Applegreen Websites Privacy Policy

Our privacy policy explains what data we collect on our visitors and clients, how we treat your data and what your rights are over it. If you are still unsure about anything, or if we have not covered your question here, please contact us.

Who are we?

Applegreen Websites is run by Stephanie Boucher, of 36 High Street, Biddenden, Kent TN27 8AH, UK.

What information do we collect?

We collect and store several types of data.

For clients who have worked with us, we collect names, email addresses, a contact phone number, postal address and sometimes bank details.
For clients, logins to the control panels and sometimes WordPress installation.
For people who have signed up to our email newsletter, email addresses only.
For enquirers who do not progress to become our clients, we collect an email address and contact phone number.

Why do we collect it?

The reasons vary with the types of data and people from whom we collect it.

For clients, email and phone contact are essential for working together, and later for staying in touch via our newsletter. A website is an ongoing commitment on both sides: we would be failing in our duty if we did not inform our clients of legal and practical updates concerning their site.
Bank details and postal addresses are used to purchase websites domains and hosting for websites, from third-party providers such as 1an1, LCN, WPEngine and others. In these cases the control panel logins are passed to the clients as their own property.
For newsletter subscribers, an email address is essential for sending it out.

How long do we store it?

The length of time varies with the type of data and people concerned:

For clients and newsletter subscribers, the data is stored indefinitely, or until such time as the owner of the data asks us to dispose of it, or unsubscribes.
The exception to this is bank details, which are passed on to web hosting companies and not retained by us.
For enquirers, the data is stored for a period of one year and then disposed of if there is no follow up.

Where do we store it, and with whom do we share it?

We store all data ion the hard drive of our computer at the Applegreen office in Biddenden, Kent. We back up to external hard drive, external hard drive located in the same office. No data goes any further than this, with the following exceptions:

Client and subscriber emails are shared with MailChimp, who handle the newsletter list. See their privacy policy.
Client data (email address, phone number, postal address and bank details) are shared with website hosting companies for the purposes of creating an account for the website. Clients will know who their provider is and be able to check their own privacy policies: these clients handle their own subscriptions. A small number of our early clients were included in our own account with the hosting company 1and1.co.uk, see 1and1’s privacy policy.
These companies are either located in the UK and therefore subject to the same GDPR rules, or have a significant client base in the UK and comply with the regulation.

What is the legal basis on which we collect, store and share data?

Consent: subscribers to our email newsletter have given their explicit consent for us to use their email address for that purpose.

Contractual obligations: clients who have paid us for creating a website for them, or for work on their existing site, are regarded as having agreed to an implied contract with us which serves in lieu of explicit consent.

Legitimate interest: we use details of enquirers to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact their rights, freedom or interests. We may send them our newsletter for a period a a year or until they unsubscribe, whichever comes first.

Privacy policy and cookies

A cookie is a piece of data that is stored on the user’s computer. It provides information about that user’s use of a website, without revealing who the user is.

We use cookies to collect anonymised and aggregated data of visits and pathways through the website, through Google Analytics. As it is anonymised, we cannot trace individual visitors with these data.

We use anonymised data to understand website patterns of visitor behaviour on our website and to implement improvements.

Applegreen Websites cannot identify visitors through the data we collect about their pathway through the site.

Read how Google uses the data when you use our website. This page also explains how you can disable this form of data collection if you do not wish it.

Google store analytics data for 50 months and then delete it automatically.

If you use your browser’s ‘private’ or ‘incognito’ mode, your visit will not be counted as part of this data.

What are your rights over your data?

We will respond within 30 days to all requests regarding your data. You have the right:

to ask that we declare what data we are storing about you;
to request that we delete your data;
to have the data sent to you in a portable digital format, for another company to use;
to restrict us from processing your data;
to rectify your data if it is wrong or out of date;
to unsubscribe from our newsletter — a prominent Unsubscribe button is provided for that purpose;
disable the Google Analytics function by means of a browser add-on to ensure the prevention of the sending of any analytical information to Google.

What happens in case of a data breach?

A data breach is defined as “the accidental or unlawful destruction, loss, alteration unauthorised disclosure of, or access to, personal data”.

If we become aware of a data breach that concerns you, we will contact you immediately as part of our efforts to limit the damage caused.

We will notify the ICO immediately if possible, but within 72 hours at the latest.

Please direct any complaints about the ways we handle your data to the Information Commissioner’s Office.

We cite privacy policy as example in our guide to “Writing your own privacy policy” for clients.

Last updated: November 2022