Version Identifier: 1.2.1
Version Effective Date: 26/02/2021
This privacy notice sets out how any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your sensitive information and how we will deal with it. For the purposes of the Data Protection Act 2018 ('the DPA') and the EU General Data Protection Regulation (‘the GDPR’), sensitive information includes what is defined as your 'personal data'.
In summary, our approach is to record only the absolute minimum data required to successfully operate the website.
We are 'Wigwam Design' a VAT registered company in the United Kingdom, registered number 283391288. If you have any concerns about the way we use your information or any questions about this Privacy Notice, please let us know. We can be contacted via email at firstname.lastname@example.org.
Our 'Locations Served' feature requires only the
Outward Code part of the postcode and the rest, or
Inward Code, is discarded, if entered. The
Outward Code part of a UK postcode contains only the area and district information. This is the minimum amount of data required to implement the feature. This data is processed entirely in the browser and is not persisted or transmitted outside of it.
Your searches and tag choices on the Gallery are handled entirely on your device. The state of your tag selection is only retained for the duration of your current visit. As mentioned elsewhere in this policy, this website makes no attempt to identify individual users and does not track users across multiple visits to the site. As such, if your tag choices require the download of extra images to facilitate your request then there is no mechanism to relate that request to any kind of user data, as no user identifying data exists on the system.
If you make use of our 'Contact Us' page we will use the information that you provide to instigate our initial conversation. Providing your information to the form on this page indicates you wish for us to make direct contact with you. The form only records the data necessary to facilitate this.
Specifically, the form requires:
|Your Name||Addressing our contact to you personally|
|Your Email||Sending our response as soon as we are available|
|Your Message||Understanding the intent of your enquiry|
The information and content held on our Website is deployed geographically, via a Content Delivery Network (CDN), to increase the loading performance of the Website from the perspective of an individual user. We will never share your user information with third parties for promotional purposes. The information you supply via our 'Contact Us' form is not recorded by this system.
The data you supply to the form is transmitted to our local system and only your name and email address are recorded. This data is retained only for as long as it is necessary to provide any services that you request or for regulatory reasons outside the scope of the Website. For example, if we are to go on and provide services to you, then that data will be retained for as long as it is required for us to retain records of those transactions. It is stored subject to our separate IT Security policy.
If we do not provide services to you (or remain in contact for any other valid reason) then all the data you have supplied is erased.
Should we continue to provide services to you then your data will be retained for that purpose and that purpose alone and at this point becomes subject to our Client Terms and Conditions and is outside the scope of the Website and this policy.
All requests to the Website are handled by our TLS endpoint. Requests sent in the plain are redirected to take place over TLS. In other words, if you were to try to visit our Website via an address beginning with
http:// it would be automatically redirected to the same address, but over
https. Only the currently accepted best practice ciphers are allowed. The choice of ciphers is also under continued review and is made for maximum security with the majority of browsers in use at the time. This means that a connection to our website with an old browser that does not support these best practices will be rejected. In these circumstances it is likely that the browser will show an error message that it has been unable to make a secure connection. It is suggested to take further external advice about upgrading to a more modern browser if you still wish to visit the Website.
When you visit the Website (a 'request') technical data is recorded to facilitate the visit. This includes the Internet Protocol (IP) address of your machine and other information such as the browser and type of machine that is making the request. This information is obtained from the request sent from your web browser. No attempts are made to obtain any further information from your machine outside of the HTTP Protocol. This data is necessary for the ongoing operation and maintenance of the system, to enable us to understand how our Website is being used and for later fault finding in the event of an error or other investigation.
We do not provide any of our logs to any third parties. If you are concerned about giving away this type of technical data then it is suggested to seek out advice and technology in this domain. Such a discussion is outside the scope of this policy.
We treat our information and electronic security with the utmost priority. As such our approach to information security is continually reviewed and evolved to keep ahead of current and emerging risks.
We have adopted industry best practices from both technological and business process perspectives in order to make the security of your data a key part of the way we do business.
We have policies and practices in place that not only ensure our compliance under the DPA but also the GDPR.
As described earlier in this policy, data that you supply to the Website is not stored on a system covered by this policy. The data that is transmitted from this system (data that you have supplied in out 'Contact Us' form), is stored subject to our Client Terms and Conditions. A copy of these terms and conditions is supplied to any user of our core business.
Our policies and procedures in relation to maintaining privacy for our users, as well as security in general, are continually under review. As such the wording of this policy is subject to change. When considering our usage of your data the version of the policy active at the time of the usage should be used. We retain all versions of this policy along with a list of all changes that are made to it. In order to verify the authenticity of a given copy of this policy a SHA hash is generated at the time of creation and stored separately. Subsequent checks can then be made to compare this hash against the copy of the file in question.
All the claims made in this policy can be independently verified by the user by inspecting the network requests made by the site in the browser network tools. In addition to this manual process, many browsers, either via plugin or as standard, provide a simple user interface for the user to inspect what level of tracking any given website or service is implementing. These tools can be used to confirm the claims made in this policy.
Back to top