Privacy Policy

Privacy Policy

This privacy notice explains how Barrow and Cole t/a xHeight uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.

Data controller

xHeight is a data controller, because we make decisions about what data we collect and how it is used and with whom it is shared with. We can be contacted at hello@xheightdesign.co.uk or telephone number 01403 586002

On what basis do we collect and process your data?

Data Protection law defines the basis by which we can lawfully collect and process personal data.

Consent

We will collect and process your personal data on the basis of your freely given and informed consent where we have concluded that this is the most appropriate basis for the processing. You are free to withdraw your consent at any time and can do so by contacting us on the numbers above or using the email address.

In our legitimate interest:

We will collect and process personal data where it is in the legitimate interest of xHeight to do so. We have determined that the rights of data subjects are not outweighed by the use of this legal basis. We also use legitimate interest as our basis to conduct B2B marketing. You have the right to object to electronic direct marketing and can unsubscribe at any time.

For the data we act as data controller for, we have determined the following purpose and legal basis for the data collected:

Where we have used consent to process data for example for B2C marketing, you are free to withdraw that consent at any time.

We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.

The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Data recipients and data transfers

We do not sell any of your personal data to any third party. Where necessary, we share personal data with service providers such as our accountants and insurance companies, as We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.

Specifically, we share your data with:

• Our Web Hosting Company
• Dropbox
• Asana

Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Personal data in electronic form is held in UK accredited data centres. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU (Dropbox, Asana).

Sensitive information

xHeight does not process sensitive data as defined by Article 9 of the GDPR.

Data Retention

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC requirements. Outside of that xHeight has a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected. Personal data processed for marketing purposes will be retained for as long as a legitimate interest exists or as long as consent is in place.

Data Storage and Security

xHeight follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.

Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. xHeight is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

• The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
• Right of Access – you have the right to know what personal information is held, by whom and why.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
• Right to Object – You have the right to object to profiling and direct marketing
• You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making

xHeight does not use automated decision making to process personal data.

Third party websites

Our website may contain links to other websites. This privacy policy only applies to xHeight, so if you follow a link to another website, you should read that organisations own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in November 2019

How to contact us

You can write to us at this address:
xHeight
Suite 3, Falcon Court Business Centre
College Road, Maidstone
ME15 6TF

You can telephone us on this number:
01403 586002

You can email us by using this link:
hello@xheightdesign.co.uk