Updated 28/10/2019 Version 1.1-Website

Reason for collecting information

Dewi Development Ltd collects data in order to be able to deliver its services to its customers.

Dewi Development Ltd treats it’s data as a key asset of the business and recognises it importance and value to the business, as well as the customers who own it.

In order to ensure its security, Dewi Development Ltd, develops its IT policies and procedures to the ISO 27000 standards.

Information we collect

All services

To deliver all of our services we will collect any of following information

By submitting an enquiry, we will collect the following additional information:

By initiating a chat with us through the on-line messenger function, we will collect the following additional information:

By placing a review about our services on Trustpilot, they will collect:

Invoicing

We will use invoice details to generate invoices which we will send to you electronically or post to you.

Where you request to pay by credit card, we will add invoice details into our partner organisation, iZettle invoice system to generate an invoice. This will provide you with the option to pay the invoice through a link. Our partner will take your credit card details and process payment to ourselves. They will not hold your card details, but maintain your contact information so we can easily invoice you again.

Training/Events

As part of providing training at your premises, we will collect any of the following additional information

Applications/Websites

As part of providing application or website development, we will collect the following additional information:

Consultation

As part of providing facilitated sessions or acting as consultant, we will collect the following information

On-line portal

As part of providing you on-line access to the details of the services we have provided to you, we will collect the following information to manage your account.

Using our website

Like many sites, we collect ‘Log Data’ provided by your browser. The ‘Log Data’ can include:

We use Google Analytics to help us understand how our site is used. This may provide additional anonymous analytic information not listed above. Please review Google Analytics if you require further information.

How we process data

We collect data solely to be able to deliver services to our customers.

We do not sell any data to any other business.

All services

We use contact details to:

We use delivery address to:

We use order and service costs to:

We use customer feedback to promote our services:

Enquiries

We process your enquiry to be able to respond your individual questions.

We log the type of enquiry to:

Web chat

We process your web chats to be able to respond to your questions.

The web chats during working hours will be delivered to our computer application or to the phone when we are not in the office.

The web chats outside working ours or when an agent is not available, will be notified by e-mail to the team. We will use the logged e-mail address to respond to you in working hours.

We request your name and e-mail address to start the chat so we can:

Reviews

We process your reviews to:

The reviews are processed and hosted by a third-party supplier. To see how they fully use the data, please see their privacy policy.

When you write a review, they collect the information to:

The host company collect your IP address:

The host company place cookies on your device when you visit their website, to:

Events/Training

We collect your candidate details to manage the event, this includes:

We collect your candidate results and contact details to:

We collect your evaluation information to:

We collect bookers feedback and impact assessments, to:

We will enter your candidate name and results information in NucoPlus system, administered by Nuco Training, in order request your certificates. We may add your delivery address information into the NucoPlus system in order for your courses certificates to be delivered direct to your company.

We work in partnership with Viking Training Ltd, who may deliver some courses on our behalf. We will share event and candidate information with Viking Training Ltd in order for them to deliver the event on our behalf.

If an accident or safeguarding concern takes place during the event, we may use data to pass to the appropriate authority to help protect your interests and life. This may include but limited to Police, Ambulance Service or Social Services.

Applications/Websites

We use information to setup services to meet your needs. This may be with our systems or with third parties as discussed with you.

We use application requirement information to build the websites or specialised applications to meet your needs.

We use username information to setup uses in the systems, to allow your uses to access the websites or applications.

We utilise provided data to test the application or website works as specified. We will generate data as part of this testing.

We will use application requirements and may use test data to support the development of user manuals for your systems.

We will store the data generate by the websites or applications we have developed for you, where you have requested we host your systems.

We will only access this data when requested by yourselves for support.

To diagnose a reported problem by yourselves.

To test the system when implementing an upgrade.

Consultation

We will use the data collected during a facilitated session or consultation to:

We will use names and contact details of people taking part in the facilitation or consultation for:

On-line portal

If you register for the on-line portal, we will store your account details and site preferences.

We will use your account details to manage your access to your own account, so you can view the services you have booked or received with us and manage your personal details.

We will use user log details to

We will use account settings to lock accounts where there concern of attempted breaches of access.

We will use account settings to block access where we have reasonable information of misuse of the system.

Information provided by the browser

We collect browser to:

Identify attempted breaches to the system

Help us to improve our website experience by understanding the devices, browsers and countries accessing our systems.

Understand the pages that:

Understand what search words bring people to the website

Legal basis for processing data

Contract

By ordering with us, you begin a contract with us to deliver a service or product to you. We process your data for the duration of contract in order to deliver your service or product.

Legal obligation

We have legal obligation to maintain financial records and to report to HMRC and Company House on a yearly basis.

We will utilise your order, invoice and payment details to support us in producing these reports.

We will share data with the police, where we identify an illegal act has occurred or there is deemed to be risk to life.

We will share data with the police where an appropriate warrant is produced, identifying that an illegal act has occurred and the data is required as evidence.

Legitimate interest

By raising a request with us, we process your information to respond to your request and providing you with your required information.

By initiating a web chat with us, we process your information to respond to your chat request and provide you with your required information.

By initiating a chat with us, we process your information in order to respond to your chat questions.

By ordering a service or product with us, we will use your contact details to:

By undertaking training with us, we use your results to remind you of your options for Continual Professional Development (CPD) or renewal of qualifications, up to year after the expiry of your qualification. This allows you to keep skills up to date and book renewal or CPD sessions with a relevant organisation.

You have the option to opt out of these services and to define which is your preferred communication method.

By adding a review to our third-party provider, you agree to the information being shared publicly and for us to respond through the third-party site to your comments. By placing your public review, we may also use your reviews in our marketing on social media, on our website and our printed martials.

Consent

If during an event a Safeguarding concern arises with an adult and the decision is made to refer to the appropriate support agency, which could include but not limited to the Police, Ambulance Service or Social Services, the consent of the adult will be sought verbally.

Vital Interest

If a Safeguarding concern arises with an adult or child, where the life is in danger, a referral will be made to the Police or Ambulance Service.

If an accident occurs during an event and the individual’s life is in danger, a referral will be made to the Ambulance Service, which may include the Police.

The appropriate data held by Dewi Development Ltd will be shared, where it is deemed appropriate in protecting the individuals life.

Keeping your data secure

We work to the ISO 27000 standard for securing out IT infrastructure.

We use dual factor authentication for accessing information, where provided by the supplier.

We build our websites to use dual factor authentication.

We expect all administrators of your sites to use dual factor authentication.

We build all our websites with SSL encryption as standard.

We apply the latest updates released by vendors.

We backup all data with our hosts or on our internal backup drives.

Sharing of information

We only share data with our partners in order to deliver a service to our clients. We do not share data for any other reason.

We do not sell data to any other source.

We share data with partners when applicable for the following actions:

We are partnered with the following organisations:

Hosting your website

Websites that we have developed for our clients are externally hosted.

We contract with 1&1 IONOS to provide this service.

1&1 IONOS provide the following services:

Their services are hosted in the EU and compliant with EU GDPR regulations.

Your contract is held with Dewi Development Ltd and your contract data is not stored with 1&1 IONOS. Only data you store on the services listed in 3.3 is held with 1&1 IONOS.

1&1 IONOS manage the back up of their services.

We will at times create our own backup before implementing any changes to the systems we are managing for you.

Storage of your data

We store active work in the Cloud, allowing us to work remotely.

We store archived work on our own secure servers.

OneBox provides our Cloud storage solution. Their servers are based in Europe and meet the EU GDPR requirements.

Your data is encrypted and cannot be access by OneBox support staff without our authorisation.

File transfer

If we need to transfer files between Dewi Development Ltd and yourselves, that contain personal or sensitive information, we will not do so by e-mail.

We will transfer files through OneBox, where we can control who can access files.

We will remove transfer files from OneBox, once they have been successfully transferred or the collaboration on the files has ended.

Backup

Data hosted in Cloud environment will be backed up by the provider.

Data hosted on our secure servers will be backed up locally on daily basis and off site on a weekly basis.

Data retention

We have a Data Retention policy which defines the specifics of how long each type of data is held. This schedule is available on request.

In general, we keep customer data for the following lengths of time:

Reviewing data

If an on-line account is held, the user can review their information through the on-line account and update their personal information.

Alternatively if an individual does not have access or would like further details they can request access to their information, by contacting This email address is being protected from spambots. You need JavaScript enabled to view it..

Data information requests will be responded to within a maximum of 1 month.

There is no fee to request to review personal data, except the following cases may incur a charge to cover the administration cost where:

Right to object

An individual may request not to have their data processed for particular activities. We can stop data being processed for:

We will aim to change preferences the same working day, but it may take up to 30 working days to filter into already planned activities.

Right to be forgotten

An individual can request information is deleted from their account by contacting This email address is being protected from spambots. You need JavaScript enabled to view it. with information on the data they would like deleted and the reason for deletion.

An individual will be required to answer security questions to prove their identify and ownership of the data, before any data will be released.

All deletion requests will be considered and responded to in writing within one month.

All deletion requests will be considered against the General Data Protection Act (GDPR) 2018.

The erasure will not take place, where it meets a reasonable need in line with General Data Protection Act 2018. This may be due to, but not limited to, data being held:

Monitoring

We will review the policy to ensure it still meets need in the following situations:

We will regularly review data and investigate concerns to ensure this privacy policy is being implemented effectively.

Data Breaches

We will investigate any concern of a data breach.

We will inform the Information Commissioners Office of any breaches within 72 hours.

We will inform individuals affected by the data breach, once individuals and impact are identified.

We will make changes to our policy and reasonable improvements to our systems to prevent the breach from occurring again.

Changes to the policy

The policy takes affect from the dates covered in the version control.

We hold the right to update the privacy policy at any time.

Privacy policies should be review periodically.

The use of services or the website constitutes acceptance of the updated privacy policy.

Material changes to the policy will be notified to individuals via e-mail or through a prominent notification on the website.