General Data Protection Regulation.
GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens. The UK is expected to enforce the full range of GDPR requirements.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security
Providing Visitors with Anonymous Access
You can access our website without disclosing your personal data.
The services and links of our website
Our website does not enable site-visitors to communicate with other visitors or to post information that can is accessed by others.
Automatic Collection of Information – Cookies
Cookies are small text files that are placed on your computer by websites that you visit and are commonly used to make websites work, or work more efficiently. They also provide information to the owners of the site.
The list below explains the cookies we use and why.
Google Analytics – these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited.
See Google’s privacy page here.
Session – this is the unique identifier for the user’s browsing session, so the website knows who they are, what the last page they visited was, etc (important for ensuring when someone clicks on a content link, the content is displayed in the correct navigational context).
Cube Lab website cookies are only used to identify the visitor, not to identify any specific visitor traits and do not store any sensitive data.
We do not automatically log personal data nor do we link information automatically logged by other means with personal data about specific individuals. We do automatically log user’s IP address and session information such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics which we use to evaluate the use of the website.
Most web browsers allow some control of most cookies through their browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Data Collection and how we use your data
We collect some personal data that you may give us while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than the specific services such as feedback forms.
Under the terms of GDPR, The Cube Lab will only ever collect, store and process personal data (e.g. contact details, email addresses). We may also potentially store social media and email login details but we will only retain these for the duration of the project after which they will be deleted). We will not collect, store or process data that is labelled as sensitive under GDPR.
We do not disclose your personal data to other organisations.
Confidentiality / Security
We have set up various security policies and rules to protect the personal data that we have under our control from:
• unauthorised access and modification
• improper use or disclosure
• unlawful destruction or accidental loss
All our employees, freelancers and data processors who have access to personal data are obliged to respect the confidentiality of our clients’ and web-visitors’ personal data. We ensure that any personal data will not be disclosed to State institutions and authorities except if required by law or other regulation.
All personal data is stored on a third-party, cloud-based system called FreeAgent for storing information and is kept for accounting purposes only. See Freeagent for more information.
Any data collected for specific projects are held on Asana, a cloud-based task management system that adheres to GDPR rules and can be contacted asana.com.
Other, project-related data is held on our in-house drives and is accessed only by password.
We will update our Privacy and Cookie Policies along with our Terms and Conditions so that you can see exactly how, why, where and for how long we may be processing and holding your data.
Basis and consent
By becoming a client of The Cube Lab, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In other words, in order for you to benefit fully from using our services, we will need to process some of your data.
However, in order to keep you up to date with helpful tips, events and exciting news, we will need your explicit consent. We’ll make sure it’s obvious how and where you can agree to this, and we’ll allow you to easily change your mind.
Security is a priority in everything we do while developing and delivering projects. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of the threats.
Access to the personal data we may hold about you
You can ask us whether we are keeping personal data about you upon request, which you can indicate by sending an email to email@example.com or calling 01392 215400.
We will provide you with a copy of the personal data which we keep about you, usually within a week but within 30 days at most– although we will require proof of your identity.
We allow you to challenge the data that we hold about you and, where appropriate, you may have the data erased, rectified or amended. We reserve the right to refuse to provide our visitors with a copy of their personal data but will give reasons for our refusal. We do, however, allow you to challenge our decision to refuse to provide you with a copy of your personal data.
Maintaining your privacy is really, really important to us. You can rest assured that we have your best interests at heart.
The Cube Lab is based in Exeter, Devon, so we ultimately answer to the UK Information Commissioner’s Office (ICO) regarding Data Privacy and Protection. We register annually with the ICO under agreement number ZA060463.
Despite all our best efforts, should the unthinkable happen and we suffer a significant data breach that puts your personal data at risk, we have a legal duty to report this to the ICO within 72 hours of discovery.