Because your privacy is important to us
Calm Digital Ltd. (‘we’, ‘us’, or ‘our’) are committed to having the correct procedures in place to protect and respect your privacy, in line with the guidelines of the GDPR and the Data Protection Act 2018.
We may need to gather and use certain information about individuals. This Privacy Notice explains in detail the data we collect, along with how it is handled, stored and how we keep it safe. These individuals can include customers, suppliers, business contacts, employees, users of our clients’ websites and other people that the organisation has a relationship with or may need to contact.
The policy applies to all Calm Digital Ltd. employees and all Personal Data processed at any time by Calm Digital Ltd. The objective of the policy is to ensure that:
The organisation that determines the manner and purposes for which Personal Data is to be processed.
The organisation or individual who processes Personal Data on behalf of the Data Controller.
An individual who is the subject of Personal Data (also referred to as ‘you’, ‘your’, ‘yourselves’).
Information relating to an individual who can be directly identified from the information. Personal Data includes factual information as well as expressions of opinion or intentions.
Personal Data Breach:
Loss, theft or unauthorised access, use or disclosure of Personal Data.
3. Legal Basis For Data Collection
There are a number of various reasons that the law allows collection and process of personal data.
Certain situations allow us to collect your personal data, such as when you tick a box that confirms you are happy to receive email newsletters, or ‘opt in’ to a service.
We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests.
4. Processing Data on Behalf of a Controller
The GDPR defines a “processor” as “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”. Therefore, the responsibilities described below may be assigned to an individual or may be taken to apply to the organisation as a whole.
The Data Processor has the following responsibilities:
5. Policy Scope
This policy applies to:
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 2018. This can include:
6. Policy Statement
Calm Digital Ltd. will only collect and process information where we have gained consent, we have contractual obligations or legitimate interests, or for legal compliance. We will:
Privacy By Design
Calm Digital Ltd. has adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
The data protection impact assessment will include:
Use of techniques such as data minimisation and pseudonymisation will be considered where applicable and appropriate.
It is Calm Digital Ltd.’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
7. What kind of data do we collect, and when?
Information that you may give us:
You may provide us with information about yourself through the use of on site forms, through speaking with a staff member on the phone, via email, by letter or in person. This includes information that you give us when you use our website, subscribe to our services, participate in any discussions via social media or report an issue with our website.
This information may include but is not limited to: your name, email address, phone numbers, addresses, gender, company name, position in company, bank account details (for a supplier), or confidential business information.
Information that we may collect:
When you visit our website, we measure visits using Google Analytics and standard web server log files. These record which pages you visit, how you arrived at the site, and other basic information about your computer. All this information is anonymous and we do not make any attempts to find out the identities of those visiting the website.
When acting as a Data Processor on behalf of the Data Controller, we may gather details regarding interactions with our clients’ websites. This information would be provided by the Data Controllers and would be subject to the Data Controllers’ own Privacy Notices.
Details of your URL
We may gather information about your visit to our website including the URL clickstream to and from the website, the date and time, pages viewed, length of page visit, interaction with those pages, their response times, any errors, your exit behaviour from the website and if you called directly from viewing the website on mobile, we may collect your mobile number.
Cookies & Google Analytics
Google Analytics sets cookies on your device to function. These cookies do not personally identify you and the data these services collect is anonymous. We use these services and the data they collect to make our website better.
Any email sent to Calm Digital Ltd., including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Information we may be given from other sources
We may have access to certain information if you use any of the other services we provide or if you interact with our social media pages.
We may also work with some third parties that you have permitted to share the information they hold about you with us, such as: business partners, subcontractors, payment services, ad networks, analytics providers, search engine providers, credit reference agencies, so we could receive information about you from them if it is necessary.
Data may also be collected from publicly available sources (i.e. land registry) when you have given your consent to share this information or if it is available as a matter of law.
Your image may be recorded on CCTV as you enter the Boho One building from either the front or rear entrance, for security purposes only. We do not have access to this footage, however you may contact the Boho One building on 01642 248692 for more information.
8. How we may use your data
Calm Digital Ltd. may use your information to:
If necessary, legal and in your best interests, we may share your personal information with selected third parties including:
When might this be necessary?
It is the responsibility of all employees at Calm Digital Ltd. who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
You have the right to contact us at any time to to correct the data we hold about you. For example, if you had recently married and changed your name, we will update this and inform any relevant third parties or suppliers who need to also update records.
9. How long will we keep your data?
When we collect your personal data, we will only retain it for as long as is necessary for its purpose.
When it is no longer necessary for this data to be retained, it will either be completely deleted or completely anonymised, for example by aggregation with other data so that it may be used in a non-identifiable way for statistical analysis.
10. Who do we share your data with?
Sometimes we may share your personal data with trusted third parties, for example business partners or for fraud management.
We may share your data with:
11. Where might your data be processed?
Sometimes we may need to share your personal data with third parties and suppliers outside the European Economic Area (EEA) such as the USA. If this is necessary, we have procedures in place to ensure that this data receives the same process as we follow for the EEA. We will treat the information the same as we would for EAA companies under the stipulations of this Privacy Notice.
12. Your rights
You have the right to:
We will make you aware of the type of processing your data may be subject to.
Request access to your personal data.
This will be free of charge, however if the request is onerous and unreasonable we may submit it to the ICO for review. Where possible we will aim to complete this request within 30 days, and no later than 90 days. For particularly large requests we may request an extension from the ICO to complete the task.
The correction of your personal data.
For example if the information is out of date or incomplete.
Withdraw consent/ Erasure.
This is applicable where we have no legitimate overriding interest, contractual obligations, or once the data retention period has come to an end.
Request that we stop using your data for direct marketing.
You can do this by clicking the unsubscribe button in any email communication we send you.
If information is required and the request is reasonable we will provide the information in a widely accessible format.
You can direct your subject access requests or correction requests to: [email protected] or
Data Protection Officer,
Calm Digital Ltd.,
Bridge Street West,
If we choose not to action your request we will explain to you the reasons for our refusal. If the task is deemed onerous and unreasonable by the ICO, we may ask you to reduce your request to something more specific or alternatively, if approved by the ICO, the full request may become chargeable.
To protect your information, we will require you to verify your identity before we proceed with any request. If you have authorised a third party to make this request (such as a solicitor) on your behalf, we must still be provided with verification of your identity and reasonable proof that they have your permission to act on their behalf. We will provide the requested information directly to the subject of the data subject access request and not to the third party.
Our website may contain links to and from websites we partner with such as advertisers or affiliates. If you do follow these links, it is important to be aware that these websites use their own privacy policies so Calm Digital Ltd. will be unable to accept any responsibilities for these policies.
13. Updates | Changes To Our Policies