PRIVACY POLICY

PLEASE READ THESE TERMS CAREFULLY

This policy was last updated: 4th June 2018

1. About this Policy

CATO Creative understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, http://www.catocreative.com and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your legal rights.

For the purposes of the General Data Protection Regulation (GDPR) and relevant legislation, the Data Controller is CATO Creative Limited. For any issues relating to data protection the person responsible is Mark Barratt.

2. Changes to this Policy

From time to time we may change this policy and any changes will be posted on the website. You will be deemed to have accepted the terms of the Privacy Policy on your first use of the website following the alterations. We recommend that you check this page regularly to keep up-to-date.

3. Who we are and how to contact us

CATO Creative Limited is registered under Company Registration Number 08024009. Our registered office address is International House, 142 Cromwell Road, Kensington, London SW7 4EF. We are registered with the Information Commissioner’s Office (ICO) for data protection reference number A8372333

If you have any concerns about how we handle your data, you can contact the Data Controller by email to hello@catocreative.com or you can formally raise a complaint to the ICO directly on 0303 123 1113, or see the options for reporting issues at https://ico.org.uk/concerns

4. What personal data do we collect?

Information that you provide to us is retained and processed in accordance with UK data protection legislation.

The types of data CATO Creative holds includes personal information such as your name, contact details and address. Data we process may relate to the following categories of personnel:

Clients
Employees or other workers
Suppliers
Professional Advisors and Consultants
Enquirers and Complainants

5. Where do we collect data from?

We collect your data from the following interactions with us:

- Blog

If you comment on our blog posts we may record and publish your name. Details about your device may also be collated by us and/or third parties. Data is on the grounds of being legitimate to our business interests. You can request that personal data is not published.

- Contact us

When you submit a query to us through the website we collect details of your name, phone number and email, as well as the message you submit. This is so that we can contact you and provide details of our services to you and deal with general company enquiries. Data is held on the grounds of being legitimate to our business interests.

- Emails

We retain copies of emails that you send to us on our servers. Your personal information will be held by us in accordance with this Privacy Policy and will be on the basis of being legitimate to our business interests.

- Newsletter/marketing

From time to time we may contact you to provide details of services that may be of interest to you including Newsletters by email and details from partners we work with. Data is processed on the basis of valid consent obtained from you. If at any time you wish to update the information which we hold about you, or if you wish to stop receiving information or Newsletters from CATO Creative, please contact hello@catocreative.com. Your rights as a data subject are also listed below.

- Phone calls

Phone calls to us may be recorded (manually or electronically and in note form), and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.

- Social media

We use social media to engage with users and link to our Pinterest, Facebook, Twitter, Instagram, LinkedIn and Google+ pages. We do not keep any specific data that identifies you as an individual user, but hold details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.

Pinterest: https://policy.pinterest.com/en/privacy-policy

Facebook: https://www.facebook.com/privacy/explanation

Instagram: http://instagram.com/legal/privacy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Google+: https://policies.google.com/privacy?gl=uk

Twitter: https://www.twitter.com/en/privacy

If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third party provider may also retain details in accordance with their Privacy Policy.

- Children

We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.

- Information collected automatically

We automatically collect information from your browser when you visit our website. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us (see our Cookie Policy), and the referring website address.

- Information we get from other sources

From time to time, we may need to obtain information from third parties about you in order for us to provide services. Any data obtained will be held in accordance with this Privacy Policy.

6. How do we use your data?

We may use the information we collect from you in the following ways:

To administer and improve the website
To personalise the content and your experience of the website
To allow us to respond to communications sent to us
To administer a site feature
To send you email notifications which you have specifically requested
To send to you Newsletters and marketing communications, where expressly agreed
To provide third parties with statistical information about our users
To ask for feedback, or testimonials
To publish photographs representative of our services for promotional purposes
To deal with enquiries and complaints made by or about you relating to the website.

Users contacting our website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.

By providing us with your data, you warrant that you are over 13 years of age.

7. How is Information Shared?

We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as provided in this Privacy Policy.

We sometimes need to share personal data with others to provide our services and to comply with all aspects of data protection legislation. We recognise that individuals have a right to be informed about the collection and use of their personal data and that this should meet the principle of transparency under the GDPR.

- CATO Creative will share data in the following ways:

Disclosure

We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.

Photographs

We will ask for your consent to photographs and will only take identifying pictures if we have your permission to do so. Photos may be used for the marketing purposes of CATO Creative and may appear in printed promotional material, or on social media. You have the right to withdraw consent for photographs at any time by contacting us at hello@catocreative.com

Our Data Processors

We may use Data Processors who act on our instruction in relation to the management of personal data and they must adhere to all data protection laws and regulations. This includes 3rd parties that we use to supply our services. They are provided with personal data on a need-to-know basis and must follow our data security procedures as appropriate.

We will ensure that Data Processors we use only operate on our written instructions and comply with their obligations under the GDPR (General Data Protection Regulation) and all other relevant data protection legislation as may be in force from time to time.

Marketing

We will only send you emails or other marketing communications where you have previously used our services or registered for our Newsletter or Blog and this will be on the basis of being legitimate to our business. You have the option to request that we remove your details from our mailings at any time by contacting us at hello@catocreative.com

Non-personally identifiable visitor information may be provided to third parties for marketing, advertising or other uses.

External links

Users of the website are advised that clicking on any external web link will take you away from our website and that your continued use will no longer be governed by this Privacy Policy, or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. CATO Creative and its owners cannot be held liable for any damages, or the consequences of visiting any external links.

Social media platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

CATO Creative uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.

Testimonials

We may ask you for a testimonial in relation to our services that may be used on our website or social media. Your full name and company may be used. Data is only published on the basis of valid consent obtained from you.

Payment processing

CATO Creative does not accept payment for services online and does not store or process payment data on our servers. We do not share financial details with 3rd parties.

Payments made directly to us do not require us to process your personal data and only transactional data will be held, both in our manual and electronic filing systems.

8. How long is data kept for?

We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.

9. What Security Measures do we take?

Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

We take appropriate steps to ensure a safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.

10. Where is Personal Data Stored?

Our website is hosted in the US and is compliant with the EU-US Privacy Shield. Any information that you supply to us may be stored and processed by servers located in the EEA or a country that provides adequate safeguards of data. Your data may be transferred in accordance with the relevant data protection laws.

11.What are Your Rights?

CATO Creative recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:

- Subject access requests

Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to hello@catocreative.com. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.

- Right to rectification

Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.

- Right to erasure

Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.

- Right to restrict processing

Data subjects have the right to rectification or erasure of personal data in the following circumstances:

Personal data is not accurate;
The processing of data is unlawful - data subjects may request that processing is restricted;
Data is required to exercise legal rights or defend legal claims;
Data is unlawful but there may be lawful grounds for processing, which override this right.

- Right to data portability

Data subjects have the right to obtain and request the transfer of their data to different service providers.

- Right to object

Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.

- Right not to be subject to decisions based on automated processing

We do not use any automated processing that results in any automated decision based on a data subject’s personal information.

- Using your rights

If you wish to invoke any of these rights, you should contact the person responsible for data protection by emailing us at hello@catocreative.com

12.Data Breaches

We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised.

If a data breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. All relevant breaches will be reported to the Information Commissioner’s Office (ICO), see Important Information below.

COOKIES POLICY

1. What are Cookies?

Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session cookies may be used to validate your access to different parts of the website.

2. Disabling Cookies

If you are uncomfortable with the use of cookies, you can disable cookies on your device by changing the settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or to tell you when a website tries to put a cookie on your device. You can also delete any cookies that are already stored on your device. However, please be aware that if you do delete and block all cookies from our website, parts of the site my not fully function.

3. How we use Cookies

The CATO Creative website uses cookies and widgets to help us identify and track visitors, their usage of the website, and their website access preferences. Cookies are a user’s identification card for our servers.

Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer or device. This complies with UK legislation which requires that explicit consent is given by users before reading files are left, or applied, on a user’s computer or device.

To the extent that cookies data constitutes personally identifiable information, we process such data on the basis of your consent.

4. Types of Cookies

Cookies may also be classed by the time that they are placed on a user’s device.

Persistent cookies - these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies - these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

Cookies are used for different purposes and these may fall into one of the below categories:

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
Some cookies may be unclassified.

5. Cookies we use

The Cookies we use are shown in this table below.

	
		COOKIE
		PROVIDER
		TYPE
		USE
		RETENTION PERIOD
	

	STATISTICS

		@@History/@@scrollj#
		catocreative.com
		HTML
		Unclassified 
		Persistent
	

		_ga
		catocreative.com/ Google Analytics
		HTML
		Statistical data on how user uses the website 
		2 years
	

		_gid
		catocreative.com/ Google Analytics
		HTML
		Registers unique ID for statistics on website use
		Session
	

		_gat
		catocreative.com/ Google Analytics
		HTML
		Used to throttle request rate
		Session
	
MARKETING

		collect
		Google-analytics.com
		Pixel
		Used to track visitors device & behaviour
		Session
	

		lidc
		LinkedIn
		HTTP
		Tracks use of embedded services
		Session
	
UNCLASSIFIED

		crumb
		catocreative.com
		HTTP
		Unclassified
		Session
	

		crumb
		catocreativecom.squarespace.com
		HTTP
		Unclassified
		Session
	

		ss_cid
		catocreative.com
		HTTP
		Unclassified
		2 years
	

		ss_cpvisit
		catocreative.com
		HTTP
		Unclassified
		2 years
	

		ss_cvisit
		catocreative.com
		HTTP
		Unclassified
		Session
	

		ss_cvr
		catocreative.com
		HTTP
		Unclassified
		2 years
	

		ss_cvt
		catocreative.com
		HTTP
		Unclassified
		Session
	

6. Consent to Cookies

If you accept the use of Cookies on this website, you consent to the processing of data about you by us and any third parties as identified above in accordance with this policy and our Privacy Policy. You have the right to withdraw your consent at any time by emailing us at hello@catocreative.com

7. Analytics

CATO Creative uses tracking software provided by Google Analytics to monitor its visitors, and to better understand how they use the site. See above table. The software will save a cookie to the user’s hard drive in order to track and monitor engagement and usage of the website. The cookie will not store, save or collect personal information.

Google’s privacy policy is available at http://www.google.com/privacy.html. Users may opt-out from having their data collected by disabling the tracking.

8. Further Information on Cookies

Guidelines for the processing and handling of data and use of Cookies is available from the Information Commissioner’s Office, the UK supervisory authority on data protection, see ico.org.uk.

Information is also available at www.ec.europa.eu/ipg/basics/legal/cookies/index_en.html

Legal Information

No Waiver

No failure or delay by us in exercising any of our rights in accordance with this Privacy Policy or our terms and conditions shall be deemed to be a waiver of that right, and no waiver of a breach of any provision of the Agreement shall be deemed to be a waiver of any subsequent breach of the same or any other provision.

Severance

If one or more of the provisions of this Privacy Policy or our terms and conditions is found to be unlawful, invalid or otherwise unenforceable, those provision(s) shall be deemed severed from the remainder of these terms and conditions and shall remain enforceable.

Third Party Rights

The terms of this Privacy Policy shall not confer rights on any third parties and accordingly the Contracts (Rights of Third Parties) Act shall not apply.

Jurisdiction and Governing Law

The terms of this Privacy Policy and all disputes, whether contractual or otherwise, arising out of or in connection with the policy are governed by and shall be construed in accordance with the laws of England and Wales and each party submits to the exclusive jurisdiction of the English courts.