Oikos Digital Ltd - Privacy Overview

We do everything we can to minimise the data we collect and store, and to keep it secure. We use strong, random, unique passwords on all online services stored in secure systems and we use two-factor authentication where available. We encrypt data where possible and we look after our mobile devices.

We try to use UK/EU based services, but many cloud-based online systems are US-based. Whenever your data is sent outside the EU we ensure that appropriate protections are in place, such as the EU-US Privacy Shield.

• We do collect analytics data, but we use anonymous, cookie-free analytics to do so. We do not use marketing or advertising services, sneaky tracking pixels, or user-tracking social media buttons or widgets. The only cookies we use are those that make the site function, and those set by third-party embedded media/video services, which are out of our control.

We will store and process data needed to reply to your question or enquiry.

• Email enquiries will be stored in our email inboxes so that we can reply to you.
• We will store your contact details so we can contact you about your enquiry. This information will be synced through cloud services to mobile devices too.
• We may make our own notes about your enquiry and the people involved in note-taking software synced using cloud computing services.
• We may put details of the enquiry and the people involved in a to-do list, CRM system or project management software to ensure the enquiry is dealt with by the right person and at the right time - this will also be synced using cloud-based services.
• We know we're a technology company, but we will sometimes make notes about projects and people on paper or other physical media too. These are not synced using cloud computing, but we keep them safe.
• Website enquiries will be emailed to us and processed as above, and also stored on the website.

To help our business continue operating in the event of a disaster, some data is backed up using other online services. Data will be kept for up to 6 years in case of dispute.

We will store and process data needed to execute the project effectively.

• Emails will be stored in our email inboxes so that we can communicate with you about the project.
• We will store your contact details so we can contact you about your enquiry. This information will be synced through cloud services to mobile devices too.
• We may make our own notes about the project and the people involved in note-taking software synced using cloud computing services.
• We may put details about the project and the people involved in a to-do list, CRM software or project management software to ensure the enquiry is dealt with by the right person and at the right time - this will also be synced using cloud-based services.
• We know we're a technology company, but we will sometimes make notes about projects and people on paper or other physical media too. These are not synced using cloud computing, but we keep them safe.
• We will store information about the project, including contact details, in time tracking systems, accounting systems, banking systems and online payment systems and we will pass accounting information to our accountant. Many of these systems are online systems, or cloud-based services.
• In many cases we will be working with personal data that you are the data controller for, such as personal data belonging to your users. So it is important that you agree to our Data Processing Agreement.

To help our business continue operating in the event of a disaster, some data is backed up using other online services. Data will be kept for up to 6 years in case of dispute. Financial data will be kept for up to 7 years to meet HMRC reporting requirements.

• See "If we work on a project for/with you" - the same guidelines apply.

We will store and process data needed to provide your hosting service.

Because hosting can involve providing support of the hosting service and communications about the hosting service, all of the guidelines in "If we work on a project with/for you" may apply. In addition:

• We will add details of you and your services to our online hosting management, support and billing software tool, which you will have client access to.
• We will add you to our hosting mailing list to provide you with service updates by email.
• We will act as a data processor for all personal information stored in your website's database and files. You are the data controller for this information, so it is important that you agree to our Data Processing Agreement.
• Because we re-sell hosting from a hosting provider, the hosting provider will be a sub-processor of all personal information stored in your website's database and files.
• If you provide us with any login details for any support or maintenance activity, we will request that these be securely transmitted, and we will store them securely in a password vault until they are no longer needed.
• Your contact details will be stored and processed in a hosting account on the web server
• If we are setting up a content management system or web application (such as WordPress) for you then your contact details will be stored and processed in that CMS/application too.

We also back up websites, so there will be copies of any personal information stored in your website's database and files stored on the appropriate backup services.

Please note that if you collect or store or process personal information on or through your website, you are also a data controller and will need to understand your responsibilities.

We will store and process data needed to provide your hosting service.

Because buying a domain through us can involve providing support of the domain and DNS service and communications about the service, all of the guidelines in "If we work on a project with/for you" may apply. In addition:

• We will add details of you and your services to our online hosting management, support and billing software tool, which you will have client access to.
• If you provide us with any login details for any support or maintenance activity, we will request that these be securely transmitted, and we will store them securely in a password vault until they are no longer needed.
• Your contact details will be stored and processed in the domain provider's systems. Note that some of this information may be publicly available. Ask us if you are concerned or have questions about this.

You will have opted to receive occasional informational emails from us.

• We will store you contact details in an online email-marketing tool.
• You can unsubscribe, change your details, or delete your details at any time. Just follow the links in the emails that we send.

We have motion-sensitive, night-vision security cameras installed which will catch you and upload video of you to a cloud-based security system. Video from these cameras may be stored using the cloud-based service for up to 30 days, but no longer. This video may be downloaded to computers or mobile devices for analysis in the event of a security incident.