out

We would like to send you information about our services which may be of interest to you. You may opt out at any point as set out below.

You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: [privacy@dains.com] or simply click the unsubscribe link at the bottom of the email.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service or other transactions.

How long will we hold your data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Contracted Services: We usually hold your data for 7 years in line with our regulatory requirements. However, there may be valid legislative reasons why we have to retain the information for longer.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please see below for more details:

Subject Access Requests (requesting access or correction of data)

If you would like a copy of some or all your personal information, please email or write to us using the details at the top of this document. We will respond to your request within one month of receipt of the request.

We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by emailing or writing to the address at the top of this document.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Withdrawal of Consent

Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us using the details at the top of this document.

Objections to processing of personal data

It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. In some cases we may be able to deny your request where we have compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.

Request restriction of processing of personal data

This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data’s accuracy.
Where our use of the data is unlawful but you do not want us to erase it.
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Data Portability

It is also your right to receive the personal data which you have given to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

(a) The processing is based on consent or on a contract, and

(b) The processing is carried out by automated means.

Your Right to be Forgotten

Should you wish for us to completely delete all information that we hold about you please contact us using the details at the top of this document. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Other websites

Our website contains links to other websites which are not necessarily controlled or administered by us. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

Complaints

If you feel that your personal data has been processed in a way that does not meet the UK GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.

Changes to our Privacy Policy

We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was last updated on xxxx

How to contact us

Please contact us if you have any questions about our privacy policy or information, we hold about you using the details at the top of this document.