Ideal Postcodes Privacy & Data Protection Policy (January 2024)

Preamble

This policy briefly describes how we steward the data we record from your usage of our service.

Our aim, as a steward of your information, is to collect as little information (personal or otherwise) on you as possible, while providing a service that is secure, reliable, fast and accurate as reasonably possible.

This means we will only collect information about you if it is required to:

  1. Provide you access to our services
  2. Secure our services from malicious activity
  3. Measure the performance of our services (i.e. speed, reliability and accuracy) with a view to implementing improvements

We will not share this data with third parties, unless:

  • Such an exchange is required in order to render our services (e.g. licensing data access with Royal Mail)
  • We are legally required

We will not engage in:

  • Using your contact information for mass email marketing
  • Tracking your activity across websites (e.g. for marketing or re-marketing)
  • Selling your data, even in an aggregated or anonymised state

What Personal Data do we collect?

Data type When is this data collected Who processes this data
Browsing Data When the website is used IDDQD Limited. Analytics Vendor
Email Address When you create an account IDDQD Limited. Email Provider
Name When you authorise us to license your account IDDQD Limited. Data Vendor
Address When you authorise us to license your account IDDQD Limited. Data Vendor
Payment Information When you make a purchase IDDQD Limited. Payment Gateway
Phone Number When you provide us your emergency contact information IDDQD Limited

Browsing data includes IP address, browser type and any other information passed to us via your browser when you use our Service.

Our Analytics Vendors track how the website is used. Our Analytics Vendors are Google Analytics and Hubspot.

Our Payment Gateways are:

Our Email Provider is Postmark.

IDDQD Limited is the company that operates the Ideal Postcodes brand and includes any subsidiaries or sister companies.

We will take all reasonable precautions to ensure your information is processed securely and that any processors we use apply at least the equivalent (or stronger) protections required by GDPR.

Some of the information we collect from you may be stored outside the European Economic Area (EEA). In these scenarios we will endeavour to ensure these processors apply the same level of protections as required by GDPR and are party to applicable EU Privacy Frameworks which may be available (like Standard Contractual Clauses).

What is this Personal Data used for?

As mentioned in the preamble, there are 3 main reasons for why we may store personal data. Listed below are specific, non-exhaustive examples of scenarios where we would need to collect and process your information:

  • To verify your identify (this includes accessing your account, proving your account ownership)
  • To facilitate tracking and monitoring of suspicious behaviour
  • To license you with our Data Vendors
  • To bill you for your account usage
  • To help us diagnose issues with your account
  • To provide you with support to administer your account or integration

Our lawful basis for processing your data

We have set out a lawful basis for processing data in our Record of Processing Activities (ROPA). The ROPA guides how we process data.

Typically, we rely on one of the following basis: Consent, Legitimate Interests, Contract and Legal.

We rely on consent for activities such as cookie management and direct marketing when a legitimate interest does not apply.

We rely on legitimate interests to build relationships with our clients and to provide our services.

We rely on contracts when we have entered into or are negotiating a contract with a new or existing client to provide them with services on an ongoing basis.

We rely on legal to ensure we comply with the law, for example by sharing employee data with HMRC.

How long is this data retained?

For all clients of the site,

Data Type Retention Period
Browsing Data 180 days

For clients that have created an account we also collect,

Data Type Retention Period
Email Address Not retained beyond account cancellation
Password Not retained beyond account cancellation

For clients who have authorised their account to be licensed with our Data Vendor,

Data Type Retention Period
Name The minimum period of time as specified by Data Vendor (6 years)
Address The minimum period of time as specified by Data Vendor (6 years)

For clients who have made a purchase on their account,

Data Type Retention Period
Billing Information Statutory minimum (7 years)

For clients who have consented to being contacted by phone

Data Type Retention Period
Phone number Retained until consent is withdrawn

Cookies

To further improve your online experience, we store information about you using cookies which are files sent by us to your computer or another access device that we can access when you visit our site at some point in the future.
We use several different cookies on our site. If you do not know what cookies are or how to control or delete them, we recommend that you visit http://www.aboutcookies.org for detailed guidance.

There are four main types of cookies we store – here’s how and why we use them.

(1) Site functionality cookies (necessary) – these cookies allow you to navigate the site and use our features.

(2) Site analytics cookies (statistics) – These cookies allow us to measure and analyse how visitors use the site to improve both its functionality and your online experience.

(3) Customer preference cookies (preferences) – when you are browsing on the Ideal Postcodes website, these cookies will remember your preferences (like your language or location), so we can make your online experience as seamless as possible and more personal to you.

(4) Targeting or advertising cookies (marketing) – These cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

You can manage your cookie preferences via the cookie banner.

First Party Cookies

These are cookies that are set by this website directly.

Third-Party Cookies

These are cookies set on our website by 3rd parties, such as Google.

Governing Law

The terms and conditions shall be governed by and construed by the laws of England, and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales.



We use several different cookies on our site. If you do not know what cookies are or how to control or delete them, we recommend that you visit http://www.aboutcookies.org for detailed guidance.

Further Information

More information on session cookies and what they are used for can be found here, All About Cookies. To view a list of the cookies present when browsing our site, you can right-click within the browser page, click inspect and then click application.

Security

We use TLS everywhere. All data passing between you and our servers is encrypted.

Passwords you give us are hashed (using bcrypt) and salted.

Payments and storage of payment information are delegated to our Payment Gateways. We do not store your payment details on our servers.

Amendments

We may update this privacy policy from time-to-time by posting a new version on our website.

Your Privacy Choices and Rights

Your choices

You can choose not to provide us with personal data. If you choose to do this, you can continue to use the Ideal Postcodes website and browse its pages, but we will not be able to continue a relationship without personal data.

You can block cookies by activating a setting on our cookie banner, allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the Ideal Postcodes website and browse its pages. See the cookie section below for further detail.

You can opt-out of marketing by clicking the unsubscribe option in any marketing communications.

Your rights

You can exercise your rights by sending an email to support@ideal-postcodes.co.uk.

You have the right to access the information we hold about you. This includes the right to ask us supplementary information about:

  • the categories of data we’re processing
  • the purposes of data processing
  • the types of third parties to whom the data may be disclosed
  • how long the data will be stored (or the criteria used to determine that period)
  • your other rights regarding our use of your data

We will provide you with the information within one month of your request unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

You have the right to make us correct any inaccurate personal data about you.

You can object to us using your data for profiling or making automated decisions about you.

We will use your data to determine whether we should let you know information relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).

You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.

If you ask us, and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you if it is no longer necessary for us to store the data for purposes of your relationship with Ideal Postcodes or any other law.

You have the right to complain about our use of your data; please tell us first so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

Or, if you are outside of the UK, you can make a complaint to your local supervisory authority. Details can be found here.

These rights apply to all the data categories listed in the ‘Data we collect and how we collect it’ section.

For compliance and security reasons we cannot let you perform some actions on your account without our intervention. Kindly email us to execute these actions on your behalf and we shall comply (pending the necessary checks). These actions include:

  • Deleting your account
  • Deleting an API Key
  • Changing the name of the licensee on your account

Breaches

Should a breach of your data occur that is likely to result in harm to the rights and freedoms of you as an individual or group of individuals, we will notify you within 72 hours along with the ICO, where applicable.

Additional information

Ideal Postcodes has not appointed a statutory Data Protection Officer as we are not required to by law. However, we have committed resources to manage our compliance with all applicable Data Protection laws.

A Record of Processing Activities (ROPA), in which the lawful basis for processing all of our data is maintained. Wherever Legitimate Interests is relied upon, an impact assessment has been created, available upon demand to those whose data is included.

As of January 1st, 2021, the UK left the European Economic Area (EEA). As Ideal Postcodes process the data of EU Residents/Citizens we are required to appoint a European representative to comply with Article 27 of the GDPR.

The details of our EU Representative are:

IDKFA BV
support@idkfa.industries

Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email.

Data Controller

The data controller responsible for this website is IDDQD Limited.

IDDQD Limited
Floor 3
207 Regent Street
London
W1B 3HH
United Kingdom

Our primary contact point is email: support@ideal-postcodes.co.uk

This notice is due for review within 1 calendar year.

results matching ""

    No results matching ""