Introduction
This Privacy Policy explains in detail the types of personal data we collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
From time to time we may need to update this Privacy Policy. We will announce changes on our website, blog, Social Media and through notifications in MyAccount.
If you have any questions, please get in touch.
Updates to this document
This policy is regularly revised and amended where necessary to reflect legislative and operational requirements.
| Date |
Comment |
| 4th May 2018 |
Initial published version of this policy |
| 19th July 2019 |
Changes to the Customer Logon log details to reflect that client application and operating system details are now recorded. |
| 24th May 2022 |
Changes to the data recorded in the security log (formerly the customer logon log). |
Who is Calzada Media?
Calzada Media Limited is a limited company registered in England & Wales, registered number 07793929. Our registered office is situated at 2 Mars Drive, Wellingborough, Northamptonshire, NN8 1RJ
For simplicity throughout this Policy, “we” and “us” means Calzada Media Limited. “You” and “Your” means any visitor or user of our websites and our services. “Customer” means any person, group of people or organisation that have registered a customer account with Calzada Media Limited. “Policy” means this privacy policy. “MyAccount” means our online customer portal.
Legal bases we use
We are governed by English law, and where applicable, European law. The law and regulations on data protection set out a number of reasons whereby a company may collect and process your personal data. We are a registered organisation with the United Kingdom Information Commissoner's Office.
Consent
In specific situations, we can collect and process your data with your consent. For example on Customer account signup or when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual Obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you register a domain with us, we’ll collect your name and address details and pass them to the organisation we use to register the domains and by extension the relevant domain registrar.
Legal Compliance
If the law requires us to, we may need to collect and process your data. For example, we need to retain accounting details for accounting and tax compliance.
Legitimate Interest
In specific situations, we require your data to pursue our legitimate interests in a way which might be reasonably expected as part of running our business and which does not impact your rights, freedoms or interests. For example, we may combine the search history of users to identify trends and ensure we can deliver required content or develop new products or services.
When do we collect your personal data?
- When you visit any of our websites
- Use your account to buy products and services
- Redeem vouchers online
- When you create an account with us.
- When you contact us by any means with queries, complaints etc.
- When you ask one our staff to email you information about a product or service.
- When you engage with us on social media (Twitter, Facebook etc.)
- When you choose to complete any surveys or feedback requests we send you
- When you comment or review our products, services or website content
- When you fill in any forms. For example, if you use our online contact us form.
- We collect data from publicly available sources (such as Land Registry, Companies House) when you given your consent to share information or where the information is made public as a matter of law.
What sort of personal data do we collect?
Customer Account
If you have a customer account with us – whether it was registered online, by telephone or manually created at your request by a member of our staff – we store: your name, organisation (if applicable), gender, billing and delivery addresses, orders, receipts, invoices, email and telephone numbers.
For your security and our own security and compliance requirements, we keep a record of all security actions for your account. Security actions include:
- Individual logons and their duration
- Password resets and changes
- Account activations
- Acceptance of legal documents like the Terms and Conditions of Use
- Changes of username and status
We use this data for security auditing and the detection of unexpected logons and other security actions. An unexpected logon is where someone logs into an account from a previously unrecorded device or location. An unexpected logon may be an indicator that someone has gained unauthorised access to your account.
The data we record includes:
- The security action (logon, password reset etc)
- IP address of the client or visitor computer
- Website session Id
- Initial logon date and time
- The name of the application used - this is typically a web browser like Chome, Mozilla Firefox or Internet Explorer
- The operating system of the client computer.
- Date and time of last activity for that logon session.
We store this data for 1 year after which it is automatically deleted. This log does not include a record of pages or content viewed or any actions you may have performed. Customers may review the contents of this log at any time through MyAccount.
Copies of documents provided for security or identity purposes
Where the law requires us to do so, we may retain copies of any documents you provide to prove your age or identity. This may include your password and driver’s licence. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
Copies of documents provided for business reference
We may retain, where there is a legitimate interest to do so, copies of any business or credit references you provide when creating a customer account.
Payment Transaction Information
If you pay online through one of our payment providers we will store the payment transaction information supplied to us by our payment provider. This includes a transaction Id and the payment date. We do not store any payment card information.
If you pay by BACS, or any other bank transfer method, we will store the unique Id and any reference for the payment transaction.
If you pay by cheque or postal order, we will retain the name of the payer as well as any cheque or postal number for our records.
Website cookies
Information gathered through the use of website cookies. Learn more about cookies and how we use them.
Website visits
To deliver the best possible web experience, we collect technical information about visits to our website. These include the type of web browser you use and the country or region where you are located.
Search history
We store a record of all searches made through our website’s search engine. We do this to identify trends and interests of our visitors and to improve services and content. We do not store any personal identifiable information (PII) unless you are a customer who has Do Not Track disabled.
If you are customer who has disabled Do Not Track, we also record your unique customer ID against a search query record if you are logged in. This feature exists for customers who wish to use our optional opt-in Search History tool available through MyAccount. These request records are automatically anonymised after 28 days.
Page requests
We store a record of every page requested on our website. We do this to improve and enhance the experience of our visitors and to measure business performance. We do not store any personal identifiable information (PII) unless you are a customer who has Do Not Track disabled.
If you are customer who has disabled Do Not Track, we also record your unique customer ID against a page request record if you are logged in. This feature exists for customers who wish to use our optional opt-in Web History tool available through MyAccount. These request records are automatically anonymised after 28 days.
Google Analytics
We use Google Analytics on our website to track visits and activity of visitors. This is done so that we can improve and enhance the experience of our visitors and also to measure business performance. No personal information is gathered or stored during this process. Google Analytics stores data relating to your computer type, web browser type and the region or country you are visiting from.
Social media username
If you interact with us through social media channels, we may store your social media username to assist us in responding to your questions, comments and feedback.
Hosted web and email service requests
If you are a hosting customer who is using our standard mail services, we are required to store certain personal data to comply with the Data Retention Regulations 2009. We record a log of every request made by you to our mail servers but not the content of the message themselves. A request is defined as every access made by you to our servers irrespective of its purpose.
We do not access this logged data except for diagnostics, troubleshooting and support purposes.
Learn more about email message data retention and how we implement it.
How and why we use your personal data?
We use your personal data to give you the best possible customer experience and to satisfy our legal requirements as limited company. We only store data that that we believe to have a legitimate need to store and process.
If you want to change how we use your data or to find out what data we may hold on you, please see “What are my rights?” section below.
Processing your orders
We need your personal details to process orders made using our websites, by telephone or face-to-face. If we don’t have these personal details, we are not able to process your order and comply with our legal obligations.
Responding to questions, comments, requests and complaints
We need selected personal details to accurately respond to questions, comments, requests and complaints.
We may also keep a record of these to inform any future interaction with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interest in providing you with the best customer service and understanding how we may be able to improve our products and services.
Protect from illegal activities
We may record your personal details to protect our business and your account from fraud or any other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We do this as part of our legitimate interest.
Protect our websites and systems
We monitor general browsing activity on our websites to allow us to quickly identify and resolve any problems and to protect the integrity of our websites, systems and services. For example, we record your IP address when you login to identify and track potential fraudulent logins. We do this as part of our legitimate interest.
Payment Processing
We store personal data to process payments and prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
Informing you of Changes and System Maintenance
With your consent, we will use your personal data to keep you informed of changes to our services, changes to legal documents (like this Privacy Policy), and any changes, upgrades or maintenance that may affect or products and services. We do this to deliver the best possible experience to our customers.
Search & web history
With explicit customer consent – Do No Track must be turned off in MyAccount, by default it is enabled – we will record the details of any searches made on our website or website pages visited. These services are not enabled by default. We offer this service to registered customers to improve their experience when using our websites. Registered customers may manage their Search and Web Histories at any time through MyAccount.
Develop, test and improve our systems, products and services
We may use your personal data to develop, test and improve the systems, products and services we provide to you. We will do this on the basis of our legitimate business interests.
Legal and contractual compliance
We will store your personal details to satisfy our contractual or legal obligations.
Additionally, we will share your personal data with law enforcement or a court of law when we are legally bound to do so – for example when a court order has been issued to share data.
How do we protect your data?
At Calzada Media we take data security and protection very seriously. Within Calzada Media, access to personal data is strictly limited to those that have legitimate business requirement.
Data Storage
Customer information including invoicing records is stored within a secure online database with multiple level of protection in place.
Furthermore, we retain paper copies of important documents – for example invoices – at our offices.
We not store any credit, debit or payment card information. All card and electronic payment are handled by our payment providers.
Secure Connections
All connections to our websites and online services are protected by SSL encryption. This is sometimes referred to as ‘https’ technology.
Account Protection
Online access to customer accounts – via MyAccount – is password-protected and via SSL encryption.
Account Password
We do not actually store individual account passwords. We use a widely adopted and recommended technique called salted password hashing. This stores your password using one-way encryption. Once stored, we are unable to decrypt account passwords.
Updates, upgrades and monitoring
We regularly update our servers and systems to ensure they have the latest patches and upgrades to guard against known vulnerabilities and attacks.
Our systems are also regularly maintained and upgraded to ensure we are using the latest software and to ensure overall system health.
Our servers and systems are subject to regular monitoring to check for possible failures, vulnerabilities and attacks.
How long will we store your data?
Whenever we collect or process personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. The length for which we retain data is subject to contractual, compliance and legal obligations.
At the end of that retention period, your data will be deleted.
Hosting Customers Data
For our hosting customers, we will delete any website files, databases, email messages and any other hosted data from our servers within 30 days of the expiry of the hosting product or service. We aim to delete this data within 7 days. It may take upto 30 days for the files to be purged from data backups.
Who do we share your personal data with?
We sometime share your personal data with trusted third parties. We do this only to satisfy our contractual obligations to you and any legal obligations we may have.
How do we protect your shared data?
When we share your data it is done purely to deliver a service or product you have ordered.
We provide only the information required to perform their specific services
We only share the data for the purpose it was originally intended for
Domain Registrations
For customer who have registered, renew or transferred a domain with us, we will share limited personal data with our domain registration partner, Mesh Digital Ltd. In turn, Mesh Digital Ltd may be required to share some personal data with the individual domain registries.
Hosted Microsoft Exchange
For customer who use our Hosted Microsoft Exchange (or Hosted Exchange) services, we will share selected personal data with our hosted exchange partner, Giacom World Networks Ltd that is required for service configuration and use.
Marketing and data insight
We do not share personal data with any third party organisation for marketing or data insight purposes.
Fraud and illegal activities
We may share personal information about potentially fraudulent or fraudulent or illegal activity in our systems. This may include share data about individuals with law enforcement bodies.
Legal Obligations
We may be required to disclose your personal data to the police or other enforcement, regulatory or government bodies upon the receipt of a valid request to do (for example, a court order). These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
Where is my personal data processed?
As a general principle, we aim to store and process personal data within the United Kingdom. There may be occasions when we need to share your personal data with third parties and suppliers outside the European Union (EU).
Any transfers of your personal data will follow applicable laws and we will treat the information under guiding principles of this Privacy Policy.
Data shared within the EU
If we share your data with a third party within the EU, the protection of your data will be subject to the EU data protection regulations as in UK. From 25th May 2018, this will be the General Data Protection Regulation (GDPR.
Data Shared outside of the EU
We may need to share personal data with third party suppliers outside of the EU. For example this might be necessary to fulfil your order, process a payment or provide support services.
If we do this, we will only share your personal data to parties we trust to treat your data with the same level as protection as it has within the EU.
Google Cloud
We may store personal data within Google Cloud. We use Google Cloud to store company data that is not held within our online database. Google has its’ own compliance commitments to data protection viewable at https://cloud.google.com/security/gdpr/
What are your rights over your personal data?
You have rights under law to access the personal data we hold about you.
Your rights
You have the right to request:
- Access to the personal data we hold about you (a charge may be applicable).
- The correct of your personal data when incorrect, incomplete or inaccurate
- That we stop using your personal data for marketing or communications
- That we stop any consent-based processing of your personal data once you have withdrawn consent.
- Review by a member of staff of any decision made solely on the automatic processing of your data. I.e. where the outcome of a process has not been reviewed or critiqued by a human
- The right to request a copy of the data we hold about you (see section “Request a copy of the information we hold” below)
Request a copy of the information we hold
You have the right to request a copy of the information we store about you at any time and also to have the information corrected if it is inaccurate.
To ask for this information, please either
We may charge a reasonable fee for this service. If we choose not to action your request, we will explain the reasons for our refusal.
Correcting inaccurate information
You have the right to correct inaccurate information. To amend your information, please use either MyAccount or contact our support team.
Checking your identity
To protect the confidentiality of your information, we will ask you verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to act or submit a request on your behalf, we will ask them to prove they have your permission to act.
Your right to withdraw consent
Whenever you have given us consent to use your personal data, you have the right to change your mind and withdraw consent at any time.
Where we rely on legitimate interest and legal obligations
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have legitimate overriding reason or legal obligation to continue processing your data.
Informing you of changes and system maintenance
You have the right to stop the use of your personal data for communications about changes to products and services, and maintenance and upgrades to our systems. We must always comply with your request. Changes to consent may be easily done via MyAccount.
Direct Marketing
You have the right to stop the use of your personal data for direct marketing activities via any change (email, social media, post etc). We must always comply with your request. Changes to consent may be easily done via MyAccount.
How can you stop the use of your personal data for communications and direct marketing?
Direct marketing communications
There are several ways to stop receiving any marketing communications from us:
- If you have a customer account, log into MyAccount and change your preferences
- Click on the “unsubscribe” link in any email communication we send you.
- Write to use at Data Protection, Calzada Media Limited, 2 Mars Drive, Wellingborough, Northamptonshire, NN8 1RJ
Changes and system maintenance
Communications regarding product and service changes and system maintenance are only sent to customers. You may opt to stop receiving these communications by:
- Log into MyAccount and change your preferences
- Click on the “unsubscribe” link in any email communication we send you.
- Write to us at Data Protection, Calzada Media Limited, 2 Mars Drive, Wellingborough, Northamptonshire, NN8 1RJ
Please note that you may continue to receive communications for a short period after changing preferences while our systems are fully updated.
Security, Order, Invoice and Payment Communications
We will send you email messages concerning account security, orders, invoices and payment confirmations irrespective of you opting out of direct marketing communications or system maintenance information. We send these messages to you on the basis of our legitimate business interests and/or to satisfy our legal and contractual obligations.
Contacting the Regulator
If you feel your personal data has been handled incorrectly, or you are unhappy with our response to any requests you have made to us in respect of your personal data, you have the right to lodge a complaint with the UK data protection regular, the Information Commissioners Office (ICO).
You may contact the ICO by:
- By telephone: 0303 123 1113
- Online at www.ico.org.uk/concerns (link opens in new tab/window; please note we cannot be held responsible for the content of external websites.)
If you live outside the UK, you may have the right to lodge a completing with the relevant data protection regulator in your country of residence.
Any Questions
If you have any questions that have not been covered by this Privacy Policy, please contact us: