As a company processing your personal data, we are regulated by the General Data Protection Regulation (GDPR). This page is intended to keep you informed about what we do with the personal data we process.
What information we collect when you visit our website
When you visit our website we collect some information about you to help us run the site.
Information is collected in three ways:
- Automatically in our server logs, to help us keep the site reliable and secure. This includes your IP address and browser type, and which pages are visited. We use Solarwinds’ Papertrail to manage those logs, and may keep them for up to a year.
- If you give your consent, using Google Analytics to help us improve the content and design of the website. This also includes IP address, browser type and pages visited, along with some extra information about the technology you use. We don’t use it to gather demographic information.
- If you leave a comment on the website we will store your email address and may send you emails about follow-up comments. We store those email addresses in a database service from DigitalOcean and use Wildbits’ Postmark for those notifications.
- We may collect your IP address, browser type, operating system, and the page you're visiting and send it to Sentry, which is an application security monitoring service.
The website is managed for us by Fieldwork, hosted by DigitalOcean, with some additional services from Amazon Web Services. Other than the email addresses mentioned above we don’t store any personal information with either of those providers.
What information we collect when you join our newsletter
When you sign up for our newsletter we collect identity data such as your name and email address, so that we can send you the newsletter.
We also collect analytics on who opens the newsletter and which links they follow. This is used to work out which content is of interest to our subscribers, and is never used to target particular individuals or groups.
Other times we may collect information about you
If we’re in contact to discuss working with you, answer other questions you may have, send you a copy of Signals, you come to an event we’re running or we start working together, we collect personal data that you provide to us.
This could include:
- Identity Data may include your first name, last name, title, date of birth and gender.
- Contact Data may include your billing address, delivery address, email address and telephone numbers.
- Financial Data we keep only financial data that is a result of our contracts with you. Our financial records are held on Xero.
- Transaction Data may keep details about payments between us and details of purchases made by you as a record of transactions made which includes name and billing address.
- Technical Data may include IP addresses, browser type and version and some other technology on the devices you use to access this site.
- Usage Data may include information about how you use our website, products and services.
- Marketing and Communications Data we keep basic information so as to communicate with you, namely email address, first and last name.
We use tools provided by Google and Xero to manage data.
Why we use your information
We collect and process your personal data in order to:
- fulfil a contract we have with you
- manage this website
- send you marketing materials
- operate our customer-service and respond to your requests
- improve our products and services
We do not sell or share your personal data outside of Public Digital.
How long we keep your information
We only keep your personal data for so long as necessary to achieve these purposes. This may be up to 10 years after the end of the contractual relationship with you (statute of limitation for legal claims in most EEA countries), unless a shorter or longer retention period applies under applicable data protection laws.
Parties with which we share your information
We share your personal data with:
- third party providers that help us operate this website and provide our products and services (these recipients act on our behalf and under our instructions only)
- in addition to those mentioned above, we also use Google G Suite.
- third parties in case of judicial processes, request by courts or authorities, other legal obligation, to defend our rights, or in case of merger, acquisition, or assets transfer.
Some of these recipients are located outside the EEA, but we ensure that your personal data remain at all times adequately protected (if the country of destination is not one that the EU Commission considers offers an adequate level of protection, we cover the data transfer by appropriate safeguards).
You may, at any moment, exercise your rights under data protection law, including (when applicable) your right of access, rectification, restriction, erasure, opposition (including objecting, at any time and for free, to the processing of your personal data for direct marketing), right to portability and your right to withdraw consent. You also have the right to lodge a complaint with the competent supervisory authority.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
However, we cannot absolutely guarantee the security of your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How to contact us
For any query or request relating to our use of your personal data, or to exercise your rights, you may contact us via firstname.lastname@example.org