This privacy notice is Stratton Craig’s public declaration of compliance with the Data Protection Principles and Rights afforded to individuals by the General Data Protection Regulation (GDPR).
Here is an explanation of how we process data and how we protect the privacy of users of this site.
About Stratton Craig
Stratton Craig is a specialist written communications agency. Stratton Craig is the trading name of Stratton Craig Ltd, and our registered office is:
As of May 2018, our Data Protection Manager is:
Data we collect
The information which we collect and store during normal use of the site is used to monitor and analyse how parts of the site are used. This tracking does not result in any personally identifiable data being collected or stored. We provide an enquiry form, which stores the minimum of information we require in order to answer your query.
Data fields we collect
- Time of visit, pages visited, and time spent on each page of the webpages
- Referring site details (such as the URI a user came through to arrive at this site)
- Type of web browser
- Type of operating system (OS)
- Network location and IP address
- Email address
Join the team Form
- Email address
- Mobile number
- Landline number
- Years of experience
- Day rate
The information held in Google Analytics is:
- Stored on Google’s servers (GDPR compliant via the EU-US Privacy Shield) and accessible by only by authorised members of Stratton Craig’s development team
- by default retained for 50 months before being automatically removed from Google’s servers
The information held by contact form and ‘join the team’ form submissions is:
- stored in a database, retrievable only by authorised members of Stratton Craig’s development team, or employees of Stratton Craig authorised to respond to your enquiry
- where possible & relevant, anonymised
- not shared with any third party
- deleted promptly if & when deemed not relevant
In all cases, for any personally identifiable data we hold:
- We do not transfer this information to any third parties
- We do not transfer this information outside the EU (Google Analytics being the exception to this rule, but is GDPR compliant via the EU-US Privacy Shield)
- We will not contact you for anything outside the remit of your initial enquiry
- We will report any breach resulting in the exposure of personally identifiable information to the affected parties concerned, and if relevant, the supervisory authority for GDPR in the UK, the ICO.
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
The right to be informed
This privacy notice is our way of informing you of your rights and of how we process information.
The right of access
You have the right to confirm whether or not we are processing your data, and the right to obtain a copy of the data that we hold, also known as a “Subject Access Request”. To obtain this, you may contact us at [email protected]
The right to rectification
If any information we hold is inaccurate or incomplete, you have the right to have that information amended.
The right to erasure
You have the right to have your information deleted. We will endeavour to fulfill this without undue delay as long as we are not obliged to keep the information to comply with any other legislation.
The right to restrict or object to processing
You have the right to block or restrict our processing of your data; on receipt of this objection we will stop processing your data, but this will not affect any processing done so far.
The right to data portability
You have the right for your information to be provided in a machine-readable format to enable easy transfer between processors. This right is available to any personal data provided by you.
The right not to be subject to automated decision making
If we use automated decision making we will let you know how, where and why this will happen.
The right to withdraw consent
If you provide data to us, you may withdraw consent to processing of said data at any time.
The right to complain
If you wish to discuss the way your data is being handed, or have any concerns, please contact us at [email protected] .
If we are unable to resolve your concerns, you have the right to complain to the Supervisory Authority, as below:
Supervisory Authority: Information Commissioner’s Office (ICO)