Privacy Policy

This policy outlines the purpose and nature of the personal data Amasci Creative collects and retains; what, why and how this is collected, what is done with that information and how long we hold it for. It also outlines an individuals rights in relation to their personal information.

Amasci is considered to be both a Data Controller (determining the purposes in which any personal data is to be processed) and a Data Processor (holding data collected by our clients). We comply with the principles of data protection enumerated in the EU General Data Protection Regulation. We will therefore be lawful, fair and transparent in our use of personal data.

1. What Personal Data is involved

Amasci collects and retains a limited amount of personal data. We only collect data that is necessary for our business use and to communicate with clients. This includes names, addresses, email addresses, website addresses, telephone numbers, bank account details, IP addresses.

We hold information on third parties collected by our clients. This could also include names, addresses, email addresses, website addresses, telephone numbers, IP addresses. This information is only collected for business use such as marketing.

2. How Personal Data is collected and what is is used for

Email and Telephone

Personal data provided by individuals is essential for communication and is used for business purposes only. Information such as telephone numbers and email addresses of clients and potential clients are provided by the individual when they first approach Amasci Creative, whether in person, via email or over the telephone.

Cookies

When someone visits Amasci.co.uk, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not personally identify anyone.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Enquiry form
Our website includes a quick enquiry form for potential clients. Individuals submit personal data in order to receive a reply from us regarding their enquiry.

The quick enquiry form uses cookies known as temporary session cookies. They are destroyed once the process is complete or ended (e.g. once the form is submitted). They do not store personal data and are not used for any tracking or monitoring purposes.

Google Analytics
Google Analytics uses first-party cookies to track visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page. Browsers do not share first-party cookies across domains.

For more information on why we use cookies and how to manage your cookies please see our cookies section.

Servers

Websites hosted on our servers hold personal data collected by that company. Amasci’s role as data processor is covered by this Privacy Policy, therefore this data is handled with the same dedication to privacy and data protection.

We use this information to provide, operate and maintain our services, find and prevent fraud, for compliance purposes including enforcing our terms of service, or other legal rights which may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

3. Where Personal Data is held

Personal information such as contact information is stored in password protected cloud services such as DropBox and Google Drive.

Data is stored on our server for hosting account point of contact.

Data is stored in the accounts package we use. Currently Free Agent. Our accountant has access to this.

Data could be used in Campaign Monitor to update existing clients via eshots.

Emails, which may contain personal information, are kept within the company’s email system.

Third party data, collected by our client’s websites, is held by Amasci on the server. Personal data may also be sent via email or cloud platforms for purposes of tarted email marketing.

4. Who uses the data and how long is it kept for

Personal information is used solely for legitimate business purposes by Amasci employees. Personal information is not passed to third parties without consent.

HMRC request that data is kept for up to 7 years. Therefore personal information, such as that found on our invoices will be kept on file to fulfil our legal and financial obligations.

Personal information such as contact details is held for a long as an individual or business remains a client of Amsaci or are in need of our services. Data cleansing is performed on a regular basis. Inactive client’s personal information is deleted within 2 years.

Email communication is stored for 7 years. Personal data collected by third parties is deleted within 30 days.

5. Lawful Basis for Data Usage

The lawful bases for Amasci processing personal information, in line with Article 6 of the GDPR are:

Consent
When information is freely given via clear affirmative action. This includes sending information through our contact request form or including contact information in an email.

Legitimate interests
Existing clients have an existing affiliation to Amasci and therefore consent does not have to be gathered for data processing as long as the services remain consistent.

6. Individual’s Rights

An individual has the right to request information on the personal data Amasci hold for them. We have mapped out the places in which data is kept so can make prompt replies, by email or telephone to requests.

Individuals also have the right to object to or restrict the processing of their personal data. However, data processing is only ever done for legitimate business reasons and this may impact on our ability to provide services to these clients.

Individuals have the right to have their personal information erased. We will securely dispose of personal data that is no longer required after 7 years or when an individual asks us to erase it. This includes the removal of information from address book services, emailing lists and servers and the deletion of emails.

Any requests will be dealt with by the Company Director without undue delay. Subject Access Requests will be actioned within 30 days.

7. Data Breaches

Amasci takes data breaches very seriously. All data breaches will be reported to thew ICO and or the data subject within 72 hours of being identified.

8. The Information Commissioner’s Office

The ICO us the UK Supervisory Authority for data protection. It is an independent body set up to uphold the rights and freedoms of individuals concerning their personal data. An individual can contact the ICO to make a complaint or query at www.ico.org.uk