This privacy statement was last updated on June 30, 2021 and applies to citizens and legal permanent residents of the United Kingdom.
1. Who we are
We are Fifteen Three Digital Ltd, registered with Companies House under registration 09033201, and with the ICO under registration ZB005081.
Our registered address is
Fifteen Three Digital Ltd.
2C Edward Street
2. The Basics
In this privacy statement, we explain what we do with the data we obtain about you via https://fifteenthree.co.uk. In our processing we comply with the requirements of privacy legislation, including the UK GDPR and the DPA2018. That means, among other things, that:
- We keep the minimum amount of information we can about you.
- We use your personal data to provide our services to you and meet our legal obligations.
- We delete your data when it is no longer needed for these things.
- We do not pass your information to third parties – but there are some exceptions.
- You have lots of privacy rights.
- We apply appropriate technical and organisational controls to keep your data secure.
- We are happy to respond to any queries you have about any of this.
If you have any questions, or want to know exactly what data we keep of you, please contact us.
3. What data do we process?
As our client, we will hold the following information about you:
- Your name and contact information.
- Information about your business activities.
- Information and documentation about your matters or enquiries, including communications with you.
- Billing and payment information.
As a potential client, we will hold the following:
- Your name, and contact information.
- Information and documentation relating to your business gathered from yourself, websites, Companies House, LinkedIn and the ICO.
Explaining the lawful basis
References to the basis of processing (e.g. “(Basis: Art. 6.1.f)”) are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question. This will usually be an Article 6 lawful basis; in the very rare circumstances that Special category Data is processed, a suitable Art 9 basis will be listed.
Providing services to you about website development, hosting and other good stuff
We use the information we hold about you and your business — both personal and otherwise — to give you the best service we can.
For example, we will add your contact details to our internal email address book.
We also use your information to send contracts, bill you, and keep track of payments that you make, as well as to keep in contact throughout our relationship.
(Basis: Art. 6.1.b – performance of a contract): this is necessary to deliver the service to you.
Sending occasional News and Email Direct Marketing to Prospective and Existing Business Clients
If we have met at a networking event, you have asked for support, or contacted us via our website, and we feel that you could be a suitable customer, we will perform due diligence checks to ensure that we would be a compatible company for you. The information from these checks is used to contact you to explore business opportunities and ways of working together.
(Basis Art 6.1.f) We have a Legitimate Interest to perform basic due diligence on prospective clients, and to market our services to other organisations.
If at any time, you want to stop receiving emails from us, simply let us know and we will stop.
As a general principle, we will not transfer your personal data to third parties without your permission.
There are some exceptions to this:
If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We’ve never done this, but we want to keep this option open to us. Lawful basis Art 6.1.f We have a legitimate interest to pursue money owed to us.
It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Lawful basis Art 6.1.c Legal Obligation
We use an external accountancy service and they have limited visibility of your personal business data for the administration of company financial affairs. Art 6.1.f We have a legitimate interest to allow our Accountant to have limited access to our client personal data in order to manage our accounts.
We also share or disclose this data to processors for the following purposes:
Name: Google Analytics
Purpose: Tracking visitor behaviour on website
Purpose: Send newsletters
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
6. Third-party websites
This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
7. Amendments to this privacy statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.
8. Accessing and modifying your data
If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.
9. Retention periods
Data about clients: duration of your relationship with us, then seven years
Data about prospective clients: 2 years from last meaningful contact unless you have asked us to suppress your details. If you have requested suppression, we will keep the bare minimum so that we can be sure not to re-add you to any mailing lists.
Data about specific matters: duration of the matter, then seven years
10. Submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner’s Office:Wycliffe House
Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.
12. Contact details
We use Google Analytics to gather statistics about where visitors to our website come from and how they interact with the site.
The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 7 days.
This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.
Security logs are retained for 7 days.