For the purposes of the UK General Data Protection Regulation 2021 PIN Creative Limited trading as PIN Creative is the data controller.
This policy (together with our Terms and Conditions) and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you may provide to us, will be processed by us.
In the normal course of our business we collect personal information to enable us to conduct business with you.
The table below details the information we collect from you to enable us to meet your requirements of PIN Creative. All the information is submitted by you to PIN Creative mostly through completing forms on our website.
|Why we collect information||What personal information we collect|
|You are an existing client||Organisation or individual name
You submit your details on our website https://www.pincreative.co.uk to:
Name on payment card
Payment card number
Payment card expiry date
Payment card cvc
Under the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your personal information is delivering our contract with you if you are a contracted client receiving branding advice.
All our other services the lawful bases we rely on for processing your personal information is your consent when you input your personal details on our website https://www.pincreative.co.uk/ to receive or access one or more of the following:
- Insights and Stories newsletter
- Brand Lab workshop
- Create your Brand Course
- Book an Action Call
We use third party cloud-based services to securely store your information to enable you to:
- Receive the Insights and Stories newsletter
- Attend the Brand Lab workshop
- Access the Create Your Brand course
- Book an Action Call
If you are a client we will store your details securely in our cloud-based accounting system, Xero, to enable us to invoice you.
The table below details the cloud-based systems used, the country data is stored in and how GDPR compliance is maintained. Standard Contractual Clauses (SCC’s) are specific clauses designed by the EU and adopted by the UK’s ICO that can be included in contracts with companies storing data in countries that do not have an adequacy agreement with the ICO. An adequacy agreement with a country says the county’s data protection regulations provide an equivalent level of protection as the UK’s.
|Personal Information||Cloud service||Country||GDPR compliance|
|Active Campaign LLC||USA||SCC’s|
|Thinkific Labs Inc
|First & Last Name
|Payment card data||Stripe Inc||USA||SCC’s|
|Invoicing data||Xero Limited||New Zealand||Data Adequacy|
We keep your personal data for 1 year after your last contact with us unless you became a client. Client data is kept for 7 years after we last invoiced you to comply with UK company and tax laws. After each data retention period expires we will securely delete your data from the above systems.
Additional anonymised information is collected by us indirectly from cookies on our website https://www.pincreative.co.uk to make the website work and work more efficiently, analyse how our website is used and to improve your visitor experience. Cookies are small text files that are placed on your computer by you visiting our website.
Anonymised information means you cannot be identified as a living person from this information.
The table below shows which companies place cookies on your computer and where the data is stored, why and the GDPR compliance of the company.
|Company||Country||Cookie Purpose||GDPR compliance|
|Google Inc||USA||Distinguish between humans & bots||SCC’s|
|Vimeo||USA||Distinguish between humans & bots||SCC’s|
|Cookiehub||Iceland||Stores your consent for cookies on our website||EU GDPR|
|Google Analytics||USA||Records analytics on your use of the website||SCC’s|
|AddThis (Oracle Inc)||Ireland||Records your pages visited on our website, allows you to share your experience on social media and registers that you shared content on social media||EU GDPR|
|Vimeo||USA||Records which pages you have visited||SCC’s|
|ActiveCamapign LLC||USA||Integrates the Stripe payment platform, Calendly||SCC’s|
Under data protection law, you have rights including:
Your right of access
You have the right to ask us for copies of your personal information.
Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing
You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us using the contact details at the start of this document if you wish to make a request.
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the start of this document and we will endeavour to resolve your complaint to the best of our ability.
You can also contact the ICO if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk