Warden is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Controller under the UK Data Protection Act of 2018.
Personal data is provided to us via the following avenues;
• Registration of interest / contact forms o To register your interest, you will provide your contact details for the purpose of contacting. Once the contact has been made, we will delete your email address immediately.
• For use of the app o To use the app, we need your email address for use of a username, checking of breaches and service messages. In addition to this, we ask you to set a password to ensure that access to your account is secure – we use the HaveIBeenPwned.com API to check a SHA1 hash against your password when you create it to see if it has been involved in a breach. We do not capture this password. We will also capture your IP address for when you have logged on as this helps us to identify any suspicious activity on your account.
• Facebook signup o We are trialling Facebook adverts to get a bigger reach for signups – if you have come via the Facebook sign up form, this policy applies, and all data will be stored in accordance with this policy in addition to Facebook’s policy.
• Payments processing o We use Stripe for our payments processing and have carried out a selective security process to ensure that we are using a secure and compliant service provider.
• Marketing / newsletter o Throughout the site there are opportunities to leave your email address for newsletters and updates – we only capture the minimum amount required for this (your email address) and we offer an unsubscribe button within our emails. If you haven’t received an email (we don’t send them often) and want your details removed, please send an email to email@example.com
SENSITIVE PERSONAL DATA
Following an assessment of the website and capturing process, we can confirm that we do not knowingly capture data deemed as ‘personally sensitive’ as defined in the GDPR/DPA 2018.
As per the Data Protection Act and refined by the General Data Protection Regulation, you have multiple rights which can be exercised. This includes;
– requesting a copy of your personal data that we hold – updating the personal data that we hold in order to keep your data accurate – the ability to provide your data in a commonly used format for transfer elsewhere – updating your consent and objecting to direct marketing and; – requesting that your data is erased (we will always do this unless we have a valid reason. If your data cannot be deleted, we will provide you with the justification.) If we do not address your request or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via www.ico.org.uk or by telephone on 0303 123 1113.
DECLARATION OF SHARING
We use third party solutions for the hosting of our website and application (mobile and web), including analytics to better our service and provide the best experience;
• Amazon Web Services o Our servers are hosted in UK and Ireland datacentres with AWS, backups are also kept securely within these areas
• Marketing o We use MailChimp for our email newsletter and notifications, we will share email addresses for the purpose of sending emails, you have the ability to unsubscribe as you please. We have a third-party review process to ensure all third parties meet or exceed our level of security and use the NCSC guidance as a baseline.
This website, and any services available from this website, are not directed to children under the age of 13. If you are a child using this website, parental consent must be obtained. If your child has used this website without parental consent, please contact firstname.lastname@example.org for rectification.
Cookies are small text files which are transferred from our websites, applications or services and stored on your device.
We have ensured that we use the absolute minimum and have only one cookie in use on the website – this is for our security tool Cloudflare;
Privacy and the cfduid cookie
The _cfduid cookie collects and anonymizes End User IP addresses using a one-way hash of certain values so they cannot be personally identified. The cookie is a session cookie that expires after 30 days.
The _cfduid cookie does not;
• allow for cross-site tracking • follow users from site to site by merging various _cfduid identifiers into a profile
• correspond to any user ID in a Customer’s web application
This cookie is essential as without it we cannot use our Cloudflare service which greatly increases the security and reduces the risk of compromise. By using this website, you are agreeing to the use of this cookie.
As with anything we do, if you would like to discuss, please contact email@example.com
Throughout the website we may provide links to external parties and partners for further information and content. Whilst we take every precaution to ensure that your time on this website is safe and secure, Warden cannot guarantee the security of third-party sites and must advise that the usual internet safety precautions should be used.
REVIEW, UPDATES AND CONTACT
Data Protection Officer firstname.lastname@example.org
This policy will be updated regularly and was last reviewed on 07/10/2020