Privacy Policy

This Privacy Policy applies to individuals and organisations who use our services, provide us information via any one of our online forms and send us enquiries and complaints in relation to services provided by us.

This Policy explains what data we process, why, how it is legal and your rights.

About Souter Point and this Privacy Policy

Souter Point Limited, a company registered in England and Wales, provides management consultancy activities under company number 09871760. This Privacy Policy is provided by Souter Point Limited (‘Souter Point’ or ‘we’ or ‘us’) who is a ‘controller’ for the purposes of the Data Protection Legislation. We take your privacy very seriously. We ask that you read this Privacy Policy carefully as it contains important information about our processing and your rights.

How to contact us

If you need to contact us about this Privacy Notice, use the details below.

Data Protection Officer: Gareth Richards
Address: 46 Brookbank Close, Cheltenham, GL50 3NB, United Kingdom
Email: gri@souterpoint.com

Changes to this Privacy Policy

The latest version of the Privacy Policy can be found at https://souterpoint.com/privacy-policy/. We may change this Privacy Policy from time to time. We will alert you on the website when changes are made.

Useful words and phrases

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Policy.

CONTROLLER: This means any person who determines the purposes for which, and the manner in which, any personal data is processed.

CRIMINAL OFFENCE DATA: This means any information relating to criminal convictions and offences committed or allegedly committed.

DATA PROTECTION LAWS: This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018 and any other national laws related to data protection.

DATA SUBJECT: The person to whom the personal data relates.

ICO: This means the UK Information Commissioner’s Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.

PERSONAL DATA: This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

PROCESSING: This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, consulting or holding it organising, adapting or altering it disclosing, disseminating or otherwise making it available aligning, blocking, erasing or destroying it.

SPECIAL CATEGORIES OF DATA: This means any information relating to:racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, trade union membership, physical or mental health or condition, sexual life, genetic data or biometric data for the purpose of uniquely identifying you.

What personal data do we collect?

While you visit our site, we’ll track:

Pages you’ve viewed: we’ll use this to, for example, determine which pages are visited by the largest number of visitors
Location, IP address and browser type: we’ll use this for purposes like determining the reach of our marketing campaigns

We’ll also use cookies as web beacons (single pixel gifs) embedded in emails we send to collect opening rates, clicks and other data.

When you purchase from us, we’ll ask you to provide information including your name, billing address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

Send you information about your account and order
Respond to your requests, including refunds and complaints
Process payments and prevent fraud
Comply with any legal obligations we have, such as calculating taxes
Improve our service offerings
Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 2 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Why do we process your personal data?

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful‘ for further detail).

CONTACT AND ACCOUNT DETAILS: So we can administer your account with us, including contacting you about the Services you have purchased from us or the Services you sell through us. (CONTRACT)

PAYMENT DETAILS: To enable secure payments to be made for services purchased. (CONTRACT)

MAILING LIST REQUEST: So that we may keep you updated on developments, promotions and other areas of interest that you have given us explicit consent to contact you about. (CONSENT)

ENQUIRIES AND COMPLAINTS: To assist and respond to your enquiries and complaints about us and our services. (CONSENT)

COMMENTS: To fulfil your request to post a publicly accessible comments. (LEGITIMATE INTEREST)

ADVERTISING AND WEBSITE USAGE: To provide our third-party advertisers with information used for the following purposes: delivering targeted advertisements to specific visitors, storing user identifiers, and collecting anonymous ad platform statistics. (LEGITIMATE INTEREST)

How is processing your personal data lawful?

We are allowed to process your personal data for the following reasons and on the following legal bases:

Contract

It is necessary for our performance of the contract you have agreed to enter with us to use our Services. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of the contract.

Consent

Where you have given us consent to do so, we will use your data for specific purposes which are optional, such as marketing. You can withdraw your consent at any time (see section ‘Your Rights’ for more information).

Legal Claims

We need to process your personal data to defend or establish a legal claim (for example, claims relating to the sale of our products under contract law).

Legitimate Interests

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests (see the section ‘Your Rights’ to find out how).

Who will have access to your personal data?

We use the following categories of suppliers to support us in delivering our Services who will process your personal data: webhosting and cloud service providers. We take steps to ensure that these suppliers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our suppliers, please contact us using the details at the section ‘How to Contact Us’.

Data Retention: Log data (IP address, geographical data, user agent, operating system, device type) is stored for 30 days. The unique user ID is stored in cookies and is retained for 1 year.

Various cookies are used for the following purposes: storing user identifiers and collecting anonymous ad platform stats.

Transfers of your personal data outside the UK and the European Economic Area (EEA)

We do not transfer your personal data outside of the UK or European Union.

How we keep your personal data secure

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing.

We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.

Personal data collected through web forms, purchases and offline sources such as expressly given consent to process data through another platform is stored in cloud-based storage solutions based in the UK and EU. All cloud-based storage solutions are certified to ISO 27001 for their Information Security Management Systems as well as ISO 20000 for their IT Service Management Systems.

When will we delete your data?

In relation to the processing activities covered in this Privacy Policy, the following categories of personal data and special categories of data will be kept for the following periods:

CONTACT AND ACCOUNT DETAILS: Indefinite unless a request to delete is submitted by the data subject

ORDER DETAILS: Six years following purchase

COMMENTS: Indefinite unless deleted

ENQUIRIES AND COMPLAINTS: 60 days after completed but longer if we need to retain complaint information for legal claims in relation to our services

LOG DATA: Held for 30 days

COOKIES: Retained for 1 year

Your rights

You have the following rights under the Data Protection Laws:

the right to object to processing of your personal data
the right of access to personal data relating to you (known as data subject access request)
the right to correct any mistakes in your information
the right to ask us to stop contacting you with direct marketing
the right to prevent your personal data being processed
the right to withdraw your consent
the right to erasure

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see ‘How to contact us’).

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed ‘How is processing your personal data lawful’.

Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

a copy of the personal data
details of the purpose for which the personal data is being or is to be processed
details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers
the period for which the personal data is held (or the criteria we use to determine how long it is held)
any information available about the source of that data
whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please contact us (see section ‘How to Contact Us’). You can also click on the ‘unsubscribe’ button at the bottom of our marketing emails. It may take up to five days for this to take place.

Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
the processing is unlawful but you do not want us to erase your data;
we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
you have objected to processing because you believe that your interests should override our legitimate interests.

Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing that requires use of that personal data.

You can ask us to erase your personal data where:

you do not believe that we need your data in order to process it for the purposes set out in this Privacy Policy
if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data
you object to our processing and we do not have any legitimate interests that mean we can continue to process your data
your data has been processed unlawfully or have not been erased when it should have been

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Policy and if you do not think that we have processed your data in accordance with this notice you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on its website at www.ico.org.uk.

Cookie Policy

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.