Privacy Policy

Privacy Policy

We take your privacy very seriously!

Thanks for using our website!

Like you, we believe personal integrity is important and we take your privacy seriously. We want to ensure that we always process your personal data in accordance with legal requirements and your rightful expectations.

This Privacy Policy is relevant for any natural person sharing their personal data directly or indirectly with Allstrat Limited (“Allstrat”, “we” or “us”) when visiting our websites or using our services.

Allstrat Limited is a company established in the UK and as such, we adhere to the General Data Protection Regulation – Regulation (EU) 2016/679 and the Data Protection Act 2018.

Our registered address is 5 Castlehill Cottages, Inverness, IV2 5BA and with regard to data protection matters, we are happy to receive your questions or concerns by email to: dataprotection@allstrat.co.uk or by letter to:  Data Privacy, Allstrat Ltd, Suite 342, 8 Church Street, Inverness, IV1 1EA.

In this Privacy Policy, we explain what types of personal data we may come to process and for what purposes. We also explain the choices you have in relation to our processing and how you can learn more about our processing and exercise your rights.

SCOPE OF PRIVACY POLICY

Please note that this Privacy Policy concerns the processing of personal data for which Allstrat is the data controller, i.e. where Allstrat has decided the purposes and means of the processing.
For the avoidance of doubt, this Privacy Policy does not concern any processing of personal data that Allstrat may conduct as a data processor as a result of your use of our services.

PERSONAL DATA PROCESSED

Personal data refers to data that can be related to you as a natural person. We may  process the following types of personal data related to you:

  • Contact details such as name, e-mail address and phone number.
  • User information if you use our services, e.g. if you log in to an Allstrat online account.

Such information may include IP address, device and browser type and also information about how you interact with our services, e.g. which features are used and which buttons are clicked.  Plus. other information we receive from you through your contacts with us.

PURPOSES OF PROCESSING

We process personal data for the following purposes:

  • To provide our services in accordance with relevant terms and conditions.
  • Administration of the business relationship with you.
  • To develop and improve our services.
  • To provide you as a current or potential Allstrat customer information and offers about our services, and also from selected third parties. For the avoidance of doubt, any marketing material distributed using your personal data is sent to you as a current or potential Allstrat customer and not to you as a private individual.

SHARING WITH THIRD PARTIES AND TRANSFER TO THIRD COUNTRIES

We may share personal data with third parties for the purposes explained above. For the avoidance of doubt, we will not share personal data with third parties in a manner that enables such third parties to use personal data for direct marketing purposes.

We may transfer personal data to a country outside the EEA, but we will in such cases obtain your consent first, or ensure the transfer is legal and safe by taking other measures.  We do transfer personal data to some data processors in the USA, but only if they are registered with the EU/US Privacy Shield to protect your rights.

As explained above, please keep in mind that this Privacy Policy does not concern any data processing for which you may be responsible as a result of using our services. You, or the party you represent, are always responsible for your processing personal data in compliance with applicable law.

Information Security Practices

We take appropriate administrative, physical, and technical measures (collectively “Security Measures”) to protect your personal information from loss, misuse, unauthorised access or disclosure, alteration and destruction.

We follow generally accepted standards when implementing and maintaining such Security Measures, including, but not limited to, TLS/SSL for data in transit, encryption of data at rest, limiting unnecessary access, using encryption, monitoring for unauthorised access attempts, and mitigating activities by bad actors.

These Security Measures are periodically reviewed and, if necessary, updated to ensure they meet current and generally accepted best practices. Furthermore, only authorised personnel have access to personally identifiable information on a need to know basis. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

YOUR RIGHTS

The General Data Protection Regulation (GDPR) and Data Protection Act 2018 gives you new rights over your personal data if you are a citizen of the EU. Here is a brief statement to inform you of those rights and our obligations to uphold them.

Your Rights

  1. You have the right to be informed about how your personal data is, or will be, processed.
  2. You have the right of access to your personal data.
  3. You have the right to rectify any errors contained in your personal data.
  4. You have the right to ask for your personal data to be erased from our records.
  5. You have the right to restrict processing of your personal data.
  6. You have the right to data portability.
  7. You have the right to object to any aspect of our processing of your personal data.
  8. You have rights regarding the use of automated decision-making.

Data Protection Principles

Your personal data shall be collected and processed:

  • Lawfully, fairly and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).
  • Accurate and kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary.
  • In a manner that ensures appropriate security of the personal data.

 

It is our obligation to only process personal that is accurate, relevant, necessary taking into account our legitimate purposes, and you have the right to control that we do so.  You can find out more about your rights by visiting the website for the UK Information Commissioner’s Office at https://ico.org.uk.

To update personal data that we process about you, please get in touch with us through privacy@allstrat.co.uk.

To receive a free of charge excerpt of personal data that we process about you, please send us a physical, signed letter to Data Privacy, Allstrat Ltd, Suite 342, 8 Church Street, Inverness, IV1 1EA.

Last updated: 11th June 2018.