PLEASE READ THESE TERMS CAREFULLY AS THEY APPLY TO THE SERVICES WE PROVIDE TO YOU
This policy was last updated: 18th February 2022
ABOUT THIS POLICY
These terms and conditions represent a legally binding contract between Mary Rietz Design (“Mary Rietz Design”) and you (the “Client”) and shall apply to all contracts for services by the Company.
We will take all reasonable steps to ensure that personal information is safeguarded and kept in accordance with the law. We take additional measures when holding the data, including sensitive data, of those under 16 years of age.
Mary Rietz Design may change this policy from time to time and without notification.
WHO WE ARE
OUR ROLE AS DATA CONTROLLER
Where we manage personal data, we identify as a Data Controller and recognize and act on our obligations under applicable data protection laws. For any issues relating to data protection, the person responsible is Mary Rietz.
If you have any concerns about how we handle your data, please get in touch to let us know the details. You can do this by sending an email to firstname.lastname@example.org.
WHAT PERSONAL DATA DO WE COLLECT?
Information that you provide to us is retained and processed in accordance with USA data protection legislation. This includes data given to us from the following interactions:
We retain copies of emails so that we can communicate effectively with you and on the basis of being legitimate to our business interests.
We may keep records of phone calls to us that include personal data about you to enable us to fulfill any contractual obligations or where the data is for our legitimate business needs.
When completing our ‘Contact’ Form we will collect your name and email address as well as your message or details of your project. We will use these details to contact you and provide details of our services or deal with general inquiries. Data is held on the grounds of being legitimate to our business interests.
We are active on social media and have accounts on Behance, Facebook, Instagram, LinkedIn, and Twitter. We do not store any identifying information obtained through social media channels although we may communicate with you through our accounts. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site. These are available as follows:
- Behance: https://www.adobe.com/uk/privacy/policy.html
- Facebook: https://www.facebook.com/privacy
- Instagram: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Twitter: https://twitter.com/en/privacy
We may ask you for a testimonial in relation to our services that may be used on our website, social media, or in printed material. Personal data that identifies you will only be published with consent.
How do we use your data?
We may use the information we collect from you in the following ways:
- To administer and improve our website;
- To allow us to respond to communications sent to us;
- To record transactions in relation to our services;
- To send you notifications or information you have requested from us;
- To provide third parties with statistical information about our users;
- To ask for feedback or testimonials;
- To deal with inquiries and complaints about our services.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
INFORMATION WE GET FROM OTHER SOURCES
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.
We share your data with a limited number of third parties who are involved with the delivery of our service. Disclosure will usually be on the basis of fulfilling a contractual obligation to you, or where it is for our legitimate business interest (to manage the business). We may ask for your consent in limited circumstances.
We may also disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise, or defend our legal rights, or if otherwise legally permitted.
We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us or as a Joint Data Controller.
Social media platforms
Communication, engagement, and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the Privacy Policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Mary Rietz Designs may use social sharing buttons to share web content on social media. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Mary Rietz Designs does not accept payment for services via this website and does not store or process payment data on physical servers. Financial details are not shared with any third party.
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory, and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.
Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
We take appropriate steps to ensure safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
RIGHTS OF DATA SUBJECTS
Mary Rietz Design recognizes data subjects’ rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
Subject access requests
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Mary Rietz Design. We will endeavor to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by sending an email to email@example.com
Right to rectification
Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful – data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to request the transfer of their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you should contact us in the first instance by emailing your request to firstname.lastname@example.org
We will report any unlawful breach of data as required by data protection law within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control, has been compromised. This applies to any data which we have authorised to be processed by third parties as data processors. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.
Our website is not marketed at those under 18 years old and we will take appropriate steps to delete any personal data of individuals less than 16 years of age that has been collected on our website upon learning of the existence of such data.
Jurisdiction and Governing Law