Ideal Postcodes Privacy & Data Protection Policy (May 2018)

Preamble

This policy briefly describes how we steward the data we record from your usage of our service.

Our aim, as a steward of your information, is to collect as little information (personal or otherwise) on you as possible, while providing a service that is secure, reliable, fast and accurate as reasonably possible.

This means we will only collect information about you if it is required to:

  1. Provide you access to our services
  2. Secure our services from malicious activity
  3. Measure the performance of our services (i.e. speed, reliability and accuracy) with a view to implementing improvements

We will not share this data with third parties, unless:

  • Such an exchange is required in order to render our services (e.g. licensing data access with Royal Mail)
  • We are legally required

We will not engage in:

  • Using your contact information for mass email marketing
  • Tracking your activity across websites (e.g. for marketing or re-marketing)
  • Selling your data, even in an aggregated or anonymised state

What Personal Data do we collect?

Data type When is this data collected Who processes this data
Browsing Data When the website is used IDDQD Limited. Analytics Vendor
Email Address When you create an account IDDQD Limited. Email Provider
Name When you authorise us to license your account IDDQD Limited. Data Vendor
Address When you authorise us to license your account IDDQD Limited. Data Vendor
Payment Information When you make a purchase IDDQD Limited. Payment Gateway
Phone Number When you provide us your emergency contact information IDDQD Limited

Browsing data includes IP address, browser type and any other information passed to us via your browser when you use our Service.

Our Analytics Vendor tracks how the website is used. Our Analytics Vendor is Google Analytics.

Our Data Vendor is Royal Mail.

Our Payment Gateways are:

Our Email Provider is Sendgrid.

IDDQD Limited is the company that operates the Ideal-Postcodes.co.uk brand and includes any subsidiaries or sister companies.

We will take all reasonable precautions to ensure your information is processed securely and that any processors we use apply at least the equivalent (or stronger) protections required by GDPR.

Some of the information we collect from you may be stored outside the European Economic Area (EEA). In these scenarios we will endeavour to ensure these processors apply the same level of protections as required by GDPR and are party to applicable EU Privacy Frameworks which may be available (like EU-US Privacy Shield).

What is this Personal Data used for?

As mentioned in the preamable, there are 3 main reasons for why we may store personal data. Listed below are specific, non-exhaustive examples of scenarios where we would need to collect and process your information:

  • To verify your identify (this includes accessing your account, proving your account ownership)
  • To facilitate tracking and monitoring of suspicious behaviour
  • To license you with our Data Vendor
  • To bill you for your account usage
  • To help us diagnose issues with your account
  • To provide you with support to administer your account or integration

How long is this data retained?

For all clients of the site,

Data Type Retention Period
Browsing Data 180 days

For clients that have created an account we also collect,

Data Type Retention Period
Email Address Not retained beyond account cancellation
Password Not retained beyond account cancellation

For clients who have authorised their account to be licensed with our Data Vendor,

Data Type Retention Period
Name The minimum period of time as specified by Data Vendor (6 years)
Address The minimum period of time as specified by Data Vendor (6 years)

For clients who have made a purchase on their account,

Data Type Retention Period
Billing Information Statutory minimum (7 years)

For clients who have consented to being contacted by phone

Data Type Retention Period
Phone number Retained until consent is withdrawn

Cookies

We use cookies to recognise you and keep you logged into your account. We also use cookies to prevent Cross-Site Request Forgeries.

You need cookies enabled to use this website properly.

Security

We use TLS everywhere. All data passing between you and our servers is encrypted.

Passwords you give us are hashed (using bcrypt) and salted.

Payments and storage of payment information are delegated to our Payment Gateways. We do not store your payment details on our servers.

Amendments

We may update this privacy policy from time-to-time by posting a new version on our website.

Your Rights

You may instruct us to:

  • Provide you with any personal information we may have on you
  • Amend inaccurate information on you
  • Remove information we have on you (exercise your right to be forgotten), subject to our legal and contractual obligations

Your data is also accessible and amendable via our website.

For compliance and security reasons we cannot let you perform some actions on your account without our intervention. Kindly email us to execute these actions on your behalf and we shall comply (pending the necessary checks). These actions include:

  • Deleting your account
  • Deleting an API Key
  • Changing the name of the licensee on your account

Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email.

Data Controller

The data controller responsible for this website is IDDQD Limited.

IDDQD Limited 40 Bloomsbury Way Lower Ground Floor London WC1A 2SE

Our primary contact point is email: support@ideal-postcodes.co.uk