1. Data we collect, retain and process
Name of business
Card details at the point of purchase (NB. see 6. below “Data we do not retain“)
Digital Marketing Data:
Website login and password
Social media login and password
2. Lawful basis
2.1 HMRC – It is a mandatory requirement that customer personal data is retained for UK tax reasons.
2.1 Legitimate Interest – To provide you, the customer with the service you have paid for. Rights are detailed at Point 10.
3. How we retain customer personal data
Customer personal data is stored on encrypted spreadsheets and stored on hard-drive encrypted computers. It is also stored on the GDPR compliant G-Suite.
4. How we retain customer digital marketing data
We store customer logins and passwords on encrypted spreadsheets on hard-drive encrypted computers and also on the GDPR compliant G-Suite.
5. How long we retain customer personal data
UK HMRC legal compliance dictates the retention of customer personal data for six years from the end of the last company financial year they relate to, or longer in certain legal circumstances.
6. Data we obtain and process but do not retain
Credit/debit card details.
Strict rules underpin card payments and are overseen by the Payment Card Industry.
Initial payment is taken from the customer over the telephone and put directly through the bank’s payment portal. We do not retain credit/debit card details. Payments are set up within the bank’s payment portal.
Ad Rank One Limited is fully PCI/DSS compliant.
We are annually assessed and awarded PCI/DSS compliant status by the Payment Card Industry.
7. What we don't do with customer personal data
We never share or sell customer personal data to any third-party organisation.
NB: If a customer is in debt to the company and despite our attempts to recover the amount owed, we will, under the lawful basis of Legitimate Interest provide details to a debt recovery agency.
8. How we protect customer personal data in transit between us and the customer
Emails are sent from us to customers over SSL/TLS encryption and/or via encrypted email from within GDPR compliant G-Suite.
9. Data processing and why
Customer personal data is processed for the following reasons:
Payment for services through the bank’s payment portal.
Record keeping in line with mandatory HMRC Law.
Calculation and payment of corporation tax through Chartered Accountancy Company.
10. Your rights
You have rights in respect of the personal data that we hold about you. Not all rights can be granted where a legal basis over-rides your rights e.g. UK Tax Law. Please refer to the ICO for further explanation at: “When does your rights do not apply.”
Here we inform you of your rights.
RIGHT OF ACCESS
At no charge we will reply to any request with a list of customer personal data we retain. However, we only retain the data you have already given to us (except card details – see 6.0 above).
RIGHT TO RECTIFICATION
We will amend customer personal data as requested.
RIGHT TO ERASURE
HMRC prohibits us from erasing customer personal data until six years has elapsed or longer as in 5. Above.
THE RIGHT TO RESTRICT PROCESSING
HMRC prohibits us to allow restriction of processing.
RIGHT TO DATA PORTABILITY
Upon request we can forward personal data. However, please note, the only data we retain is that which has already been provided to us by the customer (except card details – see 6.0 above).
RIGHT TO OBJECT TO PROCESSING
This usually refers to personal data being used for profiling. We do not share customer personal data with any third party. Mandatory HMRC Tax Law requires us to process customer data.
RIGHTS RELATED TO AUTOMATIC DECISION MAKING INCLUDING PROFILING
We do not share customer personal data with any third party and we are not involved in profiling.
HOW WE PROTECT THE PRIVACY OF THOSE WHO BROWSE OUR WEBSITE
We have customised settings in Google Analytics so that users’ IP Addresses are anonymised to prevent identification.
The contact form does not save events (name, email, contact number or IP addresses) in the backend of the website or on the database where the site is hosted. It is designed to email directly to our contact email address. Additionally, our cookie message shows users how to use our website without being tracked via their browser settings.
11. How to contact us with questions
tel: 0161 527 6800