At Faculty Creative Ltd., Wessex House, Upper Market Street, Eastleigh, Hampshire SO50 9FD (“Faculty”, “our”, “us” or “we”), the data controller, we regard the fair and lawful treatment of personal information as a critical factor in the success of our operations and a key to the maintenance of the confidence that exists between those with whom we deal and ourselves. We therefore acknowledge our legal obligations under the new EU regulations and endorse its requirements.
We therefore collect three types of data:
Information that you voluntarily provide
We collect personal data when you provide it to us:
Information that you provide by filling in forms on our website, which includes information provided at the time of registering to use our website, subscribing to our newsletter, and reporting a problem;
Information provided via electronic means of communication, i.e. when you contact us, we may keep a record of our correspondence;
Information regarding an enquiry from you about our products or services.
Information collected from your computer or your electronic device by our website
As with most websites, the following non-personal data is routinely collected during visits to our website and use of our online resources. This information may include the name of your internet service provider (IP address), the website that directed you to our website, browser and/or device type, date, time and length of your visit. This information cannot be used to personally identify visitors. When collecting and processing your IP address, the latter will be fully anonymised right after collection by deleting the last three figures. That way we are no longer able to identify you as a person. We will delete the IP address within no more than 12 months.
Strictly necessary cookies
Strictly necessary cookies are first-party session cookies that are essential in order to enable you to move around this website and use its features. Without these cookies services you have asked for cannot be provided. They are used to store a unique identifier to manage and identify you as unique to other users currently viewing the website, in order to provide you with a consistent and accurate service. These cookies will not be used to gather information that could be used for marketing purposes or to remember your preferences or ID outside a single session.
Within this category we may use third-party social plug-in content sharing cookies (for members of a social network who have already logged in) which do not track users.
The performance cookies are first-party session or persistent cookies. These cookies collect information about how you, as a visitor, use this website, for instance which pages you go to most often, and if you get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.
Within this category we use Google Analytics [cookie names: _ga, _gid, _gat].
Use of personal information
We collect, store and process your personal information as described above, primarily to provide you with safe, smooth, efficient, and customised experience, and specifically, for the following business-related purposes:
Security of personal information
We are committed to make sure your information is protected. Once we receive your information, we use various security features and strict procedures, taking into account industry standards, to ensure the privacy and confidentiality of data and personally identifiable information. We maintain physical, technical and administrative safeguards that comply with regulatory requirements. Specifically, we use a combination of firewall barriers and authentication procedures to prevent unauthorised access to your data and to our systems. We also enforce physical access controls to our buildings and files.
We authorise access to your personal data only for those employees who require it to fulfil their job responsibilities and provide benefits, goods or services to you. We educate our employees about the importance of confidentiality and maintaining the privacy and security of your data.
Data storage and retention
We take appropriate technical and organisational measures, both at the time of the design of the processing system and at the time of the processing itself, in order to maintain security and prevent unauthorised processing.
Your personal information will be retained by our company for as long as is necessary for the specific purpose or purposes for which it was collected, unless a longer retention period is required or permitted by law. When we no longer need personal information, we securely delete or destroy it.
Disclosure of information to third parties
In order to provide our services, some of the information we collect may be required to be disclosed to third parties and other entities within our organisation. We may disclose personal information in order to respond to your requests or inquiries, or when necessary to fulfil the services they provide to us such as software, system, and platform support, cloud hosting services, etc.
We may also share personal information when we are required to comply with legal obligations and respond to requests from governmental agencies. This includes exchanging data with other organisations for the purposes of fraud prevention and anti-money laundering measures.
We may share your personal information if we believe it’s reasonably necessary to protect the rights, property and safety of our company or its customers.
We do not collect or compile personal information for dissemination, rent or sale to external parties for their marketing purposes without your explicit consent.
Links to other websites
Cross border transfers of data
We are committed to adequately protecting your personal information regardless of where it resides and to providing appropriate safeguards for your data where the latter is transferred to recipients located outside of the EEA.
Rights of data subjects
Whenever we process your personal data, we take reasonable steps to ensure that it is kept accurate and up to date for the purposes for which it was collected. With respect to the information related to you that ends up in our possession, and recognising that it is your choice to provide it to us, we commit to giving you the ability to do all of the following:
Right to access.
You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else within our group might have received the data; and how long it will be stored.
Right to correction.
You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate.
Right to “be forgotten”.
You may request that we erase or cease processing your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
Right to object.
You have the right to lodge a complaint with the appropriate supervisory authority if you have concerns about how we processes your personal data.
Right to portability.
When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller.
Right to opt-out.
You can opt-out of receiving electronic marketing materials from us at any time. This can be done through your account settings, by clicking the “unsubscribe” link in any email communications which we might send to you, or by contacting our DPO. Please note that this might take a few days.
Reasonable access to your personal data will be provided at no cost within a month upon receiving your request to the DPO at firstname.lastname@example.org. If access cannot be provided within the aforementioned time frame, we will provide you with the exact date when the information will be provided.
Data Protection Officer (DPO)