Privacy

Virtual Precision is committed to safeguarding your privacy. Contact us at privacy@virtualprecision.co.uk if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.

By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy which is a part of our Terms and Conditions.

By agreeing to Terms and Conditions you also agree to this Privacy Policy.

In the event of collision of terms used in Terms and Conditions and Privacy Policy, the latter shall prevail.

Changes to this Privacy Policy

We reserve the right to make change to this Privacy Policy.

This page was last updated on 22nd May 2018, but will be updated regularly after GDPR has been clarified with regard to WordPress and various plugins.

Table of Contents

  1. Definitions used in this Policy
  2. Data protection principles we follow
  3. What rights do you have regarding your Personal Data
  4. What Personal Data we gather about you
  5. How we use your Personal Data
  6. Who else has access to your Personal Data
  7. How we secure your data
  8. Information about cookies
  9. Privacy Tools
  10. Contact information

Definitions

Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalised or not) – Virtual Precision

Data Protection Principlespromise

We commit to follow the following data protection principles:

and PROMISE…

  • our processing is lawful, fair, transparent.
  • our processing activities have lawful grounds.
  • to always consider your rights before Processing Personal Data.
  • to provide you information regarding Processing upon request.
  • that processing is limited to the purpose.
  • processing activities fit the purpose for which Personal Data was gathered.
  • processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  • processing is limited with a time period.
  • not to store your personal data for longer than needed.
  • our best to ensure the accuracy of data.
  • to ensure the integrity and confidentiality of data.

Your Rights

Data Subject’s rights

The Data Subject has the following rights:

Right to …

  1. information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  2. access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  3. rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  4. erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  5. restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  6. object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  7. object to automated processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  8. data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  9. lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  10. the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  11. withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

Data we gatherdata

Information you have provided us with

This might be your e-mail address, name, billing address, home address etc – mainly information that is necessary for delivering you a product/service or to enhance your customer experience with us.

We save the information you provide us with in order for you to comment or perform other activities on the website. This information includes, for example, your name and e-mail address.

Information automatically collected about you

Informationstored by cookies and other session tools. For example, your shopping cart information, your IP address, your shopping history (if applicable) etc.

This is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged.

Information from our partners

We gather information from our trusted partners with confirmation that they have legal grounds to share that information with us.

This is either information you have provided them directly with or that they have gathered about you on other legal grounds. See the list of our partners here.

Publicly available information

We might gather information about you that is publicly available.

How we use your Personal Datadata usage

We use your Personal Data in order to:

  • provide our service to you.
    • This includes for example registering your account;
    • providing you with other products and services that you have requested;
    • providing you with promotional items at your request and communicating with you in relation to those products and services;
    • communicating and interacting with you;
    • and notifying you of changes to any services.
  • enhance your customer experience;
  • fulfil an obligation under law or contract;

We use your Personal Data on legitimate grounds and/or with your Consent.

On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:

to…

  • identify you;
  • provide you a service or to send/offer you a product;
  • communicate either for sales or invoicing;

On the ground of legitimate interest, we Process your Personal Data for the following purposes:

to…

  • send you personalised offers (from us only);
  • administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
  • conduct surveys concerning client satisfaction;

As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.

With your consent we Process your Personal Data for the following purposes:

to…

  • send you newsletters and campaign offers (from us only);
  • for other purposes we have asked your consent for;
  • fulfil obligation rising from law and/or use your Personal Data for options provided by law.

We..

  • reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.
  • save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than 6 years.
  • may process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered.

To do this, we will ensure that:

  • the link between purposes, context and nature of Personal Data is suitable for further Processing;
  • that further Processing would not harm your interests and
  • there would be appropriate safeguard for Processing.
  • we inform you of any further Processing and purposes.

Who else can access your Personal Identifiable Data (PID)partners

We do not share your Personal Data with strangers.

Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience.

We only…

  • work with Processing partners who are able to ensure adequate level of protection to your Personal Data.
  • disclose Personal Data to third parties or public officials if we are legally obliged to do so,
  • or if you have consented to or requested it or if there are other legal grounds for it.

We share your data with:

Our processing partners:

  • Tsohost (our hosting company). You can view their privacy policy here
  • cpanel (hosting control panel). Stores visitor IP addresses in raw (AwStats) logs for a period of 30 days.
  • MailChimp (newsletters and sign up forms). All forms are GDPR compliant.
  • WordPress (subscriber logins and comments). Virtual Precision does not allow subscriber registration. However, if you leave a comment, information is stored in our comments database. This information includes your name, email and IP address and is protected by WordFence Security.
  • Jetpack (subscribe to our blog). Keeps a list of email addresses to let you know when a new blog post has been published. You can easily unsubscribe from these emails at anytime, using the link at the bottoms of the email. You can view more information about Jetpack subscriptions here.
  • Akismet (spam protection).
  • Google ReCAPTCHA(spam protection).

Our business partners:

  • Does not apply to Virtual Precision. We do not have any additional business partners. We are sole traders / freelancers who strictly adhere to this privacy policy and our terms and conditions.

Connected third parties:plugins

  • X theme by Themeco – (does not store any Personal Identifiable Data). Virtual Precision uses the X Theme. The only information stored are theme and plugin settings, content, and other building blocks of this website in order to allow it to function and/or report plugin conflicts.
  • Cornerstone by Themeco – (does not store any Personal Identifiable Data). Again this is simply a building block of the  X Theme.
  • Jetpack (only the following FREE PLAN features are activated by Virtual Precision).
Activity Log

This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type. 

Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity.

Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options.

Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).

Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.

Comment Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment.

If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.

Contact Form

Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking.

The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides).

This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Data Synced (?): Post and post meta data associated with a user’s contact form submission.

If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.

Gravatar Hovercards

Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.

Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.

Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent).

We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Sharing

Data Used: When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content.

This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed.

Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.

Subscriptions

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed).

In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI).

This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WordPress.com Secure Sign On

This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced (?): The user ID and role of any user who successfully signed in via this feature.

WordPress.com Stats

Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post.

Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country.

When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats.

This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues.

This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.).

The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honoured. Virtual Precision does NOT honour this feature.

  • Google Analytics by themeco – (does not store any Personal Identifiable Data). This plugin is simply a placeholder which stores our personal analytics code, which enables google analytics to monitor site traffic and behaviour on our behalf for the purpose of monitoring, reporting and improvements. (see below)
  • Google Analytics – We use Google Analytics to measure traffic on our website and they have their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page. IP addresses are truncated and anonymised for reporting purposes. We can not view this information. Anonymous reporting data will be automatically removed after 26 weeks.
  • Contact Form 7 – (does not store any Personal Identifiable Data). Our contact page plugin. They do not store PID details on our database, instead they simply send your supplied details and email to our email address at virtual precision via https.
  • X theme email forms (connected to Mailchimp). Our email plugin directly linked to our Marketing processing partner Mailchimp.
  • WordFence(All in one cyber defence security and real-time tracking).  Will track and report IP addresses to prevent brute force attacks.
  • Social Media – if you link to us on other social media platforms using our social media icons, the information tracked (if any) will be in accordance with the respective social media platforms, over which we at Virtual Precision have no control.

How we secure your data

security

We …

  • do our best to keep your Personal Data safe.
  • use safe and secure enctrypted protocols for communication and transferring data (such as HTTPS).
  • anonymise where suitable.
  • actively monitor our systems for vulnerabilities and attacks and security measures will be updated regularly.
  • use Wordfence Cyber Security 24/7 which is constantly scanning and monitoring brute force attacks, malware changes to themes, plugins or unauthorised access and notifies us immediately by email to any irregularities.
  • try our best … but we can not always guarantee the security of information.
  • we promise to notify suitable authorities of data breaches.
  • will notify you if there is a threat to your rights or interests.
  • will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

If you have an account with us, note that you have to keep your username and password secret.

Children

cookies

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

Cookies and other technologies we use

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users, in order to personalise and enhance your experience with us. Our cookies policy can be found here.

tools

Privacy Tools

You can download your data here ONLY if you have left a comment on our website. This tool will not work for any other reason.

Please identify yourself via e-mail

Contact Information

contact

UK Supervisory Authority

Email: ico.org.uk
Phone: +44(0)1625 545 745

Google

Virtual Precision uses Google G Suite for business, G Drive for storage, Chrome for browsing, maps, Google Sites for retainer client websites, Digital Garage and Analytics Academy for training etc., due to the privacy controls at our very own fingertips.

We are also affiliated as a G Suite referrer via our tools page.

You can read how google is aiming for a safer internet, how they protect your data and how you can take control with your own google privacy here.

You can also view their updated (May 2018) GDPR Privacy and Terms here.