Some key terms are defined as follows, and throughout this document:
The way in which we store data, process data and run our business is done in a GDPR compliant manner. Upon request we can provide details of data flow, a data inventory, a data breach policy, an employee dismissal log, details on the employee security training we have in place and more. Please follow the instructions in the contact section below to request any information not present in this policy.
In short, we only gather Personal Data we need, we only keep it for as long as is needed, we only use it for what we state below, you can request to correct/edit/remove it, we store it securely, we do not pass it to third parties unless otherwise stated and we aim to be transparent with how we use Personal Data.
SCRUMPY Ltd is a 'processor' of Personal Data; we (primarily) host vacation rental websites with built in CMS and online booking functionality.
SCRUMPY Ltd stores Personal Data for our clients for the purposes of supporting the business contract we engage with them upon them signing up for our product.
SCRUMPY Ltd may store what can be considered Personal Data on prospective clients, we take every precaution to make sure data gathered on prospective clients is strictly for business to business sales purposes.
SCRUMPY Ltd is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of any clients we may work with.
SCRUMPY Ltd collects information, including Personal Data, for the following purposes:
Your consent to this policy (where requested) is tracked.
This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject).
The services of SCRUMPY Ltd are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
The use of our website or system by an individual classes them as a 'legitimate interest', visiting the site is enough to identify this, data associated with an individual's visit needs to be processed for efficient site operation. Any data collected will be used in a conservative way to help maintain the individual's rights & freedoms.
In the course of providing the website hosting services, SCRUMPY may receive, access, analyse, process and maintain Personal Data on behalf of its clients.
We determine the types of Personal Data that will be collected and used within the system, how it will be used and disclosed, and how long it will be stored. For any questions relating to how your Personal Data is used by us which are not covered in this policy, please contact us directly via email: firstname.lastname@example.org.
System Usage Information is collected, including information about how you are accessing and using our sites and systems. Usage information may also be used to investigate and prevent security issues, abuse and fraud.
We may collect personal data from you through our Website (scrumpy.co.uk), social media, over the phone, and other channels for the following purposes:
Responding to your enquiries: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and offerings.
Informing you about offerings: We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.
To Understand and Improve our Services and Website Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
We collect Personal Data via our signup form, over the telephone and via other channels to be able to put together websites for our clients. We store Personal Data relating to user access for the websits we build, and all the data a customer will store with us including Guest Personal Data, Subscribers, Visits, Enquiries and more.
We use a number of third party tools & services (sub-processors) that Personal Data may be sent to, including:
We have different timeframes on various elements of Personal Data that we hold dependent on its purpose. Once we no longer need to retain your Personal Data, we will make sure that it is deleted or anonymised.
We retain Personal Data provided for subscriptions indefinitely as these records form important financial evidence for tax purposes. We can at request de-personalise subscription data, we may not be able to do this if we still need said Personal Data for tax or other legal purposes.
As a matter of practice, SCRUMPY Ltd does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.
We may transfer or disclose Personal Data as follows:
We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage, hosting services and customer support software tools.
SCRUMPY Ltd may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of SCRUMPY Ltd's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
SCRUMPY Ltd and the providers we use may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
SCRUMPY Ltd may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
If you are a client of SCRUMPY Ltd you can request a signed DPA from our help centre or by contacting us.
In short, the personal data you provide to us can be provided upon access, we protect it to the best of our ability, we can amend it for you upon request and remove it from our systems upon request.
If you have any complaints, concerns or queries about how we manage Personal Data, please contact us by emailing email@example.com. If you are in the European Union you have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
If we receive a request from an individual to access or update Personal Data we have collected we will endevour to respond to said request.
If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction and removal of your Personal Data by submitting a request to us via our contact form. We may request certain Personal Data for the purposes of verifying your identity.
SCRUMPY Ltd takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see the Security Practices section; we keep that section updated as these practices evolve over time.
As a business both we and the third parties we trust, follow good security practices to help keep Personal Data secure.
SCRUMPY is hosted on Amazon Web Services. As such, SCRUMPY Ltd inherits the control environment which Amazon maintains. In short web servers and databases run on servers in secure data centers.
SCRUMPY encrypts all customer data input into our website and into our system, data stored in the system is encrypted at rest. Communications between you and SCRUMPY (our website) are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.
Access to Personal Data is limited via a user management system controlled within our website's content management system, management system and CRM. We ensure that anyone with access to Personal Data at SCRUMPY Ltd has an awareness of GDPR & good security practices.
In the event of a Personal Data breach we will endevour to notify the relevant legal authorities and inform the effected individuals within 72 hours of identifying said breach. If you believe you have discovered a personal data breach please contact us using the details below immediately.