Privacy Policy

Last modified 14th May 2014

1 Scope

Spoton.net Limited (hereafter ‘we’) provides an editable website system known as ‘It’seeze’ (hereafter ‘the editing system’). This privacy policy covers all aspects of the editing system. This privacy policy applies to both those for whom we create websites (hereafter ‘clients’) and those who visit our websites or those of our clients (hereafter ‘visitors’). We understand the value of privacy to our clients and visitors, and endeavour to go above and beyond the requirements of the Data Protection Act in ensuring your privacy.

2 Data collected by third parties

With the exception of It’seeze website subscription payments, detailed in section 4.8 below, we do not collect financial information, such as bank account and credit/debit card numbers. Parts of the editing system that take payment do so through third-party payment gateways. These payment gateways have their own privacy policies:

The editing system makes use of additional third-party services covered by the following privacy policies:

Our clients may use their websites to collect information from their visitors and store it within their own systems. The collection and use of such data is covered by the privacy policies of the clients concerned.

3 Access to and sharing of data

With the exception of data collected on behalf of our clients, detailed below, access to data we collect is limited to the members of our staff who require that data to perform their duties. Our staff are bound by confidentiality agreements that prohibit them from sharing data inappropriately.

In addition to any circumstances described below, we may share any data we collect in the following two circumstances:

  • If, in the course of their day-to-day activities, one of SpotOn Corporation Limited or Spoton.net Limited require data collected by the other
  • If we are required to share data with the legal authorities to fulfil our obligations under United Kingdom law

If we wish to access or share your data in any way not described in this privacy policy, we will contact you beforehand and only proceed with your explicit consent.

4 Data we collect and how we use it

4.1. Web server access logs

As is standard practice within the industry, our web servers log all requests they receive. For each request, the logs include the IP address from which the request originated, the date and time of the request, the URL requested, and the user-agent string sent by the software making the request. We use these logs as a diagnostic tool when developing the editing system. In addition, we may access these logs in order to provide technical support.

4.2 Mail server access logs

As is standard practice within the industry, our mail servers log all requests they receive. For each request, the logs include the date and time of the request, the intended recipient (if the request was a message being received), and the account (if the request was someone accessing their e-mail account). The log does not contain the content of any message sent or received. We may access these logs in order to provide technical support.

4.3 Unauthorised access logs

As is standard practice within the industry, our servers log any failed attempt to access a restricted service. For each failed attempt, the logs include the date and time of the attempt, and the IP address from which the attempt originated. Such attempts are illegal under the Computer Misuse Act, and the logs may be used as evidence in a court of law.

4.4 E-mail

Our servers host e-mail accounts for both us and our clients. E-mails sent to these accounts are stored on the server until the account holder’s e-mail software connects to the server, downloads the e-mail to the account holder’s system, and deletes the e-mail from the server. We may access a listing of the e-mails for a particular client account in order to provide technical support, but we do not read the content of the e-mails. Once e-mails have been downloaded to clients’ systems, the collection and use of such data is covered by the privacy policies of the clients concerned. E-mails sent to our staff accounts are stored on our systems in order to respond to client queries and to improve our services.

4.5 Stored form data

The editing system allows clients to construct forms on their websites. Clients may choose to have submitted data e-mailed to them, or to have us store it on their behalf for them to download at a later time. Our staff do not access this data. Once such data has been downloaded to clients’ systems, the collection and use of such data is covered by the privacy policies of the clients concerned.

4.6 Editing system statistics

The editing system temporarily logs all requests for pages it receives. For each request, the logs include the date and time of the request, the page requested, the referring page as reported by the software making the request, and the user-agent string sent by the software making the request. Our staff do not access this data. Approximately once an hour for each site this data is aggregated and the original log files deleted. The aggregated data for the past year is made available to the client concerned. The aggregated data includes the number of page views and visits grouped by day or month, the first and last pages of visits grouped by month, referring pages grouped by month, search terms grouped by month, and the date and time of the last visits by various search engine robots.

4.7 Cookies

A cookie is a small text file stored until its expiry time by a visitor’s browser on behalf of a website. The shop within the editing system uses cookies to keep track of customers’ shopping baskets as they browse the shop; these cookies expire after 30 days. When a client edits their website or when a visitor logs in to a protected section of a client’s website, a cookie is used to keep them logged-in as they move between pages; this cookie expires when they close their browser, or at the end of the day on which it was created if they opt to stay logged-in for the day. When a visitor moves between the mobile and desktop versions of a site, a cookie is set to prevent the visitor being automatically redirected back to the version they were viewing; this cookie remains until it is deleted. All of these cookies are accessed only by our software — our staff do not access this data.

4.8 Financial information for It’seeze website subscription payments

It’seeze website card payments are handled by PayPal’s Payflow service. A client setting up an It’seeze website subscription provides their credit card or debit card number and security code through a form using Secure Sockets Layer (SSL) encryption. These details are sent to PayPal’s Payflow service, also using SSL encryption — we do not store this data. PayPal have their own privacy policy covering their use of this data:

We store the following data in relation to each transaction: the amount paid, the payment date, the payment reference code, and the AVS (Address Verification System) and CVV (Card Verification Value) check responses supplied by PayPal. We will access this data only to prepare our company accounts and financial reports, and to track payments made and monies owed by our clients.

5 Changes to this privacy policy

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of the privacy policy will be updated. If any change allows for the wider access to or sharing of data, such changes will only apply to data collected after the date of the updated privacy policy.

OUR SITES WORK WITH 
 

FIND A CONSULTANT 
 

Follow us on twitter Follow us on Facebook Follow us on YouTube Follow us on Pinterest Follow us on LinkedIn Read our blog