Who we are

We provide digital services such as web design, web hosting, email hosting, domain name registration, security certificates, IT consultancy and other related services.

The security of the services we provide is extremely important to us and every effort is made to protect both the information we store about you and the data that you store with us as part of the services we provide. Respecting your privacy, responsibly managing your data & personal information and transparency is part of our company’s core ethos.

You can contact us at any time on ​hello@raven-designs.co.uk

Controller

Raven Designs (raven-designs.co.uk) is the controller and responsible for your personal data and for this website. Throughout this privacy policy, Raven Designs will be collectively referred to as “we”, “us” or “our”.

Purpose of this Privacy Policy

The aim of this privacy policy is to provide you with information on how Raven Designs collects and processes your personal data through your use of this website. This includes any data you may provide through the website when you purchase a product or register your interest or details for any services, offerings or newsletters.

This website is not intended for children and we do not knowingly collect data relating to children.  If we believe that children are using our website or attempting to use our services we will take all reasonable and necessary steps to check and properly manage the position.

It is important to read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasion when we are collecting of processing personal data about you. This will ensure you are fully aware of how and why we are using your data.

Your Personal Information

The information we collect is essential to the operation of our business and services that we provide to you as a customer, we consider this a legitimate interest. This section breaks down the information we collect, why we collect it, how it may be used and how long it is retained (where applicable).

Your IP address, requested resource & browser signature(s)

We record your Internet Protocol (IP) address, requested resource and browser signature (user agent) when accessing our website and services to help us protect your account and systems against unauthorised or malicious activity.

Retention

Your IP address(es), request(s) and browser signature(s) information will be retained for the ​lifetime​ of your account. Should malicious behaviour be identified from an IP address, it will be retained indefinitely to ensure our systems are protected against further malicious activity.

Domain name registration, transfers & management

When managing a domain name on your behalf, your full name, postal address, email address, telephone number(s) is shared with our domain registration provider. Every domain name must be associated with a legal identity and as a result, your information must be provided in order to complete the registration of the domain name.

When registering a domain name on the behalf of an organisation, we may also supply your organisation’s legal information (e.g. Companies House or Charity Registration number) so that the domain registry can verify the organisation’s identity.

Up until the introduction of the UK GDPR, unless requested otherwise, your contact information would have been made available in the public ​WHOIS​ database. As long as you supply an address based in the UK when registering or transferring in a domain, your information will be automatically redacted from the WHOIS database.

Should you supply an address outside of the UK, it will be available on the public WHOIS database unless ID protection (domain privacy) has been chosen at the point of registration or transferral.

Please note that whilst your information may be redacted from the WHOIS, it can still be requested by law enforcement agencies or intellectual property management companies.

If you do not wish to supply your personal information, we will be unable to register or manage the domain as this is a requirement enforced by the domain registry.

Digital security certificates (SSL certificates)

When you purchase a SSL/security certificate, your full name, postal address, email address and telephone number may be shared with our certificate provider.

In order for a digital security certificate to perform its function, it’s important that the ​Certificate Authority​ is able to verify that the certificate being issued is associated with a legal identity. In order to do this, the above information is shared with our certificate provider.

Certificates with Extended Validation (EV) may require us to supply additional information to the Certificate Authority. This will be outlined and described to you in detail prior to submission.

As part of this process, any information we supply as part of issuing your security certificate may be securely transferred outside of the UK.

Free SSL certificates from Let’s Encrypt

Your information is not shared with SSL certificates which are supplied free of charge through ​Let’s Encrypt​.

Professional services

Periodically we may need to supply access to our systems so that they can be reviewed by other professionals (e.g. accountants, solicitors, vendor or supplier support). Whilst we will not share your information with these parties, they will have access to the information held on our systems.

In line with our company’s security policy, access by third-party professionals is closely monitored and managed, ensuring access is fully revoked once the task has been completed. Where access to personal information is a requirement of the troubleshooting process, consent will be requested.

Payment information

We do not willingly store credit, debit or bank account information on our servers. At the point of payment, your contact and card information is securely transferred to our payment provider (PayPal or Stripe), both are PCI-DSS Level 1 compliant companies.

Your contact information is transferred to our payment provider in order to collect payment and protect against fraud.

How is Your Personal Data Collected

There are several methods we use to collect data from and about you, including through the following:

Direct interactions

In some cases you may supply us with your identity, contact and financial data by corresponding with us via post, phone, email or otherwise, or by filling in a form on our website.  This include personal data you provide when you:

  • apply for our products or services
  • create an account on our website
  • subscribe to our services or publications
  • request marketing to be sent to you
  • enter a competition, promotion or survey
  • give us feedback or contact us
Automated technologies or interactions

Technical data will be automatically collected as you interact with our website, including information about your equipment, browsing actions and patterns.  We collect this personal data using cookies and other similar technologies. Please see our cookie policy for further details.

Third parties or publicly available sources

We will receive personal data about you from various third parties as set out below:

  • analytics providers, such as Google
  • search information providers such as Google based outside the EU

Your Rights

You have the right to:

  • Request access to your personal data (“data subject access request”). You will receive a copy of the personal data we hold about you and this allows you to check that we are lawfully processing it
  • Request a correction of the personal date that we hold about you. Any incomplete or inaccurate data we hold about you can be corrected, though we may need to verify the accuracy of the new data you provide to us
  • Request erasure of your personal data.  You can ask us to delete or remove personal data where there is no good reason for us continuing to process it.You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. You can ask us to suspend the processing of your data in scenarios including:
    • If you want us to establish the accuracy of the data
    • Where our use of the data is unlawful. But you do not want us to erase it
    • You need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
  • Request the transfer of your personal data to you or a third party. We will provide to you or your chosen third party your personal data in a structured, commonly used, machine-readable format.  Please not that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
  • Withdraw consent at any time where we are relying on consent to process your personal data.this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you choose to withdraw your consent, it may prevent us from providing certain products or services to you. We will advise you if this is the case the time of withdrawing consent.

Notification of a Data Breach

Upon discovering a breach that may have exposed your personal information, we will notify you as soon as it’s feasible using the default email address we store on your account. This email address can be updated through our ​customer area.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

Essential Cookies:
Cookie Description
Raven_cookie_consentStores users cookie preference
raven-cookie-checkbox-necessaryStores users preference for necessary cookie
raven-cookie-checkbox-non-necessaryStores users preference for non-necessary cookies
wordpress_logged_in_[hash]Indicates when you’re logged in, and who you are, for most interface use. Set after login only
Non-essential Cookies:
Cookie Description
_gidGoogle Analytics - Used to distinguish users
_gaGoogle Analytics - Used to distinguish users
_gatGoogle Analytics - Used to throttle request rate

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

https://support.google.com/chrome/answer/95647?hl=en​ (Chrome);

https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

http://www.opera.com/help/tutorials/security/cookies/​ (Opera);

https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies​ (Internet Explorer);

https://support.apple.com/kb/PH21411​ (Safari); and

https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy​ (Edge)

Blocking all cookies will have a negative impact upon the usability of many websites.

If you block cookies, you will not be able to use all the features on our website or services.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check ​this page​ occasionally to ensure you are happy with any changes to this policy.

We may notify you of changes to this policy by email or through the private messaging system on our website.

Contact Us

If you have any questions about this privacy policy, please contact us via hello@raven-designs.co.uk or through the form on our contact page