Reply recognises the need to comply with the GDPR and other privacy regulations. As an organisation based in the technology sector we understand and appreciate how important transparency, openness and regulating the process of handling personal data is. We want our employees to understand and minimise the risks when it comes to handling personal and sensitive data, and we want to ensure that we collect the bare minimum of what we need from clients and whenever projects require us to interact with the public.
Your rights under the GDPR
The General Data Protection Regulations came into play in May 2018. With it came certain rights you have as an individual in regards to your personal data. As we process your data you have the right to:
- Access information about how we process you personal data;
- Gain access to the personal data we hold on you;
- Ask for personal information to be corrected to avoid incorrect information;
- Request for its deletion when the data is no longer needed or deemed as unnecessary.
- Object to the processing of your data for marketing purposes.
- Request the restriction of the processing of your personal data in specific cases;
- Receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
- Request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
As summarised by the ICO you have:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
What data do we collect?
Reply collects the following data:
Emails addresses, names and phone numbers (with permission)
If you get in touch with us via the contact form on our website, some personal data is collected. For example, we ask for your name and email address so that we can respond to your query. We do ask that you don’t provide any sensitive details when contacting us initially through our website. Forms will be stored on our WordPress website, and we delete the submissions once per month for data security reasons.
Anonymous data traffic
We currently use (or will be when our new site goes live September 2020) Matomo analytics on our site to measure data traffic as an ethical way of collecting data. Matomo values privacy and data ownership and will not sell your data.
How do we collect your data?
Note: This section will be updated accordingly whenever we add new functionality on the site which may result in cookies or processing of your data. Last time this was updated was August 2020.
The specific data points below is how we collect your information.
- Cookies: we do not store cookies on our website.
- Hubspot: This is a secure industry standard platform where we keep track of new business deals and proposals. We store client company names and contact deals within the platform. Data stored on Hubspot is encrypted at rest.
- Forms sent through the website: WPForms
- Emails: Gmail
How do we use your data?
Reply collects data so that we can:
- Respond to questions or queries when you contact us via email or through our website.
- When you visit our website we collect anonymous data traffic through Matomo in order to improve the experience of our website (e.g. updating content or code if we’re seeing that people are having issues with certain pages).
- To keep in touch and collaborate with you before, during and after projects.
How do we store your data?
Reply aims to keep personal data safe and secure by ensuring we only keep a minimum, have 2 step verification enabled on all third party systems, restricted access and delete personal data after we have completed a project or no longer need the data in order to reduce the risk for our users.
Projects & contacts
- We will store data related to projects during the entire project timeline, and for up to a year after project completion. This will only be key data such as statements of work, project documentation, emails and decision logs. This is so that we can refer back to previous communication. Proposals, briefs and case studies are exempt from this, but we will anonymise and remove personal data from these where possible. Other information that is publicly available may also be kept.
- Some data will be stored for contact purposes, such as email addresses and phone numbers. We do this when there is ongoing communication between Reply, our network, and long term partners.
- If you would like to not be stored on our systems anymore – simply get in touch with us.
- We will store forms for a short period of time if you submit through these.
- The Reply team ensures that our WordPress site is up to date, safely hosted and that our user accounts are protected by strong passwords.
- We may store basic contact information like telephone numbers, email addresses and names in our internal CRM database.
- Data stored on our CRM will be public available information, or contact information you have given us.
- No sensitive information will be stored here.
Third Party Services that we use
Reply currently uses third parties in order to run our business and respond to any questions or requests. Currently we use:
- Matomo: to analyse anonymous traffic on our website
- Hubspot: our internal CRM to keep track of new businesses relations
- Email provider: Gmail
- Google Suite: for collaborative and easy working between our teams.
We currently only have cookies used for logged-in Reply staff and contractors on our website. This WordPress cookie makes sure that when we are logged in we can edit content, and ensures the system can tell the difference between people browsing the website, and staff logged into the website.
How to contact us
How to contact usIf you have any questions or data requests, please submit these to firstname.lastname@example.org.