Privacy Policy

Privacy Policy

Contents

Foreword

Part 1: General Information

Our contact details

How we get your personal data

The legal basis to process your personal data

Your rights

How to make a complaint about us to the Information Commissioner’s Office

Sharing your information

Transferring personal data outside of the UK and EU

Website and Cookies

Links to other websites

Changes to our Privacy Policy


Part 2: Specifics

If you enquire about one of our services

What personal data do we need?

How do we get your personal data?

Why do we need your personal data and which legal basis do we rely on for the processing?

Who do we share your personal data with?

How long do we keep your personal data?

Do we use any data processors?

If you intend to Contract us for one of our services

What personal data do we need?

How do we get your personal data?

Why do we need your personal data and which legal basis do we rely on for the processing?

Who do we share your personal data with?

How long do we keep your personal data?

Do we use any data processors?

If you are a Supplier or Contractor

What personal data do we need?

How do we get your personal data?

Why we need your personal data and the legal basis we rely on for the processing?

Who do we share your personal data with?

How long do we keep your personal data?

Do we use any data processors?

If you purchase one of our online products/downloads

What personal data do we need?

How do we get your personal data?

Why we need your personal data and the legal basis we rely on for the processing?

Who do we share your personal data with?

How long do we keep your personal data?

Do we use any data processors?

If you just want to receive our marketing emails

What personal data do we need?

How do we get your personal data?

Why we need your personal data and the legal basis we rely on for the processing?

Who do we share your personal data with?

How long do we keep your personal data?

Do we use any data processors?


Definitions

Legitimate Interest

Contractual Obligation

Legal Obligation

Consent

Foreword

This Policy is intended to define how Workers affiliated with the Jigsource trading name shall aim to protect the privacy of their Clients and visitors to the Jigsource.co.uk website (herein referred to as “the website”). It stipulates what we do with the information provided to us and that captured from use of the website.


Within this Policy, use of the terms “we”, “us” and “our” refer to the self-employed Workers affiliated with the Jigsource trading name and the website jigource.co.uk acting as “Data Controllers”. The terms “you” and “your” refer to interested parties, contracted Clients and visitors of the Jigsource.co.uk website. “Personal data” or “your details” includes but is not limited to names, email addresses, addresses, phone numbers, IP addresses, cookies, comments, and information or opinions sent in contact forms, social media or direct emails.

               

Our Privacy Policy is structured in a way for you to easily find the specific details of what we do with your personal data, depending on which processing activity you want to find out more about.


Part 1 of our Privacy Policy is information we must tell everyone regardless of your relationship with us. Part 2 gives specific information on how we use your personal data for each of the different processing activities we undertake.



Part 1: General Information

Our contact details

Jigsource is the data controller for the personal data we process about you. Although we do not have a legal obligation under GDPR to appoint a Data Protection Officer, Sharon White oversees our data protection compliance with the General Data Protection Regulation, the Data Protection Act 2018 and other relevant privacy laws (e.g. the Privacy & Electronic Communication Regulations 2003). 


You can contact us regarding the use of your personal data in any of the following ways

     Email: sharon.white@jigsource.co.uk

     Phone: +44 (0)7880 922993

     Post: Blake House, 18 Blake Street, York YO1 8QG



How we get your personal data

We obtain your personal data directly from you when you enquire about one of our services and/or opt in to receive our newsletters/discounts/promotional offers/etc.



The legal basis to process your personal data

When gathering and using your personal data we must have a legal basis to do so – this is a requirement of data protection law.


The legal basis we rely on to process your personal data varies depending on the processing activity undertaken. The full details of the processing activities we undertake along with the legal basis we rely on to process your personal data are given in Part 2 of this Policy.


Where we process your personal data for us to comply with a legal/regulatory requirement we will rely on the legal basis of “legal obligation” as the processing is necessary for us to fulfil our legal obligation to which we are subject.


Your rights

Depending on the purpose and legal basis we rely on for processing your personal data, there are various rights available to you. You can:

  • Access the personal data we keep about you and be given specific information about the processing. This right always applies regardless of the processing activity we undertake. 
  • Ask us to rectify personal data we hold about you that you think is inaccurate. This right always applies regardless of the processing activity we undertake. 
  • Ask us to delete your personal data. This right only applies in specific circumstances. 
  • Ask us to restrict the processing of your personal data. This right only applies in specific circumstances apply. 
  • Object to the processing when we have relied on legitimate interest to undertake that processing activity and you believe we have infringed your rights. 
  • Transfer your personal data from us to another service provider or give it to you. This right only applies to personal data you have given to us and when the processing is based on your consent or contractual basis and the processing is automated. 


We do not undertake any solely automated decision making, including profiling, about you.


To find out more about how to exercise your rights please refer to the guidance on the Information Commissioner’s Office website. You do not pay a fee to us to exercise any of your rights. However, if your request is manifestly unfounded or excessive, we may either charge a reasonable fee or refuse the request.


We shall respond to a valid request within one month of receiving it.

 

If you wish to exercise one of your rights, please contact us via one of the methods shown in the “Our contact details” section or click here.


How to make a complaint about us to the Information Commissioner’s Office

If you are not happy with how we are processing your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make a complaint to the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. For full details how to make a complaint please refer to their website. Our ICO reference number is ZA758316.


Sharing your information

We do not share, sell or rent your personal data to third parties for them to use for their own marketing purposes.


We may share information in the following ways:

  • Amongst Jigsource Workers as the need arises
  • With third party businesses who help us fulfil our services/delivery of goods to you; and
  • With other businesses who we deliver our services in partnership with


When we do use third party businesses to process personal data on our behalf (they are known as data processors) to enable us to provide our services to you we ensure we have appropriate GDPR compliant contracts in place with each one. The data processor is not allowed to do anything with your personal data other than what we have instructed them to do with it. They will not share your personal data with any organisation apart from us unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.

                 

Our data processors include:

  • IT system providers
  • Website host providers
  • Email host providers
  • CRM provider
  • Ecommerce store provider
  • Payment processor
  • Email marketing software provider

 


Transferring personal data outside of the UK and EU

We endeavour to not transfer or store your personal data outside of the UK or the EU.


Sometimes it is not possible for us to store or process your personal data either wholly in the UK or EU. When your personal data does need to be transferred or stored outside of the UK or EU we make sure we comply with the specific requirements set out in GDPR for us to undertake this. 


We will only transfer personal data outside of the UK or EU when one of the following provisions are in place to safeguard your personal data:

  • An adequacy decision is in place with the country where the personal data is being transferred to. This means that the European Commission have approved that country as having the same or similar level of protections in place to protect and safeguard personal data.
  • Standard data protection clauses, codes of conduct, certification mechanisms, or contractual clauses that have been adopted or approved by the European Commission or UK Regulator (ICO) are in place.


If we are unable to rely on any of the above provisions, we will seek your explicit consent to make the transfer of personal data, unless another exception under GDPR applies to allow us to process your personal data.

 

Website and Cookies

The website operates an SSL Certificate which encrypts the transmission of your personal data to the servers of our webhosting service, ensuring the security and integrity of this data and protecting it from third parties. Our web and email servers are currently based in Germany. We do our best to ensure that our server hosts are fully accredited in line with the “Transferring personal data outside of the UK and EU” section of this Policy. Our server hosts do not have access to your personal data unless they are required to do so by law.

The cookies used on our website are temporary text files stored on your computer, and therefore cannot be used to infect your computer with a virus or allow malicious code to run on your computer. Cookies cannot access any other information on your computer, so the privacy concerns relate to tracking of the sites you browse. We may review cookie data to help us enhance our website and the services we offer.

 

Changes to our Privacy Policy

We keep our Privacy Policy under review to ensure it remains accurate and up to date and we reserve the right to modify this policy at any time. Changes to this policy will be posted on our website and you should endeavour to review the policy frequently.

 

 

If you have any questions about our Privacy Policy, please contact us via one of the ways shown in the “Our contact details” section or click here.

 

This Privacy Notice was last updated on 03.07.2022 and is Version 3.


Part 2: Specifics

If you enquire about one of our services

Whether you email a Worker directly, make contact through social media or complete a contact form on the website, by enquiring about one of our services, we assume that we have your permission to use the personal data you have freely provided in order to respond to you.


What personal data do we need?

When you enquire about one of our services we need to collect the following type of personal data from you:

  • Full name and/or business name
  • Postal address
  • Email address
  • Telephone numbers (landline and/or mobile)


We may ask for more personal data in order to better answer your query or direct you to an appropriate service.


How do we get your personal data?

We gather your personal data directly from you when you either enquire about our services or enter into a contract with us to purchase one of our services.


Why do we need your personal data and which legal basis do we rely on for the processing?

We use your personal data to: 

  • Provide information, at your request, on the services we offer 
  • Send you marketing information relating to our services in general and the work we do.


If we do not proceed to provide you with a quotation or proposal (or other Scope of Work document) then;


The legal basis we rely on for these purposes is: Legitimate Interest (See “Definitions” for further information)


Who do we share your personal data with?

Your personal data is used by Workers for the purposes as set out in “why we need your personal data” above and the “Sharing your information” section in Part 1 of this Policy. 


How long do we keep your personal data?

If you do not ultimately go on to be a contracted Client, information may be recorded in our CRM system and retained indefinitely for internal analysis of business activity and your original emails may be stored indefinitely in an email archive. Any social media messages will be deleted but are subject to the data processing, storage and retention activities of the social media platform and as such, lay outside of our responsibilities.


Marketing contact details are held for as long as you want to remain on our marketing contact list.


Do we use any data processors?

We do not use any data processors for the purpose of providing our service to you.


If you intend to Contract us for one of our services

What personal data do we need?

When you express an interest in purchasing one of our services we need to collect the following type of personal data from you:

  • Full name and/or business name
  • Postal address
  • Email address
  • Telephone numbers (landline and/or mobile)


We may ask for more personal data in order to fulfil our contractual obligations.


How do we get your personal data?

We gather your personal data directly from you when you either enquire about our services or enter into a contract with us to purchase one of our services.


Why do we need your personal data and which legal basis do we rely on for the processing?

We use your personal data to: 

  • Provide information, a quotation or proposal, at your request, on the services we can specifically offer to you 
  • Provide the service package you have purchased
  • Provide updates regarding the service we are providing to you
  • Send you marketing information relating to our services in general and the work we do.


The legal basis we rely on for these purposes is: Contractual Obligation (See “Definitions” for further information)


Who do we share your personal data with?

Your personal data is used by Workers for the purposes as set out in “why we need your personal data” above and the “Sharing your information” section in Part 1 of this Policy. 


How long do we keep your personal data?

When you express an interest in our services and request a quotation or proposal (or other Scope of Work document), your information may be recorded in our CRM system and retained indefinitely for internal analysis of business activity


When you become a contracted Client of ours, we are required by UK law to retain Contracts and invoices which include your personal data for a period of at least 7 years. 


Contract and invoice data are only stored and processed in the UK.


Any information sent to us for the purposes of executing the contract (i.e. a client list for data entry into your CRM) remains your property and as such, will only be used as required for the duration of the contract, in line with our confidentiality statement (see Terms and Conditions) and deleted from our servers immediately after completion of the Contract.


Marketing contact details are held for as long as you want to remain on our marketing contact list.


Do we use any data processors?

We do not use any data processors for the purpose of providing our service to you.


If you are a Supplier or Contractor

What personal data do we need?

For us to pay you for the service or goods you have provided to us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business. The personal data we are likely to need is:

  • Your business name
  • The name (first and last name) of the person who we are liaising with at your business (in some cases this may be several staff members details)
  • Business postal address
  • Business email address
  • Business telephone number
  • Business mobile number
  • Bank details to enable payment to be made


How do we get your personal data?

We obtain your data directly when we start to use your services or have purchased goods from you. We gather the relevant information from you to enable us to process payment to you for those services and goods.


We also obtain some data, such as your business name and contact details, indirectly from publicly available sources or recommendations from 3rd parties to enable us to contact you to enquire about the services and goods you provide prior to us making a purchase.


Why we need your personal data and the legal basis we rely on for the processing?

We need your personal data to either enquire about the services or goods you provide that we may be interested in purchasing or to make a purchase. We then use your personal data to pay for those goods and services when you invoice us or to raise any queries about the payment.


The legal basis we rely on are: Contractual Obligation and Legal Obligation (See “Definitions for further information)


Who do we share your personal data with?

Your personal data is used by Workers for the purposes as set out in “why we need your personal data” above.


If we elect an Accountant, they will see personal data relating to suppliers and any payments we make.


How long do we keep your personal data?

We keep all financial data (which includes supplier information) for at least 7 years from end of the financial year it relates to.


Do we use any data processors?

We do not use any data processors.



If you purchase one of our online products/downloads

What personal data do we need?

When you purchase on our online or digital products, we need to collect data from you in order to complete and fulfil your order. The personal data we are likely to need is:

  • Your business name
  • Your full name
  • Email address


How do we get your personal data?

We obtain your data directly from you when you place an order via our ecommerce store (currently, Payhip.com)


Why we need your personal data and the legal basis we rely on for the processing?

We use your personal data to:

  • Provide information, at your request, about the products and services we offer
  • Provide the product you have purchased
  • Provide updates regarding the products we are providing to you
  • Send you marketing information relating to our products and services in general and the work we do.


The legal basis we rely on are: Contractual Obligation and Legitimate Interest (See “Definitions for further information)


Who do we share your personal data with?

Your personal data is used by Workers for the purposes as set out in “why we need your personal data” above.


When you make a purchase via our ecommerce store, your data will be collected by them and stored on their hosting servers under our password protected account.


How long do we keep your personal data?

We keep all financial data (which includes sales information) for at least 7 years from end of the financial year it relates to.


Do we use any data processors?

We currently use the following data processors within our ecommerce provision:

  • Payhip.com (ecommerce platform)
  • Stripe.com (payment processing platform)



If you just want to receive our marketing emails

What personal data do we need?

To receive marketing communications from us, we are likely to need the following personal data:

  • Email address
  • Your full name
  • Your business name (if applicable)


How do we get your personal data?

We obtain your data directly from you when you sign up to receive marketing information from us.


Why we need your personal data and the legal basis we rely on for the processing?

We need your personal data to be able to send you relevant news about us and our services and products, etc that you have subscribed to receive.


The legal basis we rely on is: Consent (See “Definitions for further information)


Who do we share your personal data with?

Your personal data is used by Workers for the purposes as set out in “why we need your personal data” above.


How long do we keep your personal data?

Marketing contact details are held for as long as you want to remain on our marketing contact list.


Do we use any data processors?

We currently use the following data processors within our marketing communications processes:

  • Mailchimp.com



Definitions

Legitimate Interest

(GDPR Article 6(1)(f))


GDPR allows us to use legitimate interests for direct marketing purposes in certain circumstances. We have undertaken a legitimate interest assessment which balances our business purposes for the processing against your right to privacy. The outcome of the balancing test justifies our use of legitimate interests for this purpose as it would not be an unreasonable expectation for anyone who either enquired about our services with a view to purchasing them, or is an existing customer using our services to receive information from us about our services.


This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, which governs how a business can undertake electronic direct marketing. We can rely on soft opt-in for “individual subscribers” for email marketing to prospective and existing customers. We do not need consent or soft opt-in for “corporate subscribers”.


We always give you the opportunity to object to receiving marketing communications from us; when we first collect your personal data and with every marketing communication thereafter.


Contractual Obligation

(GDPR Article 6(1)(b))


The services we provide to you are done so under contract or with a view to entering into a contract with you. We require certain information from you to enable us to fulfil our contractual obligation. If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may be terminated.



Legal Obligation 

(GDPR Article 6(1)(c))


We have a legal obligation to pay for any services or goods we have purchased.


If you have any questions about our Privacy Policy, please contact us via one of the ways shown in the “Our contact details” section or click here.

Share by: