Privacy Notice
Data Processing Notice (‘Notice’)
Who are we?
We are UandUs Limited (‘U&US’, ‘we’, ‘us’ ‘our’). We offer branding, web development, consulting and marketing services to companies and individuals (‘Professional Services’).
Why have we taken the time to write this Notice?
We are committed to keeping personal data safe. Not just because the Law tells us to but because we think it's the right thing to do.
This Notice is designed to tell you about the information U&US collects from you when:
you use our website: uandus.co.uk (the ‘Site’)); or
when we are engaged directly to carry out Professional Services; or
we receive or gain access to your personal data when we help another company when providing them Professional Services.
What are the core principles we follow when dealing with personal data?
We are committed to looking after any personal data that we encounter. We do this by complying with the following core principles:
Lawfulness, fairness and transparency
Purposes limitation
Minimisation
Accuracy
Storage limitation
Confidentiality and integrity
Accountability
What personal data do we collect?
When we decide what personal data we collect and use (i.e. when we are Controller), we may use your personal data when:
You use our website;
We provide Professional Services directly through U&US;
We provide Professional Services to you or the business you work for.
When another party decides what personal data they are going to collect and subsequently share with us (i.e. when we are a processor), we may process your personal data when we:
provide Professional Services or generalist consultancy to other support to companies.
In instances where we are a processor, you should also review the privacy notice of the companies that have engaged U&US to understand what personal data is being collected, used and shared by them and your rights.
Browsing and interaction on any other website, including websites which have a link from our website, is subject to that website's own terms and policies.
When you use our website:
Submitting a Contact request: If you submit a query through the forms on our website, an email is sent to the Directors of U&US. Your email will then be stored in accordance with our retention periods. We use Postmark to facilitate this section of the website. As part of this process, any information that you enter into the contact us section will be stored by Postmark for 45 days, prior to being deleted. This party is based in the USA.
We expect the level of personal data entered into this form to be very limited (i.e. business email and type of services required). By using this form, you consent to your personal data being processed in this manner. You may remove this consent at any time by emailing: ric@uandus.co.uk.
Using our website: When you use our website (uandus.co.uk), we use non-personal identification information (‘cookies’) whenever you interact with our Site. The cookie contains an encrypted session ID required for the functioning of the Site. We do not use any other form of cookies.
We use Umami to collect anonymous usage statistics for the Site. Umami stores no cookies and anonymises all visitor data, stripping away any personally identifiable information (PII). No personal data is ever collected or processed. Umami fully compliant with GDPR and other privacy regulations like the California Consumer Privacy Act (CCPA).
When we provide Professional Services:
When we are engaged directly by a company to provide Professional Services, we may receive some or all of the following personal data:
Names;
Contact details;
People's roles and titles;
People's working hours and availability;
People’s thoughts and opinions (personal, about work, about people, about life generally);
Any special category data you choose to share with us (i.e. that you are ill and need to defer a meeting);
Other personal data that is shared with us to allow us to complete our work;
Information about the challenges the company might be facing;
Names and details of clients or customers of the company to which we are providing Profession Services that are required to allow us to fulfil our responsibilities and provide the aforementioned Professional Services.
Our legal basis for collecting this personal data is a combination of contract and legitimate interest. Our legitimate interest for collecting is to help us tailor and provide effective Professional Services to clients and effectively solve the tasks they have provided.
Finally, where we provide web development and marketing services, we may have access to a wide range of personal data. When we carry out this type of work, we do so under the instruction of another company and work hard to ensure that we comply with their privacy notices and data protection policies. The personal data that we have access to in this process could include all personal data held by the relevant company.
U&US’s legal basis for collecting this personal data is to fulfil the contract (i.e. to allow us to carry out the engagement) and it is retained for as long as required by the contract we entered into with these parties. Where this is under our control, this is usually either deleted / access is suspended at the completion of a contract or retained for up to 7 years (or longer were required by our clients).
Special Category Data
In some cases, we may also collect and use special category personal data. Such information will be used only for the purpose of carrying out our services. We work hard to ensure any special category data is processed in a way that minimises the risk of a data breach or harm to the individual.
Who do we share your personal data with?
Given the size and operation of the business, we do not share your personal data routinely, however the following people may have limited access to your personal data from time to time:
· Our outsourced accounting and tax advisors.
Automated Processing
We do not use any automated means to process personal data.
Data security
We have put in place security measures to mitigate the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those parties, agents, contractors and other third parties who have a business need to know. These parties will only process your personal data on our instructions and we ensure they are subject to a duty of confidentiality.
We do not allow our third-party service providers to use your personal data for their own purposes.
We may be compelled by law to disclose personal data we hold about you to a third party and have limited control over how that personal data is protected by that party.
We have put in place procedures to deal with any suspected data breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights in connection with personal information
You have the following rights under the Data Protection (Bailiwick of Guernsey) Law, 2017:
Right to data portability: right to request the transfer of your personal information to another party.
Right of access to your personal information (i.e. ‘subject access request’). This enables you to receive a copy of the personal information U&US hold about you.
Right to object to processing of your personal data: i.e. where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes or if data were being processed on grounds of public interest or for historical or scientific purposes.
Right to rectification of the personal data: This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
Right to erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Right to restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to be notified of rectification, erasure and restrictions.
Right not to be subject to decisions based on automated processing.
If you want to exercise any of these right, please contact ric@uandus.co.uk.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact ric@uandus.co.uk.
Your right to complain
If you have a complaint about how we have handled or processed your personal data, we would prefer it if you contact us directly in the first instance (ric@uandus.co.uk), however you can also contact the Office of the Data Protection Authority (‘ODPA’) directly at the following address:
Block A
Lefebvre Court
Lefebvre Street
St Peter Port
GY1 2JP.
You can also make a complaint via their website.
Changes to this privacy notice
We may update this Privacy Notice at any time, and we will publish any new versions of it on our website. We may also notify you in other ways from time to time about the processing of your personal data. This Privacy Notice was last updated on 12 September 2024.