At MAXX Design we take your privacy seriously and this privacy statement explains what personal data or information we collect from you and from people who visit our website and how we use it. We would encourage you to read the information below.
MAXX Design is a registered company (03071832) and our registered office address is: 2 Toomers Wharf, Canal Walk, Newbury Berkshire, RG14 1DY. MAXX Design is a registered data controller (ICO registration number Z8314696).
We may collect personal data about clients, prospective clients, job applicants, our current and former employees, and suppliers. The personal information we collect may include your name, address, email address, IP address, and information regarding what pages you access on this website and when.
We collect personal information about you when you:
We collect your personal data or information to operate the business effectively and provide you with a high-quality service. We may use your information:
We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the business, our contractual requirements to deliver the agreed services, and our legal obligations, both as a business and responsible employer. The exception is for sending email marketing, which we carry out on the basis of consent. If you would like to know more, please read below:
As a client, we will hold the following information about you:
We store your information in our online CRM, which hosts data on secure servers based in the UK, and on our own secure servers hosted in the UK. We may also hold paper copies of your information stored in the Newbury Office. Communications with you will be stored in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
We will retain your details for the duration of our relationship with you, then for 7 years after. We will retain financial records for 6 years, following the end of the current financial year.
As a prospective client, we may hold the following information about you:
We store your information in our online CRM, which hosts data on secure servers based in the UK, and on our own secure servers hosted in the UK. We may also hold paper copies of your information stored in the Newbury Office. Communications with you will be stored in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
Where our relationship with you does not progress beyond the enquiry or proposal stage, we will retain your details for a maximum period of 2 years.
When you apply for a job with us, we may hold the following information about you:
We store your information on our internal systems to help us manage recruitment and on our secure servers based in the UK. We will also store communications with you relating to the interview process in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
We will retain your personal data relating to the review, interview and selection process for a minimum period of 6 months and a maximum period of 1 year after the interview date.
When you work for us, we may hold the following information about you:
We store your information in our HR system on their secure servers based in the UK and in hard copy in a secure filing cabinet in the Newbury office. We will also store communications with you in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
We will retain your personal data for the duration of your employment and for a period of 7 years after you leave MAXX Design. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed by the business for reference purposes. We share your information with HMRC, and our chosen pension / benefits providers. Information about Directors of the business will be held indefinitely for historical purposes.
When you sign up to or join us at an event run by MAXX Design, we may hold the following information about you:
We store your information in our online CRM, which hosts data on secure servers based in the UK, and on our own secure servers hosted in the UK. We may also hold paper copies of your information stored in the Newbury Office. Communications with you will be stored in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
We will retain your information for the duration of preparing for and running the event, and for a maximum period of 2 years after the event has taken place.
When you sign up to or receive our e-newsletters or subscribe to our blog, we may hold the following information about you:
We store your information in our online CRM, which hosts data on secure servers based in the UK, and on our own secure servers hosted in the UK. We also store your basic information in Campaign Monitor in order to run our campaigns and any other communications with may have with you will be stored in our email system, which we use G:Suite to manage.
We currently use third-party online tools:
We respect your privacy and will always offer you the opportunity to amend your marketing preferences and give you the choice to opt-out in every email. If you opt-out of all marketing communications from MAXX Design and we have no other reason to process your personal data, we will only retain minimal information (name and e-mail) on a suppression list to ensure that we do not send you further information.
We review our marketing databases regularly and if we have not heard from you over a 3-year period, we may seek to confirm that you still wish to receive marketing communications from us.
When you work with the business as a supplier, we may hold the following information about you:
We store your information in our online CRM, which hosts data on secure servers based in the UK, and on our own secure servers hosted in the UK. We may also hold paper copies of your information stored in the Newbury Office. Communications with you will be stored in our email system, which we use G:Suite to manage. We will store your financial information in Xero.
We currently use third-party online tools:
We will retain your information for the duration of our relationship with you and for 2 years after the last purchase we made with you.
We do not sell or rent your personal data or information to any third party or share your information with third parties for their own marketing purposes.
We will disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime.
We may pass your information on to third party service providers, agents or subcontractors for the purposes of completing a task or providing services to you on our behalf (e.g. managing email marketing campaigns). However, we disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for other purposes.
Third party service providers who act as data processors on our behalf:
Your personal information in the European Economic Area (EEA) is protected by data protection laws; but other countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland. MAXX Design uses online tools that host data outside of the EEA. Prior to selecting such tools, we review their privacy policy and check that the company is signed up to the EU-US Privacy Shield agreement. Companies who have signed up to this agreement commit to securing personal data in line with EU data protection legislation.
You have certain rights over the processing of your personal information by MAXX Design. These are:
We ask for your consent to send you direct marketing information, and will always provide you with the opportunity to amend your preferences or to opt-out of receiving future marketing communications from us.
The accuracy of your information is important to us. If you change your contact details or if you want to update any of the information we hold on you, please email us at: [email protected] or by post at: 2 Toomers Wharf, Canal Walk, Newbury, RG14 1DY.
You have the right to ask for a copy of the personal information MAXX Design hold relating to you. To do this please contact [email protected] or by post at: Data Protection Manager, 2 Toomers Wharf, Canal Walk, Newbury, RG14 1DY.
You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office
When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on our internal systems.
MAXX data is primarily stored in the UK. Off site backups are taken at regular intervals but are kept for no more than 90 days, these are kept within the EU. Remote staff will have access to MAXX data who may not reside in the EU, however no permanent copies of the data is taken by staff outside of the EU. Any data removed from the EU is for the minimum required time to resolve an operational issue and then deleted.
People who can access MAXX services and data:
Our hosting providers store MAXX project data, produce and keep rotational off-site backups for no more than 90 days. We secure the hardware with various leading technological measures such as keeping them patched at all times and automated scans for vulnerabilities, intrusions or unauthorised modifications. All sites also have web application level firewalls to block external attacks via CloudFlare. If we receive a specific request to delete an individual’s personal data we will remove the information if appropriate. Our back up cycles are 90 days, so the individuals details will be fully purged from our system after the 90 days has expired.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Our website uses a content management system to allow us to update content and images. Our site is hosted at Rackspace in London and uses Cloudflare to provide a secure barrier that provides complete DDoS protection. The hosting is run by an infrastructure management company called M Group contracted by Maxx Design Ltd to manage the servers and their operation
We use Google Analytics to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. The User and Event Data Retention within Google Analytics is set to ‘Do Not Automatically Expire’. Google Analytics data will be stored indefinitely, subject to acceptance and interaction of Google Analytics cookies.
Cookie Names:
_ga, _ga, _gid, AMP_TOKEN, _Gac_<property-id>, _utma, _utmt, _utmb, _utmc, _utmz, _utmv
Purpose:
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information, including IP address, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
More Information:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Cookie Names:
_cfduid
Purpose:
The _cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis
More Information:
Cookie Names:
APISID, HSID, LOGIN_INFO, PREF, SAPISID, SID, SSID, VISITOR_INFO1_LIVE, YSC
Purpose:
Google set a number of cookies on any page that includes a Youtube video. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Youtube users, including information that links your visits to our website with your Google account if you are signed in to one.
More Information:
https://www.youtube.com/static?template=privacy_guidelines&gl=GB
Cookie Names:
_hjIncludedInSample
Purpose:
Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample that is used to generate funnels.
More Information:
https://www.hotjar.com/legal/policies/privacy
Cookie Names:
BizoID, UserMatchHistory, Bcookie, Lang, lidc
Purpose:
Deliver personalised ads to your LinkedIn account
More Information:
https://www.linkedin.com/legal/privacy-policy
Cookie Names:
Wow.anonymousID, Wow.schedule, Wow.session, Wow.utmvalues
Purpose:
The cookie tracks company IP’s, website history and additional contact info which is provided from a variety of data sources.
More Information:
https://www.communigator.co.uk/privacy-policy/
Cookie Names:
Numerous Cookies
Purpose:
Used for authentication, security, advertising, analytics and measurement
More Information:
https://www.facebook.com/about/privacy/update
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for our website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website
To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
Our website works better with cookies enabled. Our cookies don’t give us, or anyone else, access to your personal data. We advise you to keep cookies enabled. However, you can choose to reject cookies. There are instructions on how to delete cookies (http://www.aboutcookies.org.uk/managing-cookies) on the ‘About Cookies’ website.
For more information about how Maxx Design Ltd processes data, please view their Privacy Policy (https://www.maxx-design.co.uk/privacy-policy). For more information about how Cloudflare processes data please view their Privacy Policy (https://www.cloudflare.com/security-policy/).
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for our website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website
To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
We use Hotjar to understand how you use our website and make improvements. Hotjar may collect and process information which is automatically and passively collected, whilst you navigate through and interact with the content on our website, together with information on your device or computer (such as cookies). The sole purpose of passively collecting your information is to improve your experience when using our website
Through the Hotjar code embedded on our website, the information collected and processed includes:
Device-specific data
The following information may be collected related to Your device and browser:
User interactions
Log data
For a sampling of visitors, Hotjar’s servers automatically record information which is collected from our website and Hotjar’s website. This data includes:
Cookies
Our website uses the Hotjar cookies identified above to collect non-personal information including standard internet log information and details of your behavioural patterns upon visiting our site. This is done to enable us to provide visitors to our website with a better experience, identify preferences, diagnose technical problems, analyse trends and generally to help improve our website.
We use GatorLeads, which is a tool that identifies the business or organisation that website visitors belong to, based on a reverse IP Lookup. GatorLeads also use cookies to process this identification, and personal information about individual users is stored. Cookies used by GatorLeads store information about your current web browsing session (pages viewed, time on site etc) and the dates and times of previous website visits.
We use this information to profile website visitors, in order to better understand the way in which our website content is viewed by different segments.
We use Facebook on our website to enable us to track activity on the website and send relevant marketing communications. Facebook uses the data to record demographic information, for example, location, age, job, data you have made available on your profile.
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
To contact MAXX Design with a data protection query regarding the processing of your personal data, please email [email protected]
We keep our privacy notice under regular review. This privacy notice was last updated on 03/05/2018.