Our Website is not intended for children and we do not knowingly collect data relating to children.
Who we are
Square Meter Media Limited (“Square Meter Media”, “we”, “us”, “our”) is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this policy (see ‘How to contact us’).
Personal data means any information relating to an identified or identifiable individual.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier and title.
- Contact Data includes email address, postal address, telephone numbers and company name, email address, postal address and telephone number.
- Financial Data includes details when payment of an invoice is received.
- Location Data includes the area of the UK in which you live (e.g. the South).
- Transaction Data includes subscription date, details of products you have purchased from us, including the date, order details and any additional details you provide.
- Technical Data includes your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.
- Profile Data includes your username and password and purchases or orders made by you and your preferences.
- Usage Data includes information about how you use our Website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Depending on the circumstances, we use different methods to collect data from and about you including:
Directly from you. You may give us your Identity, Contact, Location, Technical, Profile, Usage and Marketing and Communications Data by filling in forms on our Website or by corresponding with us by email, telephone or otherwise. This includes personal data you provide when you:
- complete an online enquiry form;
- email us directly asking for information;
- apply for our products or services;
- create an account on our Website;
- subscribe to our service or publications;
- request marketing to be sent to you; or
- give us some feedback.
- Other sources. We may receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
- Analytics providers eg. Metorik based outside the EEA.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as PayPal based inside the EEA and Stripe inside the EEA
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- to comply with our legal obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so.
|What we use your personal data for
|Our lawful basis for processing data
|To register you as a new customer
|Necessary for the performance of our contract with you or to take steps at your request before entering into a contract.
|To provide products and services to you to include processing and delivering your order
|Necessary for the performance of our contract with you or to take steps at your request before entering into a contract.
|For individuals representing organisations with whom we have contracts e.g. suppliers, for corresponding with you and for taking steps under the contract with your organisation
|Necessary for our legitimate interests or those of a third party e.g. to take steps under the contract with the organisation
|Necessary to comply with a legal obligation Necessary for our legitimate interests i.e. to keep our records updated and to study how customers use our products/services
|To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|Necessary for our legitimate interests i.e. for running our business, provision of administration and IT services, network security, to prevent fraud Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
|To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences
|Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and inform our marketing strategy
|To make suggestions and recommendations to you about goods or services that may be of interest to you
|Ensuring business policies are adhered to e.g. policies covering security
|Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
|Statistical analysis to help us manage our business e.g. in relation to our [financial performance, customer base, product range or other efficiency measures]
|Necessary for our legitimate interests of those of a third party i.e. to be as efficient as we can so we can deliver the best service for you at the best price
|Preventing unauthorised access and modifications to systems
|Necessary to comply with our legal obligations Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you
|Updating and maintaining customer records
|Necessary for the performance of our contract with you or to take steps at your request before entering into a contract Necessary for our legitimate interests or those of a third party e.g. to make sure we can keep in touch with our customers and other contacts
|External audits for the audits of our accounts
|Necessary to comply with our legal obligations
|To enforce or apply our Website terms and conditions or any other agreements
|Necessary for our legitimate interests or those of a third party i.e. to enforce our legal rights and protect our business.
Where we rely on consent as a lawful basis to process your personal data, you have the right to withdraw your consent at any time. To do this, please email or write to us (see ‘How to contact us’).
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
We may use your personal data to send you periodic communications by email about developments that might be of interest to you, updates, and/or information about our services.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving marketing communications at any time by:
- emailing email@example.com ;
- writing to us at St Mary's House, Netherhampton Road, Salisbury, Wiltshire, SP2 8PU (for the attention of Square Meter Media Limited); or
- using the ‘unsubscribe’ link in our emails. Will update this as appropriate.
We may ask you to confirm or update your marketing preferences, or if there are changes in the law, regulation, or the structure of our business.
Depending on the circumstances, we may share your personal data with. [Please review the list below carefully to reflect your business operations and delete or add to as appropriate]
- External service providers e.g. [website hosting provider WPEngine based inside the EEA, email service provider ConvertKit based outside the EEA, marketing service provider, IT providers] who provide [website hosting, email hosting, marketing and IT services]
- Professional advisers including lawyers, bankers, auditors and insurers who provide [legal, banking, insurance and accounting services]
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. [We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us].[you may wish to delete this if it does not reflect what happens in practice]
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (e.g. whilst we are providing a product or service to you or whilst your business is advertising on our Website), including;
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law to comply with our legal obligations.
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal data.
- Analytics Data - deleted in 24 months
- Email Data - deleted after 2 months of inactivity
- Accounting Data - deleted after 6 years
Many of our external service providers are based outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) so their processing of your personal data will involve a transfer outside of the EEA.
These transfers are subject to special rules under European and UK data protection law.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other grounds set out in data protection law) applies:
- your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- the transfer is necessary for the performance of a contract between you and us;
- the transfer is necessary to establish, exercise or defend legal claims;
- there are adequate safeguards in place between us and the organisation receiving it (e.g. by the use of European Commission approved contractual terms); or
- you have provided explicit consent to the proposed transfer after being informed of any potential risks.
Please contact us (see ‘How to contact us’) if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
You have the following rights, which you can exercise free of charge:
|The right to be provided with a copy of your personal data
|The right to require us to correct any mistakes in your personal data
|To be forgotten
|In certain situations, the right to require us to delete your personal data
|Restriction of processing
|In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
|In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
|The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
We do not use personal data for automated decision making.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email or write to us (see ‘How to contact us’) and let us have enough information to identify you e.g. your full name and address as well as what right you want to exercise and the personal data to which your request relates.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to us (see ‘How to contact us’). However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
The EU General Data Protection Regulation also gives you right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.
This version was last updated in May 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Our contact details are:
- firstname.lastname@example.org ; or
- St Mary's House, Netherhampton Road, Salisbury, Wiltshire, SP2 8PU (for the attention of Square Meter Media Limited)
If you would like this notice in another format (for example large print) please contact us (see ‘How to contact us’).