Privacy Policy

1. Introduction

Herefordshire Computing Ltd (“Herefordshire Computing,” “we,” “us,” or “our”) is committed to safeguarding the privacy and personal data of all users and visitors to our website (herefordshirecomputing.com). We recognize the importance of privacy and data protection as fundamental human rights and are dedicated to upholding the highest standards of transparency, accountability, and integrity in how we handle personal information.

This Privacy Policy outlines how we collect, use, share, store, and safeguard your personal data when you interact with our website and services. We adhere to the principles and regulations established under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and all applicable data protection laws.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through herefordshirecomputing.com and associated digital platforms operated by Herefordshire Computing Ltd. For the purposes of applicable data protection legislation, Herefordshire Computing Ltd, located in the United Kingdom, is the “data controller” of your personal information collected via our website and services.

If you have any questions about this policy or your personal data, please contact us at [email protected].

3. Categories of Data We Process

We collect and process various categories of personal data, depending on your interactions with us. These include:

a) Usage Data
Information automatically collected when you visit herefordshirecomputing.com, such as IP address, browser type, referring/exit pages, device identifiers, time zone settings, and interaction data (e.g., click events and page navigation).

b) Account Data
Personal information you provide when creating or managing an account with us, including your full name, postal address, email address, and telephone number.

c) Profile Data
Details such as your product preferences, purchase history, interests, and behavioral patterns based on your use of our website and services.

d) Communication Data
Information gathered when you contact us, including emails, chat messages, support requests, and other associated correspondence or feedback.

e) Technical Data
Device-specific details such as operating system, screen resolution, network connection details, and system configuration.

f) Transaction Data
Records of payments made to or by you, including billing and delivery details, ordered products or services, and payment method information (processed via secure third-party gateways).

g) Preference Data
Your communication preferences, consent choices regarding marketing or promotional messages, and product or service interests as provided through forms or opt-ins.

4. Legal Basis for Data Processing

We process your personal data in accordance with one or more of the following lawful bases:

– Consent: When you provide explicit permission for collection and processing of your data (e.g., for email newsletters or optional cookies).
– Performance of a Contract: When data processing is necessary to enter into or perform obligations under a contract (e.g., purchasing products or setting up an account).
– Legal Obligation: Where we are legally required to comply with regulations or respond to governmental authorities.
– Legitimate Interests: When processing is necessary for our legitimate interests (e.g., website security, analytics, or service improvement), provided these interests are not overridden by your rights.

5. Your Rights

As a data subject, you have the following rights under GDPR and CCPA (as applicable):

– Right of Access: You may request details of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You can request deletion of your personal information, subject to legal and contractual limitations.
– Right to Restrict Processing: You can request that we limit how we use your data.
– Right to Data Portability: You can request the transfer of your personal data to another controller.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
– Right Not to be Subject to Automated Decision-Making: We do not use personal data to make automated decisions producing legal effects concerning you.

If you wish to exercise any of these rights, please contact us at [email protected].

6. Security Measures

We employ strong technical and organizational measures to ensure the security of your personal data. These include:

– Encryption of data in transit and at rest
– Firewalls and secure server architecture
– Multi-factor authentication for staff access
– Regular security audits and vulnerability assessments
– Privacy and data protection training for all employees
– Secure data disposal and access controls

While we strive to use best-in-class practices, no system is ever completely secure. In the unlikely event of a data breach, we have established procedures to notify affected individuals and relevant authorities as required by law.

7. International Data Transfers

As Herefordshire Computing is based in the United Kingdom, your personal data may be transferred and processed outside of the country where you reside. Where such transfers occur, we adopt appropriate safeguards, including:

– Standard Contractual Clauses (SCCs) approved by the European Commission
– UK data protection addenda
– Confirmation of recipient processor compliance with regional data protection standards
– Binding Corporate Rules, where applicable

8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes we collected it for, including satisfying legal, regulatory, or accounting requirements.

Specifically:
– Usage & Technical Data: up to 12 months
– Account & Profile Data: retained while active, or up to 6 years after termination
– Communication Data: 3 years from last contact
– Transaction Data: 7 years for tax/audit purposes
– Preference Data: retained until changed or withdrawn

Data may be anonymized for statistical purposes beyond these retention schedules, in which case it is no longer considered personal data.

9. Cookie Policy

We use cookies on herefordshirecomputing.com to enhance your experience, analyze usage, and customize content. The types of cookies we utilize include:

– Essential Cookies: Necessary for the operation of our website (e.g., login functionality, shopping cart sessions).
– Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering user preferences).
– Analytics Cookies: Help us understand user behavior and improve functionality (e.g., Google Analytics).
– Performance Cookies: Measure and improve the performance and usability of our site.

10. Cookie Management and Compliance

By using herefordshirecomputing.com, you consent to our use of cookies in accordance with this policy. You can manage your cookie preferences or withdraw consent at any time via:

– Our cookie consent management tool
– Your browser settings (e.g., disabling cookies, clearing cache)
– Using Do Not Track or Global Privacy Control signals, which we honor where technically feasible

We comply with the GDPR and CCPA for cookie consent, explicitly requesting your approval for non-essential cookies and providing clear opt-out mechanisms for all user categories.

11. Children’s Privacy

We do not knowingly collect or process personal data from individuals under the age of 13. If we learn that a child under 13 has provided personal data without verifiable parental consent, we will delete such information promptly. If you believe we may have collected such data, please email us immediately at [email protected].

12. Changes to This Policy

We reserve the right to amend this Privacy Policy from time to time to reflect changes in law, practice, or website functionality. Updated versions will be posted on herefordshirecomputing.com with appropriate notifications where legally required. We encourage users to periodically review this page to stay informed about our privacy practices.

13. Contact Us

If you have questions or wish to exercise your privacy rights under GDPR, CCPA, or similar data protection laws, please contact our Data Protection Officer by emailing [email protected].

We are fully committed to data protection compliance and responsible information handling. If you have concerns about your privacy or how your data is processed, please reach out to us—we are here to help.