Cookie Policy

What are Cookies?

A Cookie is a small file which is downloaded to your device while browsing a website. These hold a modest amount of information specific to you that can be accesses either by your browser or the server.
This allows our server to identify you and tailor the site to the data you have been authorised to view. This file is neither a virus nor spyware.

Cookies have specific purposes depending on their intention. An Authentication Cookie for example will store a unique identification to allow the server to identify you once you have logged in

What are they used for?

Cookies allow servers to identify you between pages and visits, an example of this is an Authentication Cookie. When you sign in the server will automatically install a cookie assigning you an ID that is unique to your specific login.
As you browse different pages this identifciation is sent back to the server so you don't need to keep re-entering your login details everytime you change page.

What's in a Cookie?

A cookie is essentially a table of data containing keys and values. An example would be Firstname, John, Lastname, Smith
Each page you visit on the site will send this information back to the server to allow the server to identify the visitor

Types of Cookie?

There are three main types of cookies:

Session or Authentication - These are used by sites to keep you logged in and track information relevant to your session (such as items added to a shopping basket).
Perminant Cookies - These remain on your system after you have closed your browser. An example would be a "Remeber Me" feature that alows you to be automatically logged in.
Third Party Cookies - These are installed by third parties with the aim of collecting information to carry out research into behaviour, demographics, or for Analytics and Marketing.

Some Cookies are essential and without them the site simply can't function. Sites now based in the EU or targetting users in the EU are now required by law to disclose what cookies are in use and get consent for their use of cookies as well as offering an Opt-Out for non-essential cookies.

What cookies do we use?

We only use Authentication Cookies for this service. These meet the requirements for Essential Cookies and can't be opted out of.

These cookies are session only and an information contained in them will be destoyed when you close your browser.
By logging into this service you consent to the use of all essential cookies

Privacy Policy

Data Protection Policy

Willow Communications Ltd (Willow) needs to keep certain information on its customers, employees, suppliers and third parties to carry out the services it provides, to meet its objectives and to comply with legal obligations.

Willow is committed to ensuring any personal data will be dealt with in line with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2018.
To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

The aim of this policy is to ensure that everyone handling personal data is fully aware of their obligations and acts in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) requirements.
Before personal information is collected, Willow will consider whether it is necessary.
Willow will inform people whose information is gathered about the need for its retention, what it will be used for and who will hold the information.
Personal sensitive information will not be used apart from the exact purpose for which permission was given.

GPDR Principles

In line with the GDPR 2018 principles, Willow will ensure that personal data is:

collected, stored and processed in a fair, transparent and lawful manner
collected, stored and processed for a relevant and necessary purpose
stored in an accurate, up to date and secure manner
stored for no longer than is necessary

The definition of ‘processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.

Individual’s Rights

The individual has a variety of rights about the way their data is processed. These are as follows:

Where use of personal data requires consent, that consent may be withdrawn at any time
Where legitimate interest is relied upon to process data, the individual may ask for processing to stop at any time
The individual may request a copy of the data held on them
The individual may change or stop the way in which they are communicated with or in which their data is processed and if it is not required for the purpose for which the individual provided it, then it will be stopped
If the individual is not satisfied with the manner in which their data is processed then they can complain to the Office of the Information Commissioner

Processing Personal Data

There are six lawful bases for processing (that includes collecting) personal data set out in Article 6 of the GDPR. At least one must apply whenever personal data is processed. They are:

a) consent: the individual has given clear consent for the organisation to process their personal data for a specific purpose
b) contract: the processing is necessary for fulfilling a contract with an individual, or because specific steps need to be taken before a contract is entered into
c) legal obligation: the processing is necessary in order to comply with the law (not including contractual obligations)
d) vital interests: the processing is necessary to protect someone’s life
e) public task: the processing is necessary for performance of a task in the public interest or for official functions, and the task or function has a clear basis in law
f) legitimate interest: the processing is necessary for the legitimate interests of the organisation or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

What data is being collected?

To provide the service we may process the following information

Names
Phone Numbers (where relevant)
E-Mail Addresses
Digital Media including (but not limited to) Photos, Video and other types of data uploaded to the server by End Users
IP Addresses and Activity (For Auditing and Security)

Personal information is kept in the following formats:

Electronic
Paper

People within Willow who will process personal information are:

Employees

Responsibilities

The needs we have for processing personal data are as stated in this policy. Overall responsibility for personal data rests with the Board of Directors.

The Board of Directors is responsible for:

understanding and communicating obligations under the GDPR
identifying potential problem areas or risks
producing clear and effective procedures

All Directors, employees, customers, suppliers and relevant third parties who process personal information on behalf of Willow must ensure they not only understand but also act in line with this policy and the data protection principles.

Breach of this policy will result in disciplinary proceedings or other appropriate action.

Policy implementation

To meet our responsibilities Directors, employees, customers, suppliers and relevant third parties will:

Ensure any personal data is collected in a fair and lawful way
Explain why it is needed at the start
Ensure that only the minimum amount of information needed is collected and used
Ensure the information used is up to date and accurate
Review the length of time information is held
Ensure it is kept safely
Ensure the rights people have in relation to their personal data can be exercised

We will ensure that:

Everyone managing and handling personal information is trained to do so
Anyone wanting to make enquiries about handling personal information, whether an employee, customer, supplier or relevant third party, knows what to do
Any disclosure of personal data will be in line with our procedures.

Queries about handling personal information will be dealt with as promptly as possible.

How will the information be used?

The information will be used to enable users to create marketing and other digital services as well as providing a personalised login for user(s)

E-Mail Addresses will be used to send notifications from the service or to send status information and planned upgrades

Gathering and checking

Before personal information is collected, Willow will consider whether it is necessary.
Willow will inform people whose information is gathered about the need for its retention, what it will be used for and who will hold the information.
Personal sensitive information will not be used apart from the exact purpose for which permission was given.

How long will the data be stored for?

Willow will ensure that information is kept according to the legal retention period guidelines.

If a user decides they no longer require use of the service or their account or service is terminated we will delete any data we hold on them for this service

Data uploaded to this service can be deleted at anytime by the uploaded by logging into their account

Data Security

The Company will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:

password protection for information kept electronically
paper records kept in locked drawers/cabinets

Procedure in case of a breach

When a breach of data protection occurs, consideration will be given to reviewing practices. In addition Willow will consider whether the breach should be reported to the Information Commissioner and/or to any affected parties.

Subject access rights

Anyone whose personal information Willow processes has the right to know:

What information we hold and process about them
How to gain access to this information
How to keep it up to date
What we are doing to comply with the Act.

They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.
Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the Managing Director.
The individual’s right to access their information shall not adversely affect the rights and freedoms of others and they will not be able to access the personal data of third parties without the explicit consent of that third party.
We may also require proof of identity before access is granted.
Queries about handling personal information will be dealt with as quickly as possible but we will work towards providing it within the 40 days required by the Act from receiving the written request.