Privacy

Virtual Precision is committed to safeguarding your privacy. You can contact us at privacy@virtualprecision.co.uk if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.

We are working towards EU Data Protection transparency. You can view their Better Rules for Small Business infographic here.

Who we are

This privacy policy relates to: https://virtualprecision.co.uk. By using this site and/or our services, you consent to the Processing of your Personal Data as described in this Privacy Policy which forms part of our Terms and Conditions.

By agreeing to Terms and Conditions you also agree to this Privacy Policy.

In the event of collision of terms used in Terms and Conditions and Privacy Policy, the latter shall prevail.

Changes to this Privacy Policy

We reserve the right to make change to this Privacy Policy.

This page was last updated on 2nd June 2018, but will be updated regularly after GDPR has been clarified with regard to WordPress and various plugins.

Table of Contents

  1. Definitions used in this Policy
  2. Data protection principles we follow
  3. What rights do you have regarding your Personal Data
  4. What Personal Data we gather about you
  5. How we use your Personal Data
  6. Who else has access to your Personal Data
  7. How we secure your data
  8. Information about cookies
  9. Privacy Tools
  10. Contact information

Definitions

Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalised or not) – Virtual Precision

Data Protection Principlespromise

We commit to follow the following data protection principles:

and PROMISE…

  • our processing is lawful, fair, transparent.
  • our processing activities have lawful grounds.
  • to always consider your rights before Processing Personal Data.
  • to provide you information regarding Processing upon request.
  • that processing is limited to the purpose.
  • processing activities fit the purpose for which Personal Data was gathered.
  • processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  • processing is limited with a time period.
  • not to store your personal data for longer than needed.
  • our best to ensure the accuracy of data.
  • to ensure the integrity and confidentiality of data.

Your Rights

Data Subject’s rights

The Data Subject has the following rights:

Right to …

  1. information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  2. access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  3. rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  4. erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  5. restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  6. object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  7. object to automated processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  8. data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  9. lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  10. the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  11. withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

Data we gatherdata

Information you have provided us with

This might be your e-mail address, name, billing address, home address etc – mainly information that is necessary for delivering you a product/service or to enhance your customer experience with us.

We save the information you provide us with in order for you to comment or perform other activities on the website. This information includes, for example, your name and e-mail address.

Information automatically collected about you

Information stored by cookies and other session tools. For example, your shopping cart information, your IP address, your shopping history (if applicable) etc.

This is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged.

Information from our partners

We gather information from our trusted partners with confirmation that they have legal grounds to share that information with us.

This is either information you have provided them directly or that they have gathered about you on other legal grounds. See the list of our partners here.

Publicly available information

We might gather information about you that is publicly available.

How we use your Personal Data

Legitimate Grounds

data usage

We use your Personal Data on legitimate grounds and/or with your Consent in order to:

  • provide our service to you. This includes for example …
    • registering your account; (if applicable)
    • providing you with other products and services that you have requested;
    • providing you with promotional items at your request and communicating with you in relation to those products and services;
    • communicating and interacting with you;
    • and notifying you of changes to any services.
  • enhance your customer experience;
  • fulfil an obligation under law or contract;

Contractual Obligations

On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data to:

  • identify you;
  • provide you a service or to send/offer you a product;
  • communicate either for sales or invoicing;

Legitimate Interest 

On the ground of legitimate interest, we Process your Personal Data to:

  • send you personalised offers (from us only);
  • administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
  • conduct surveys concerning client satisfaction;

As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.

Consent

With your consent we Process your Personal Data to:

  • send you newsletters and campaign offers (from us only);
  • for other purposes we have asked your consent for;
  • fulfil obligation rising from law and/or use your Personal Data for options provided by law.

We Reserve the Right to …

  • anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.
  • save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than 6 years.
  • process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered.

To do this, we will ensure that …

  • the link between purposes, context and nature of Personal Data is suitable for further Processing;
  • further Processing would not harm your interests and
  • there would be appropriate safeguard for Processing.
  • we inform you of any further Processing and purposes.

Who else can access your Personal Identifiable Data partners

By default WordPress does not share any personal data with anyone. Virtual Precision does not share with strangers or sell your Personal Data. Period.

Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience.

We only…

  • work with Processing partners who are able to ensure adequate level of protection to your Personal Data.
  • disclose Personal Data to third parties or public officials if we are legally obliged to do so,
  • or if you have consented to or requested it or if there are other legal grounds for it.

We share your data with:

Our processing partners:

  • Tsohost (our hosting company). You can view their privacy policy here.
  • MailChimp (newsletters and sign up forms). All forms are GDPR compliant and you can opt-out at any time. You can view Mailchimps’ Privacy policy here.
  • WordPress (subscriber logins and comments). Virtual Precision does not allow subscriber registration. However, if you leave a comment, information is stored in our comments database. This information includes your name, email and IP address and is protected by WordFence Security.
  • Jetpack (subscribe to our blog). Keeps a list of email addresses to let you know when a new blog post has been published. You can easily unsubscribe from these emails at anytime, using the link at the bottoms of the email. You can view more information about Jetpack subscriptions here.
  • Akismet (spam protection)Requires your IP address as an abuse prevention measure in order to provide proper spam defense.
  • Capsule CRM (our customer relationship management software). You can view their data processing agreement and their privacy policy respectively.

Google

We use Google G Suite for business, Google Drive for storage, Google Chrome for browsing, Google maps, Google Sites for retainer clients, Google ReCAPTCHA for spam protection, Google Digital Garage and Google Analytics Academy for training etc., due to the privacy controls at our very own fingertips. We are affiliated as a G Suite referrer via our tools page. G Suite & Google Cloud Platform Commitments to the GDPR can be found here.

Here you can view their Data Processing and Security Terms (Customers).

You can read Google’s commitment to Business and Data Compliance here.

You can read how google is aiming for a safer internet, how they protect your data and how you can take control of your own google privacy here.

You can view their updated (May 2018) GDPR Privacy and Terms here.

Our business partners:

  • Virtual Precision do not have any additional business partners. We are sole traders / freelancers who strictly adhere to this privacy policy and our terms and conditions.

Connected third parties:

plugins

Themes and building blocks

X theme by Themeco – (does not store any Personal Identifiable Data). Virtual Precision uses the X Theme.

The only information stored are theme and plugin settings, content, and other building blocks of this website in order to allow it to function and/or report plugin conflicts.

Cornerstone by Themeco – (does not store any Personal Identifiable Data). Again this is simply a building block of the X Theme.

Jetpack 

(only the following FREE PLAN features are activated by Virtual Precision).

Akismet Anti-Spam 
Akismet collects information about visitors who comment on sites that use Akismet anti-spam. At Virtual Precision, the information Akismet collects includes: the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself, plus other non-personal information like the current time, etc.).

You can read the Akismet by Automattic’s privacy policy here.

Activity Log

This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type. 

Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity.

Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options.

Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).

Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.

The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Comment Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment.

If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.

Contact Form

Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking.

The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides).

This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Data Synced (?): Post and post meta data associated with a user’s contact form submission.

If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.

Gravatar Hovercards

Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.

Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.

Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent).

We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Sharing

Data Used: When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content.

This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed.

Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.

Subscriptions

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed).

In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI).

This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WordPress.com Secure Sign On

This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced (?): The user ID and role of any user who successfully signed in via this feature.

WordPress.com Stats

Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post.

Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country.

When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats.

This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues.

This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.).

The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honoured. Virtual Precision does NOT honour this feature.

Analytics

By default, WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. We have installed the following WordPress plugins to provides analytics services.

  • Google Analytics by themeco – (does not store any Personal Identifiable Data). This plugin is simply a placeholder which stores our personal analytics code, which enables google analytics to monitor site traffic and behaviour on our behalf for the purpose of monitoring, reporting and improvements. (see below)
  • Google Analytics – We use Google Analytics to measure traffic on our website and they have their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page. IP addresses are truncated and anonymised for reporting purposes. We can not view this information. Anonymous reporting data will be automatically removed after 26 weeks.
  • cpanel (hosting control panel). Stores visitor IP addresses in raw (AwStats) logs for a period of 30 days. You can view their privacy policy here.

Contact Forms

By default, WordPress does not include a contact form. We use Jetpack or Mailchimp contact forms on our website.

  • Jetpack Contact Form – This form collects your IP address, timestamp, name, email address, website, message, and proof of consent, so that we can correspond with you.
  • X theme email forms (connected to Mailchimp). Our email plugin directly linked to our Marketing processing partner Mailchimp.

Cyber Security

  • WordFence(All in one cyber defence security and real-time tracking).  Will track and report IP addresses to prevent brute force attacks.

Social Media

  • Social Media – if you link to us on other social media platforms using our social media icons, the information tracked (if any) will be in accordance with the respective social media platforms, over which we at Virtual Precision have no control.

Image Compression and Optimization

We use Smush Image Compression and Optimization. Smush does not interact with end users on our website. The only input option Smush has is to a newsletter subscription for site admins only.

Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.

Smush uses a third-party email service (Drip) to send informational emails to the site administrator. The administrator’s email address is sent to Drip and a cookie is set by the service.

Only administrator information is collected by Drip.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behave in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Media

We do not currently allow this facility, but if (in the future), we allow you upload images to the website, these images will be publicly accessible. You should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

How we secure your data

security

We …

  • do our best to keep your Personal Data safe.
  • use safe and secure enctrypted protocols for communication and transferring data (such as HTTPS).
  • anonymise where suitable.
  • actively monitor our systems for vulnerabilities and attacks – and security measures will regularly be updated .
  • use Wordfence Cyber Security 24/7 which is constantly scanning and monitoring brute force attacks, malware, changes to themes, plugins or unauthorised access and notifies us immediately by email to any irregularities.
  • try our best … but we can not always guarantee the security of information.
  • promise to notify suitable authorities of data breaches.
  • will notify you if there is a threat to your rights or interests.
  • will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

Please Note: If you have an account with us, that you have to keep your username and password secret.

Children

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

cookies

Cookies and other technologies we use

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users, in order to personalise and enhance your experience with us. Our cookies policy can be found here.

If you …

  • leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
  • have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year.
  • select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
  • edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

tools

Privacy Tools

Registered users or comments

You can download your data here ONLY if you have an account with us or have left a comment on our website. This tool will not work for any other reason.

Please identify yourself via e-mail

Website contact or Existing Clients

If you have used our contact form or are an existing client, please mail us  at privacy@virtualprecision.co.uk to request a copy your details, which can be securely removed at your request.

contact

Contact Information

UK Supervisory Authority

Email: ico.org.uk
Phone: +44(0)1625 545 745