Who we are
Our website address is: http://www.flowtech.org.uk.
What personal data we collect and why we collect it
We collect relevant information from our contact forms. Name, email, and your message is collected from our contact forms. This information is stored on our website database and is shared only with the company.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use several packages to provide website analytics data. These include Google Analytics and Jetpack plugins for WordPress. Links to the privacy policies for each plugin are available here:
Google Analytics – https://policies.google.com/privacy?hl=en
Google Analytics operates a data retention policy. Currently, for this website, the user-level and event-level data associated with cookies, user identifiers, or advertising identifiers are retained for 26 months before being deleted on a monthly basis. Other aggregate data (from which it is not possible to personally indentify individual users) is retained indefinitely.
These plugins are used for the purpose of analysing website traffic. They collect non-personally-identifying information that is usually made available via web browsers.
I may occasionally publish information about the global traffic on this website in a way that does not identify any individual visitor. This information is gathered for the purposes of monitoring the popularity of the different pages on this website.
Who we share your data with
We do not share your data with external companies. All data from our website is used only by the company.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
We gather contact information from our contact forms. This information is stored securely in our website database and is shared only in the company.
How we protect your data
All information you provide to us is stored on our behalf by Flowtech Water Solutions and is therefore protected by their extremely rigorous security standards. Whenever we process data, we also use a variety of standard good practice security measures including requiring encryption, SSL certificates, HTTPS and ISO270xx compliance from our partners. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your password safe at all times and log out of inactive sessions. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit card details or other identifying or sensitive information in any online chat function or profile.
What data breach procedures we have in place
The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the Article 29 Data Protection Working Party’s guidance on personal data breach notifications.
As the Working Party state in that guidance, “controllers and processors are … encouraged to plan in advance and put in place processes to be able to detect and properly contain a breach, to assess the risk to individuals, and then to determine whether it is necessary to notify the competent supervisory authority, and to communicate the breach to the individuals concerned when necessary”.
A formal personal data breach notification procedures is recommended by the Working Party: “To aid compliance with Articles 33 and 34, it would be advantageous to both controllers and processors to have a documented notification procedure in place, setting out the process to follow once a breach has been detected, including how to contain, manage and recover the incident, as well as assessing risk, and notifying the breach”.
“Personal data breach” under the GDPR covers more than just the unauthorised disclosure of personal information. The phrase is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the company”.
The policy covers three different types of notification: (i) notifications by a data controller to a supervisory authority, such as the Information Commissioner’s Office in the EU; (ii) notifications by a data processor to the data controller whose data is the subject of the breach; and (iii) notifications by a data controller to data subjects, ie human beings. Three schedules to the policy contain notification forms, one for each type of notification.
Whilst the policy does cover incident detection and response in summary form, it is primarily concerned with notification, and larger organisations at least should combine this document with more detailed policies covering detection and response. Moreover, the policy focuses upon personal data breaches, not information security incidents generally.