Privicy Policy (last reviewed 17th October 2019) please click here.
2. Who Are We?
3. Words With Specific Meanings
In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:
4. Definitions of Data Controller and Data Processor
CrackerjackPA Ltd act as both the data controller and data processor. Definitions of both of these roles are provided below.
5. What this Policy describes
This policy describes how we will collect and use personal data about you.
We process information about:
6. What information do we process, and why?
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.
Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our products or services or a relevant contact for our business.
If you sign up to a newsletter list, you will be sent what you asked for. We normally operate ‘double opt-in’ lists and you will need to reconfirm your subscription before anything is sent. You can unsubscribe at any time by clicking the unsubscribe button on any email.
You are not automatically subscribed to any other lists, but you may be invited to join an appropriate one.
If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period (see table in section 2 above).
We do not routinely keep special category data. To the extent we hold this, it was supplied or made publicly available by you.
b. Client / Customer
Once you purchase from us or engage in our services, we will collect further information from you in order to complete that purchase or commence your project and provide our service.
This will include the information we collect from Prospects (see above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We process your data to support the delivery of our services to you. We keep records of the services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may require.
Some data you provide us with may be classed as special category data . We only process this data should we be required to do so in order to provide the services for which we are contracted. This data is treated with the utmost care and confidentiality, and is stored securely in accordance with our data security policy.
When you pay us via BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person or company who paid us,how muchthe payment was for, when the payment was received and the reference number.
We do not routinely accept credit card payments, keep credit scores nor use credit reference agencies.
Any credit card payments we accept would be handled by an external secure processor in accordance with their data security policies (see table in section 2 above).
We would receive limited information from our processor for us to tie up your payment with your invoice.
c. Supplier and Associates
We collect information on potential and actual suppliers and associates. This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).
If you become a supplier or associate we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.
We keep a record of the work you undertook for us/our clients along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.
This information is all needed to manage our customer relationships and our supply chain.
If we set up an affiliate scheme, affiliate data will be held in accordance with this policy. We will ask you for information when you apply and that will be kept to administer the affiliate scheme.
7. Newsletters and automated emails
We monitor who opens what in our newsletter lists, and pre-set sequences of information we send you. We do this, so we can see if content is popular and generate more of it, or if it is not read.
There may be sub-routines that trigger if you click on links or articles. These are designed to offer you more information about things you are interested in.
You can unsubscribe from these sequences at any time.
Existing customers may receive emails about specific offers relating to things you have already purchased. You can unsubscribe from these at any time.
From time to time, we contact individual email newsletter subscribers, but it is extremely rare. This would normally be if something odd were going on and we wanted to check you could see and use the content or find out what was causing a problem.
8. Data sharing - 3rd Parties
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us (at the email address in the table in section 2 above).
We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it.
For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.
For example, if we invoice you, our Accountant needs to process the information in the invoice.
Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.
9. Where is your data located?
Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.
This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We have picked mainstream suppliers with appropriate security standards.
10. Retention periods
Your information will be kept for the length of time set out in our retention period (see table in section 2 above).
We need to keep customer information long enough to satisfy HMRC and our insurers. We keep information on prospective customers long enough to make our sales enquiry system effective.
If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.
11. Your rights
Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services. GDPR provides you with the following rights:
1. The right to be informed
Should you have any questions relating to the collection and use of any data we may hold about you please contact us and we can advise with complete transparency.
2. The right of access
If you wantwould liketo know what information we have about you (if any) email us at the email address set out above and giveprovideus with your name, email address(es) and company name (if applicable), and we will happily do a search and let you knowrespond advisingwhat information we hold on you and how we are using it/have used it.
3. The right to rectification
If you are concerned that the information we keep about you may be out of date or otherwise wrong, please let us know and we will take appropriate action.
4. The right to erasure
You have a “right to be forgotten” - but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you feel for some reason we have information we should not be keeping, please let us know and we will take appropriate action.
5. The right to restrict processing
Should you wish to restrict the processing of your personal data, you may do so in certain circumstances. This is an alternative to requesting the erasure of their data. Please contact us and we will take the appropriate action.
6. The right to data portability
You have the right to request and receive a copy of any personal data we may hold about you. This is to be provided in a machine-readable format and you may use this data for your own purposes across different services.
7. The right to object
You have the right to stop your data being used for direct marketing, and to object to the processing of your personal data in certain circumstances. Please contact us and we will take the appropriate action.
8. Rights in relation to automated decision making and profiling
CrackerjackPA Ltd does not process data solely using automated processing.
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.
If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK. You can contact them here.
Company only Director(s)
Company Registration Number
ICO Company Registration Number
Email address for official notices
Data Retention Period(s)
Card and payment processor (3rd party)
names and their security policy links
Date this Policy last updated
28th August 2018
potential customers or referrers;
who have purchased or continue to purchase goods or services from us;
suppliers or potential suppliers of goods or services to us;
who have signed up to our affiliate scheme (if we have one).
Data Controller An individual, organisation, or other corporate and unincorporated body of persons who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
CrackerjackPA Ltd is the data controller of all personal data we collect and process on our own behalf.
Data Processor Any person (other than an employee of the data controller) who processes the data on behalf of a data controller.
CrackerjackPA Ltd is the data processor of all personal data that we collect and process on behalf of our clients.
“special category data”
any information about an identifiable living human being.
we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.