Confidentiality – Data Collection and GDPR considerations
To deliver the Contemsa service, we need to collect the following information:
- CONTEMSA takes reasonable and appropriate measures to protect data shared and submitted through the Contemsa website.
- CONTEMSA will not sell or share data. Data is only collected in order to enable the delivery of the Contemsa service to users.
- Non-identifiable data is sometimes collected to track user activity – such as page views, login times and regularity, using services such as Google Analytics.
- The purposes of our data processing:
|Type of activity||Type of information||Purpose|
|Newsletter sign-ups||Email address||We collect email contact information through sign ups to newsletters on our website, making it clear to individuals signing up that by signing up they agree to receive email marketing communications from us.|
|Contemsa member information||Email address, First Name, Last Name||We collect contact information for the users/subscribers to the Contemsa online service so that we can create accounts for them and enable them to log into their Contemsa portal, access our tools and receive the emails from us with our tools output documentation attached.|
|Purchases from the Contemsa Website||Name, Last Name, Address, Email Address|| When purchasing through our website, WooCommerce (our shop software) collects customer addresses to calculate VAT and tax values. This information is not shared with any third parties and is only used for the purpose of processing the payment. We use PayPal as a payment gateway which collects some of your data in order to process your payment, find out more here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full |
Contemsa does not take or store any payment information from you – this is all handled by PayPal.
|Cookies and website analytics information||Browser cookies and browsing activity on our website (but not linked to specific individuals or personal data)||We collect cookies and analytics from how users use our website in order to look at how we can improve the user experience. We don’t collect personal data through this and do not use it for any other reason than improving our website.|
- A description of the categories of individuals and categories of personal data.
We collect the following categories of data about our customers in order to process payments:
- First name
- Last name
- Email address
- Shipping Address – for calculating tax on purchases
- The categories of recipients of personal data.
We do not share our customers’ data with any third parties for any reason other than delivering our core service to our customers.
The data we collect through our website is stored on our hosted servers, delivered by Siteground, who are GDPR compliant: https://www.siteground.com/blog/siteground-is-gdpr-compliant/
Our hosting services are delivered from Siteground’s datacentres in the UK. In the unlikely event that these datacentres experience a failure, then our services would be transferred to Siteground’s datacentres in Amsterdam.
- Details of transfers to third countries including documenting the transfer mechanism safeguards in place.
Data is only transferred out of the UK by our hosting providers in the event of a datacentre failure, at which point services would transfer to their closest datacentre in Amsterdam.
- Retention schedules.
When a user cancels their service with us we delete their account and user information.
If you wish to cancel your account and user information with us, then please email us at hello@Contemsa.com
- A description of your technical and organisational security measures.
We take the security and privacy of our customers’ data very seriously. We have a number of measures in place:
- We limit the login attempts to the Contemsa portal
- We install security plugins to check security and highlight any potential threats
- We host our services with a GDPR compliant hosting provider who takes security very seriously (see their specific security measures: https://www.siteground.com/kb/how_does_siteground_protect_my_website/)
- We have controls in place so that only users who have created or inputted data can access that data
- We have security on the PDFs we create through the Contemsa tool to timeout after a certain amount of time and to only allow access to a user with a specific IP address who originally created the PDF
- Our portal is delivered with SSL encryption (https)
- We do not store any payment information and instead use PayPal, a respected payment processor, to handle and manage any payments
- We regularly update the software running on our websites
- We have 2 factor authentication for logging into hosting admin accounts
- We enforce the use of secure passwords across the site
We use WooCommerce, a WordPress plugin to take payments and orders. We collect information about you during the checkout process on our store.
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 2 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.