Stison Privacy Policy

 

The Stison website and publishing management software and services are brought to you by Stison Ltd. We take the privacy of our users very seriously. We ask that you read this Privacy Policy ('the Policy') carefully as it contains important information about how we will use personal data we collect about you.

This policy is directed at you if you are a customer or a user of the Stison website and publishing management software and services. For the purposes of the data protection legislation, Stison Ltd ('we' or 'us') is the 'data controller' (ie the company who is responsible for, and controls the processing of, your personal data). This Policy is not directed at individuals whose details may be processed by users of Stison publishing management software and services – if you are such a person, please direct any queries to the relevant Stison user, as they are the ‘data controller’ of your information.

Summary:

We use your data to provide our Stison publishing management solutions to you, keep you informed of our products and services, and to meet and enforce our legal obligations.

Generally, we do not give your information to third parties, but there are some exceptions where we use external service providers to power our operations.

We are happy to answer your questions about any of this – email us at info@stison.com.

Personal data we may collect about you

We will obtain personal data about you (such as your name, address, email) if your business or organisation places an order for Stison software or services, or if you create an account to use them. We will also collect your contact details if you raise a support call to our helpdesk. If you agree to us keeping you informed of our products and services, we will collect from you your email address to do this. We will also collect any feedback you give us about your experiences with Stison products and services.

How we use your personal data

We use the personal information we collect about you for the following purposes:

  • to help us identify you and any accounts your business or organisation holds with us;
  • administration of your account and related billing and support queries;
  • research, statistical analysis and behavioural analysis (this is carried out on an aggregated anonymised basis so that the resulting analysis does not identify you personally);
  •  (if you have consented to it) marketing—see 'Marketing and opting out', below;
  • billing and order fulfilment; and
  • improving the products and services we provide.

Marketing and opting out

If you have given permission, we may contact you by email about products that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. See further 'Your rights', below.

Disclosure of your personal data

We may disclose your personal data to:

  • our hosting partners, Fasthosts and Rackspace. They host our software and the databases that may contain personal data that you use the Stison solutions to administer. Fasthosts’s Privacy Policy is here - https://www.fasthosts.co.uk/terms/privacy-notice. Rackspace’s Privacy Policy is here - https://www.rackspace.com/information/legal/privacystatement. We also use Mailchimp, an email service provider. Mailchimp’s Privacy Policy is here - https://mailchimp.com/legal/privacy/.
  • The provider of our accounts software, Xero, which will store billing and transaction data. Xero’s Privacy Policy is here - https://www.xero.com/uk/about/terms/privacy/
  • We use Stripe to process payments for us. Stripe’s Privacy Policy is here - https://stripe.com/gb/privacy
  • For the purposes of  providing an effective support and helpdesk function, we use ZenDesk. Zendesk’s Privacy Policy is here – https://www.zendesk.co.uk/company/customers-partners/privacy-policy/. We may also use other support workers based in other companies, to help us troubleshoot issues and provide support.
  • Cloud Employees, our technical support services provider. For more information, see their website at https://cloudemployee.co.uk/
  • We also share your information with our professional advisers (such as our accountants), and with others that we use to comply with our tax and legal obligations.
  • If we sell our business, we will provide your personal information to the business that buys it.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data, for example:

  • access to your account is controlled by a password and username that are unique to you;
  • we store your personal data on secure servers; and
  • payment details are encrypted using SSL technology.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

Your rights

Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:

  • access to your personal information and to certain other supplementary information that this Policy is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email us at info@stison.com
  • let us have enough information to identify you,
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’ button at the bottom of the email.

How long your personal information will be kept

  • Payment and Transaction data: we will retain this as long as needed for the purposes of meeting our tax and accounting obligations.
  • Name and email addresses for those who sign up to hear more about our publishing solutions: we will keep this for 2 years following your last interaction with us.

Persons Under the Age of 18

Our website and our software solutions are not intended for those under 18 years of age. No one under age 18 is permitted provide any personal information to or on our website or solutions. We do not knowingly collect personal information from people under 18 years of age.

Sensitive Data

We do not collect any ‘special categories of data’ about you  - this includes details about your race or ethnicity , religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

Transfer of your information out of the EEA

We may transfer your personal information to Mailchimp, our email service provider based in the USA. We do this to help us provide and promote our services and our work, and to help us engage with current and potential customers. Also, we use Stripe to process payments, and this also involves transfer of data to the USA. The USA does not have the same data protection laws as the United Kingdom and European Economic Area. Whilst the European Commission has not given a formal decision that the USA provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information to Mailchimp and Stripe will be subject to appropriate safeguards as permitted under the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. These include Mailchimp’s and Stripe’s EU-US Privacy Shield certification. You can learn more about the EU-US Privacy Shield here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.

Cloud Employee, our support services provider, may share data with its employees in the Phillipines for the purposes of troubleshooting and diagnosing issues with our software.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies on this website to:

  • keep track of the items stored in your shopping basket and take you through the checkout process;
  • recognise you whenever you visit this website (this speeds up your access to the website as you do not have to log on each time);
  • obtain information about your preferences, online movements and use of the internet;
  • carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor requirements and interests;
  • target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
  • make your online experience more efficient and enjoyable.

The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally.

In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (eg to enable you to put items in your shopping basket and use our check-out process).

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

Third-party cookies

We work with third-party suppliers who may also set cookies on our website. These third-party suppliers are responsible for the cookies they set on our site. If you want further information please go to the website for the relevant third party. You will find additional information in the table below.

Description of cookies

The table below is designed to provide more information about the cookies we use and why:

Name of cookie

Owner

Purpose for the cookie

PHP Session ID

Stison

Tracking site use

Google Analytics

Google

Tracking Site use

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.

Our contact details

We welcome your feedback and questions. If you wish to contact us, please send an email info@stison.com or write to 2 Church Row, Wandsworth Plain, Wandsworth, London SW18 1ES.

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this Policy

We may change this Policy from time to time, when we do we will inform you via email where appropriate.

Legal Bases for Processing

We use a number of different legal bases for processing your data. Further details on each of them are set out here.

Legitimate Interest – This means the interest of our business in conducting and managing our business and our publishing solutions to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract: This means processing your data where it is necessary for the performance of a contract between us and you (that is, selling you our products under a licence or subscription, or providing you with professional services) or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation: In some cases, we will process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent: where we use your consent as the basis for processing your data, this means your affirmative, informed consent. We use this as a basis if and when we send you promotional material.