Privacy Policy

Pooka & Co Ltd are committed to ensuring that your privacy is protected.

If we ask you to provide information when using this website, or if you share information when corresponding with us or when we work with you, it will only be used in accordance with this privacy policy.

This policy is updated from time to time so you should check this page regularly to ensure you are happy with the changes.

If you have any questions about this policy or would like further information on the data we hold about you, please email support@pooka.co.

We will never sell your personal data and we will only share it with other organisations we work with to deliver the services we provide where they have shown they’ll respect your privacy and security.  We will not not share your personal data with third parties for marketing purposes.

Who we are

We are Pooka & Co Ltd.  We are limited company, registered in Scotland, providing web design, development, hosting and related services. Our company registration number is SC589457. Our registered office is Studio 28, 196 Rose Street, Edinburgh, Scotland, EH2 4AT.

Our Data Controller registration number, issued by the Information Controller’s Office, is ZA326623.

Pooka & Co and Personal Data

Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address.

We will only collect personal data that we need to allow us to conduct our business, maintain our own records and accounts, and to deliver the projects and services that our clients and partners have commissioned or contracted us to deliver.

You may provide personal data to us when you submit a contact form on our website, when you contact us by phone or email, or when you commission us to deliver a project or deliver you.  Personal data may include include names, postal or email addresses, phone numbers, photographs, project documentation, usernames, passwords, databases, financial information (i.e. bank account details for billing or integration of third party payment services), or other potentially sensitive information.

In addition, we may record information about your visit to our website, such as pages viewed, length of visit and any search terms you use, in order to improve our website and offer a better user experience.

How we use Personal Data

We will only use your personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulations (GDPR 2018) and the UK Data Protection Act (1998) and Privacy of Electronic Communication Regulations.

Personal data provided to us will be used for the purposes of carrying out our core business, and keeping our clients up to date with important information related to the services we provide for them.

In addition, we are required by law to keep accurate and up to date accounts of our business transactions. When you work with us, you may be added to our accounting system.

We occasionally run marketing campaigns, but we will always ask for your consent before sending you any marketing material.

If you are contracted or employed to work with us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include contact information, health information or information relating to criminal convictions. We have responsibilities which arise from our contract of employment with staff members, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring.

Disclosure of Personal Data

In order to carry out the running of our business day to day and fulfill the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers.

These other bodies may include sub-contractors, partners, online service/systems suppliers, etc. A list of Pooka & Co’s partners and suppliers can be found here.

Pooka & Co Ltd assess the Data Protection practices of our suppliers to the best of our abilities to ensure they are GDPR compliant and, wherever possible, Pooka & Co Ltd will put Non-Disclosure Agreements (NDAs) in place with our suppliers where it is necessary to share personal client or user data with them in the process of delivering our services.  Likewise, Pooka & Co Ltd are happy to enter into Non-Disclosure Agreements with our clients to commit to the secure processing and storage of client data.

Your Rights under GDPR

Under the GDPR, where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes.

If you would like us to provide details of the information we hold for you, you can make a Subject Access Request by contacting us. There is no charge for making this request, although you will be asked to verify your identity. We will respond within 30 days of receiving your request and verifying your identity.

Please contact us in the first instance if you feel unhappy regarding any issues around the use of your personal data.

You can contact us at any time using the details below:

Email us: support@pooka.co

Call us: 0131 208 2228

Write to us:
Pooka & Co
Studio 28
196 Rose Street
Edinburgh
Scotland
EH2 4AT

Keeping your information

If you have submitted any information through our website, we will keep this data for 90 days, then delete it from our website and database. We keep email data and project files for 7 years, as required by HMRC for auditing purposes, where we may need to produce evidence of work carried out. Pooka & Co Ltd will retain data for the time periods set out below:

Emails, Correspondence and Project Files: 7 years

This is in-line with record keeping guidelines provided by HMRC. We keep emails and project files to prove work carried out actually happened and we delete emails older than 7 years.

Financial Information: 7 years

We hold financial records for 7 years, in-line with guidance from HMRC.

Website backups: 1 year

As part of its hosting agreements, Pooka & Co Ltd store secure backups of client websites to ensure the site can be restored in the event of outage or a hack.  We hold backups on a secure, third-party server to a period of up to one year.

Website submissions: 90 days

Data submitted to us via any contact form on our own website is retained in the website database for 90 days. After this period of time, the entries are deleted.

Employee Details: 7 years

We keep details of staff members for 7 years. We do this incase we need to provide references for ex-employees moving on to new jobs, or if we need to provide HMRC with details of any previous work carried out.

Corporate Records: Permanent

Our corporate records are permanently retained on the governments Companies House website.

How we secure your data

Information systems and data security is imperative to us to ensure that we are keeping your data safe. We operate and implement robust procedures for managing your data, the hardware it is present on. We only host your personal data with suppliers who have confirmed that they take your personal data security as a priority and we regularly assess these suppliers as the threat landscape changes.

We use password managers so your passwords can be shared securely. We use and enforce strong passwords and, where we store your data, we encrypt it if possible and make sure that the suppliers we use have robust attitudes to privacy and data security.

Pooka & Co Ltd endeavour to keep all both our hosted services and software up to date with the latest security patches, and protected with the latest anti-virus systems and firewalls.  In some cases, we may need to charge clients for implementing software updates to websites where implementing these would otherwise break existing client website functionality.

Wherever possible, we implement two-factor authentication on any Cloud based systems we use for the storage or processing of personal data.  All digital data held locally on the Pooka & Co Ltd’s local network and physical devices will be secured with password protection.  All physical copies of personal information (physical files, letters, etc.) will be stored in secured premises, whenever possible.

Disclosure of Information

Sometimes, when working on projects, we have to share your data with sub-contractors or other people working on the project. When we are sharing the data, we endeavour do so in such a way that access can be revoked again.

Who will see your data?

When you submit data to us, we might disclose it to parties that we work with to deliver our services. This may include :

  • Our staff
  • Contractors we work with
  • Service providers we use in administration and the delivery of our services
  • Advisors
  • Agents
  • We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.

Data Storage

Pooka & Co is based in the UK. The majority of our hosting services are also based in the UK. Some of the other data storage services we use are located in the European Union region. We do not collect or store payment information.

Our Clients’ Responsibilities for Data Privacy and Protection

Pooka & Co Ltd will work with our clients to advise on matters relating to privacy, data processing and retention.  However, we cannot take responsibility for the Data Protection practices of our clients.  It is the responsibility of all our clients to ensure that they are fully compliant with the General Data Protection Regulations (GDPR) and any other relevant privacy legislation.

Privacy Policy updated May 2018