GDPR & Data Retention Policy
Rouge Media Ltd. is committed to protecting the privacy and personal data of individuals using our website design services. This policy outlines how we collect, process, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR).
Definitions
Personal Data: Any information that relates to an identified or identifiable individual.
Data Subject: An identified or identifiable individual to whom personal data relates.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: An entity that processes personal data on behalf of the controller.
Lawful Basis for Processing Personal Data
We will only collect and process personal data if we have a lawful basis under the GDPR. The lawful bases for processing personal data include:
- Consent: We will obtain explicit consent from individuals before processing their personal data for specific purposes.
- Contractual Necessity: We may process personal data to fulfill our contractual obligations with clients or to take pre-contractual steps at the data subject’s request.
- Legal Obligation: We may process personal data to comply with legal obligations imposed on us.
- Legitimate Interests: We may process personal data based on our legitimate interests, provided they are not overridden by the individual’s interests or fundamental rights and freedoms.
Types of Personal Data Collected
We may collect and process the following types of personal data:
- Contact information (name, email address, phone number)
- Client-specific information necessary for project management and communication
- Website usage data (cookies, IP address, browser type)
- Other relevant personal data provided voluntarily by individuals
Purposes of Processing Personal Data
We will process personal data for the following purposes:
- Providing website design services to clients
- Communicating with clients and responding to inquiries
- Improving our services and enhancing user experience
- Complying with legal obligations
- Marketing and promotional activities with explicit consent
Data Subject Rights
We respect the rights of individuals regarding their personal data and will provide the necessary mechanisms to exercise those rights, including:
- Right to access: Individuals can request access to their personal data held by us.
- Right to rectification: Individuals can request correction or update of inaccurate or incomplete personal data.
- Right to erasure: Individuals can request the deletion of their personal data, subject to certain legal obligations.
- Right to restrict processing: Individuals can request the restriction of processing of their personal data under specific circumstances.
- Right to data portability: Individuals can request a copy of their personal data in a structured, commonly used, and machine-readable format.
- Right to object: Individuals can object to the processing of their personal data in certain situations.
- Right not to be subject to automated decision-making: Individuals have the right to not be subject to decisions based solely on automated processing, including profiling.
Data Security Measures
We have implemented appropriate technical and organizational measures to ensure the security of personal data we process. These measures include:
- Regular data backups and secure storage
- Access controls and authentication mechanisms
- Data encryption in transit and at rest
- Regular security assessments and audits
- Employee training on data protection and confidentiality.
Data Retention
We will retain personal data for as long as necessary to fulfil the purposes outlined in this policy or as required by law.
Updated 3rd November 2024