GDPR Policy

WE RESPECT YOUR DATA

We won’t collect any personally identifiable information without first acquiring your consent to do so. Where we do wish to collect information, we will be explicit in detailing the way your information will be used so you can decide if you are happy for us to do so. We will never supply any of your details to anyone else to use for any other reason.

VISITORS TO OUR WEBSITE

When someone visits the Sipple website we use a third-party service, Google Analytics, to collect standard internet log information. We do this to find out things such as the number of visitors to various parts of our website in order to deliver a wholesome experience to visitors. This information is processed in a way which does not identify anyone. We do not make and do not allow Google to make any attempt to find out the identities of the people visiting our website without their consent.

If you are happy for us to collect more specific information about your visit you can do so by accepting our cookies and privacy policy in the pop-up on this website.

SECURITY

Sipple uses a third-party service to help maintain the security and performance of our websites. To deliver this service it processes the IP addresses of visitors to the website, however, these are anonymised before processing. We only use this information to maintain the security of our own website.

SHOPIFY

We use a content management system, Shopify, to update and maintain the content of our website. We use a standard Shopify service to collect anonymous information about users’ activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Shopify requires visitors that want to post a comment to enter a name and email address. For more information about how Shopify processes data, please see Automattic’s privacy notice.

EMAIL

We use Gmail as our email service provider. Gmail supports Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

SERVICES

We keep the details of people who have subscribed to a service on our site as long as they require that service. For example, if you subscribe to our email list we will keep your email address to provide you with information that you are interested in. When you unsubscribe we will remove you from this list and no longer contact you.

ACCESS TO PERSONAL INFORMATION

Sipple tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information we will: give you a description of it; tell you why we are holding it; tell you who it could be disclosed to; and let you have a copy of the information in an intelligible form.

To make a request for any personal information we may hold you need to put the request in writing to. Sipple. c/o Data Processing Officer, Unit 35/36, New Covent Garden, SW8 5EE.

ERASURE

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. When we are presented with an ‘erasure’ request we will evaluate each request individually with GDPR compliance in mind.

DATA PORTABILIT Y

GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine-readable format’ and have the right to transmit that data to another controller.

BREACH NOTIFICATIONS

Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This will be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

AMAZON WEB SERVERS / IT

Our website is hosted on a dedicated server with 1 and 1.

JOB APPLICATIONS

Any information you provide during the job application process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

LINKS TO OTHER WEBSITES

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

UPDATES

We keep our Privacy policy under regular review. Privacy policy last updated 12/06/2018