Webreality Webreality is a team of 19 digital specialists: business strategists, designers, copywriters, information architects, usability consultants, software engineers and online marketing experts.

Privacy Policy

Version 2.1
Issued: 23 May 2018

This Privacy Policy governs the manner in which Webreality collects, uses, maintains and discloses information collected from users of Webreality’s services, and of the www.webreality.co.uk website ("Site"). This privacy policy applies to the Site and all products and services offered by Webreality.

We take your privacy very seriously and we aim to set a very high standard for the processing of any personal data that we control.

The information we collect about you, if you agree to provide it, will allow us to contact you and send information to you about services where you may have an interest.

  • In providing us your information you thereby consent to us processing it for this purpose.
  • We will not pass your information on to any third party without your express permission, except as defined herein for the provision of services that you have requested, other than authorities and the police in the event of any investigation.

By visiting our Site and completing any of the consent processes (i.e. subscribing to a service and/or providing your contact information), you accept and consent to the practices defined in this privacy policy.

Governing legislation

Webreality is incorporated in Jersey. The States of Jersey decided to incorporate the principles, timing and effects of the EU General Data Protection Regulation into local law.  Accordingly, the Data Protection (Jersey) Law 2018 has effect from the same day as the EU General Data Protection Regulation, 25th May 2018.

We refer in this policy to the Data Protection (Jersey) Law 2018 as “Jersey-GDPR” and the European GDPR (Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016) just as “GDPR”.

For the purposes of the Jersey-GDPR and GDPR:

  • the data controller is Webreality
  • Webreality may use third-party processors to deliver specific services that are requested by you from Webreality (see Processors below).

Information that we may collect from you

We may collect and/or process the following data about you:

  • Information you provide to us - by filling in forms on our Site, or by entering into a contract with us, or by correspondence with us by email, letter, phone or other methods, or when reporting a problem with our Site, or otherwise contacting us.
    • Personal Data - the information you give us may include: your name, address, email address, phone number, together with financial and credit card information, all of which is Personal Data and subject to the Jersey-GDPR.
  • Information we collect about you - in accordance with our legal obligation to prevent fraudulent or abusive use of our Site, some data may be automatically collected, comprising the following:
    • Our Site will not store any identifying information of your visit on your computer apart from a small text file called a cookie, which in itself does not contain any identifying information and does not mean that you entered the Site. See our cookie policy for more detail on cookies.
    • Depending on the configuration of your browser, pages and images you view on our Site may be stored on your computer. This feature, (which you can configure), is called caching.
    • technical information - non-personal identification information including your internet protocol (IP) address, the browser type and version with plug-in types and versions, the type of computer or device and technical information about User’s means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information;
    • information about your visit - including the date and time, Site response times, downloads, errors, page visit time length, interaction (scrolling, clicks, mouse-overs), route to our Site from other websites, with the address of other sites, or from search engine links to our Site including search engine address and search term used, and exit methods away from pages.
  • Information we receive from other sources - we may receive information about you from third parties when you use our services:
    • Third parties, such as introducers of business or credit reference agencies, may provide information to us about you.

Data protection

All Personal Data and other data we hold is protected by us in accordance with the Principles of the Jersey-GDPR.

Data security - We endeavour to take all reasonable steps to protect your data. All the data collected by us is stored on secure platforms in secure hosting facilities and we take all reasonable steps to ensure any access is pre-authorised and recorded.

How your information is used

The information we hold about you is used as follows:

  • Information you provide to us - this information is used to enable us to meet our obligations under any contracts between you and us, and/or our legal obligations, and/or;
    • to respond to your requests for information about our products and services.
    • to notify you of changes to our services, or make suggestions/recommendations that may interest you, or
    • to investigate any suspected breach of the Terms of Use made by you or otherwise relating to you, or
    • deal with investigations by the police or other regulatory bodies.
  • Information we collect about you - we use this information as follows:
    • to improve our Site and content for users and their devices;
    • to ensure our Site is safe and secure by monitoring activities within the context of continual process improvement, which is a best practice requirement of the Jersey-GDPR;
    • to enable us to display relevant targeted advertisements to you about products and services that may be of interest.
  • Information we receive from other sources - we will use this information, in combination with information you provide to us, to enable us to meet our obligations under any contracts between you and us.

Know your rights

Under Jersey-GDPR all individuals who are the owners of their Personal Data have specific and clear rights, which are:

Individual Rights

Description

Right to Erasure

Every individual has the right to be forgotten upon request. The data controller must remove your Personal Data from its systems and request the same of any third-party systems of that controller.

Right to Access

Every individual has the right to access their Personal Data held about them upon request.

Right to Portability

Every individual has the right to request their Personal Data and use it for other parties they wish to engage with.

Right to Be Informed

Every individual has the right to be informed about how their Personal Data is being used, which may be provided upon request of the individual, or before the controller changes any use of that data, giving the individual the right to consent or object.

Right to Objection

Every individual has the right to object to the use of their Personal Data for any purpose proposed by a controller.

Right to Rectification

Every individual has the right to have errors in their Personal Data to be corrected.

Right to Restrict

Every individual has the right to restrict the uses of their Personal Data for any specific type of processing.

Rights on automated decisions & profiling

Every individual has the right to restrict or object to automated decision-making processes or profiling based on their Personal Data.

Remedies

Revoke your consent

In accordance with the Jersey-GDPR, to revoke consent for processing of your data, please send an email with the word "Revoke" in the subject field to revoke@webreality.co.uk.

Data Subject Access Request (“DSAR”)

In accordance with the Jersey-GDPR:

  • you may ask us to send you details about any Personal Data that we may hold about you, or
  • you may request that we correct any errors in the Personal Data that we may hold for you, or
  • you may ask us to delete any or all Personal Data that we may hold about you.

DSAR Fee

In accordance with the Jersey-GDPR, we will provide our response to any DSAR free of charge within 30 days, unless a particular DSAR is subject to other regulatory requirements as defined in the Jersey-GDPR, in which case we will inform you as required by those specific regulations.

Do we pass your information on to third parties?

We may pass your data to other parties as follows:

  1. Where relevant, we may pass your data to our employees, suppliers and agents to administer the services provided to you by us or them, now or in the future.
  2. We may disclose your data to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence or suspected breach of the Terms of Use and (where appropriate) by you or otherwise where required by law.

Third party processors

We use third-parties to process data and deliver services for the purposes shown.  All of these processors may have access to some of your Personal Data as appropriate for the delivery of the purpose specified.

All of our third-party processors are subject to our Controller-Processor terms, which limit their legal right to access Personal Data unless under supervision by our personnel or by other specific written consent from us.

Processor category

Purpose

Categories of individuals

Finance

Book-keeping
Invoicing
Credit control
Supplier payments

Clients
Suppliers
Employees

Communications

Internal communications
Project management

Clients
Potential clients
Employees

Business management

Project management
Resource planning
Time recording

Clients
Potential clients
Employees

Email infrastructure

External communication

Clients
Suppliers
Potential clients
Employees

File storage

Client file storage
Internal file storage

Clients
Suppliers
Potential clients
Employees

Web hosting

Client website and data hosting

Clients
Employees
Customers of clients

Links to other websites

Please be aware that the Webreality Site and/or published materials may link to other websites that may be accessed by you through our Site or materials.

We are not responsible for their data policies, content or the security of these linked websites. We do not have any control over the use to which third parties may put your data where you choose to purchase products or services or otherwise to contact them via our Site or materials.

Transfer outside the EU/EEA

This Site is accessible via the internet and therefore may potentially be accessed by anyone around the world. Other visitors may also access the Site from outside Jersey and/or the European Economic Area.

  • This means that, where you post your data on the Site, this could be accessed from anywhere around the world and therefore a transfer of your data outside of Jersey and/or the European Economic Area may be deemed to have occurred.
  • Data protection laws in countries outside of Jersey and/or the European Economic Area are generally not as protective.

Data retention policy

It is our policy to retain documents and records in either physical or electronic form for the following maximum periods upon termination of a relationship with an organisation or individual, subject to any specific requests to erase.

Category of individuals

Retention period

Clients

10 years

Suppliers

7 years

Employees

7 years

All personal data controlled by Webreality clients after termination

12 months

It is our policy to retain in server logs the IP addresses of all users of all websites for which we provide managed hosting services for 28 days after the date of website visit, in order to allow us to diagnose and remedy fraudulent, malicious and criminal activity.

Webreality employees

All employees of Webreality are subject to strict terms of confidentiality regarding the data and operations of Webreality.

All employees of Webreality are subject to and protected by the terms defined in this Privacy Policy.

Other policies

Cookie Policy
Website Terms of Use
Webreality Standard Terms of Service

Privacy Policy change control

Any changes that we make to this privacy policy will be posted on this page. Please check this page at regular intervals to ensure that you are aware of updates or changes.

We reserve the right to notify any users of our services of any major change to our policies by email, except for users that have elected to opt out or revoke communications from us.

Contact

For any questions relating to your Personal Data, or to submit a DSAR, please contact our Data Protection Manager:

Tom Witherington
Webreality
Pirouet House
Union Street
St Helier
Jersey JE2 3RF
+44 1534 488888
tom@webreality.co.uk

This document was last reviewed on 23 May 2018