Doofus Ideas Ltd
London, UK EC1V 2NX
hello@dofusidea.com
Ph: +44.800.832.1522
For Project inquiries only:
june.harington@doofusidea.com
Ph: +44.155.657.0163
Company # 12339015
For Media & Tech Inquiries:
tech@doofusidea.com
press@doofusidea.com
Ph: +44.155.657.0163
Back

GDPR

Please review our GDPR Statement regularly as it is subject to intermittent amendment.

Compliance Overview

With GDPR and PECR coming into force as of 25th May, we have been working hard to consult with businesses to provide guidance to them on how they should best work towards compliance with these two EU regulations. Further to this, in the background, we have been working hard to bring ourselves into compliance well before the 25th of May.

As an accredited organisation, we already have the foundations of compliance pre-built as the technical and organisational measures required under this ISO accreditation are a good match to meet, and exceed, the test of “reasonable technical and organisational measures” required under the regulation. The purpose of ISO IEC 27001 is to help organisations to establish and maintain an information security management system (ISMS). An ISMS is a set of interrelated elements that organisations use to manage and control information security risks and to protect and preserve the confidentiality, integrity, and availability of information. These elements include all of the policies, procedures, processes, plans, practices, roles, responsibilities, resources, and structures that are used to manage security risks and to protect information. Links to the details of this accreditation (Certificate number, accreditation body etc.) are contained in our email signatures and on our websites alongside our 9001 and 13485 accreditations. The scope for this accreditation covers both our hosted and on-premise data systems.

Sub-processors

In line with the regulation, we are required to inform you of any other processors involved in the processing of your data. In our day to day operations, the vast majority of our information is stored on our internal systems here in our offices. We have sought and have recorded assurances from other processors, where they are used

Hosted Services

Where we provide hosting services to our clients we act as data processors on the behalf of our client who are data controllers under the terms of the regulation.

Data Controllers are required to seek assurances from data processors that data processing is being carried out in a manner where “reasonable technical and organisational measures” are being taken to secure the data being processed. Data Processors are required to provide this information on request. To this end, please see below the following series of statements to satisfy this requirement.

Organisational Measures

As an accredited organisation, we already have the foundations of compliance pre-built as the technical and organisational measures required under this ISO accreditation are a good match to meet, and exceed, the test of “reasonable technical and organisational measures” required under the regulation. We are also registered with the ICO as a controller and processor under the terms of the DPA (Data Protection Act).

We have engaged internal consultants who have created a GDPR compliance manual that contains all of the information required to demonstrate compliance to a regulator of Supervisory Authority should we be required to do so in line with the requirements of the regulation. Further to this, this manual acts as a GDPR Addendum to ISO27001:2013 with additional policies and records in line with the requirements of the regulation.

Access to the administrative portions of the hosting infrastructure is highly restricted, limited to a few people within the business.

Technical Measures

All hosted services are protected by multiple layers of protection. Every server is protected by a hardware firewall that only passes genuine traffic destined for specific services. Access to critical services is disabled and restricted as necessary.

Each server is further protected by an additional software firewall and physical DDOS appliance. The software firewall is configured to only allow relevant network services.

Further to this, each CMS website is protected by a software-based Web Application Firewall to provide protection against common vulnerabilities etc. We also employ intrusion detection systems on the servers that are monitored for unusual behaviour.

Website files, databases and other data relating to the website, underlying content management system files, version and so on are the sole responsibility of the customer.

Doofus Ideas is responsible for the security of the Operating System and firewall configurations alongside updating the WHM/CPanel software on the servers only.

Website Development and Design services

Where you have contracted Doofus Ideas to design or build a website or web application for you, we are neither data controllers nor data processors with respect to the function and data collection that you provide for on your site/application.

In these circumstances, the client is acting as a Data Controller and the company hosting the site is acting as a processor and the Controller should seek written assurances from the processor around the measures being taken to secure the data.

Technical IT Services

Where you have contracted Doofus Ideas to consult upon, build, and deploy internal IT systems, Doofus Ideas is not responsible for the way in which these systems are used and, as Data Controllers it is your responsibility to ensure that your IT systems and the organisational policies and procedures are compliant with the regulation. Doofus Ideas is willing to assist with this in whatever way possible.

3rd Party Hosted Services

Where you have taken advice from Blue Frontier who have recommended and/or referred you to a 3rd party processing service, such as O365 or Jungledisk, Doofus Ideas act as neither processors nor controllers with respect to these data processing systems. The Data Controller should seek written assurances from the processor around the measures being taken to secure the data.

Doofus Ideas Internal Systems

Organisational Measures

As an accredited organisation, we already have the foundations of compliance pre-built as the technical and organisational measures required under this ISO accreditation are a good match to meet, and exceed, the test of “reasonable technical and organisational measures” required under the regulation. We are also registered with the ICO as a controller and processor under the terms of the DPA (Data Protection Act).

We have engaged internal consultants who have created a GDPR compliance manual that contains all of the information required to demonstrate compliance to a regulator of Supervisory Authority should we be required to do so in line with the requirements of the regulation. Further to this, this manual acts as a GDPR Addendum to ISO27001:2013 with additional policies and records in line with the requirements of the regulation.

Data Collection Policy Statement

Doofus Ideas Ltd act, variously, as either/or data controller and data processor for our clients in line with the definitions in the regulation. Doofus Ideas Ltd is located at Kemp House, 160 City Road, London, UK EC1V 2NX with a phone number of 0800 832 1522 and a contact email address of hello@doofusidea.com. Our website with privacy policy is located at http://doofusidea.com.

We collect data in order to provide quotes to prospective clients and to fulfil contractual requirements. This information may be retained for up to 7 years for financial recording reasons as required by regulators. Further, data may be retained for the purposes of client communication, the marketing of similar services and for regulatory or legal defence reasons until such time as these details would no longer be relevant or required. If this contractually necessary information is not provided we will be unable to satisfactorily communicate with clients and so be unable to act effectively on any requests from such clients.

This data will be in the form of names, email addresses, telephone numbers and other contact details such as Instant Messaging account names, IP addresses and possibly other online identifiers.

We do not sell or transfer data onwards to other recipients, nor do we transfer data to third countries or international organisations that do not have an adequacy agreement.

Data subjects have the right to request objection, access, deletion, alteration, restriction of processing, withdrawal of consent, and data portability. We do not engage in profiling or automated decision making. To exercise these rights please contact us using the details provided above.

Data subjects also have a right to raise a complaint with the UK supervisory authority (the ICO) and their contact details can be found online.

Disclaimer

Nothing on this statement constitutes legal advice. Specialist legal advice should be taken in relation to specific circumstances.

The contents of this site are for general information purposes only. Whilst we endeavour to ensure that the information in this statement is correct, no warranty, express or implied, is given as to its accuracy and we do not accept any liability for error or omission.

We shall not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of, or inability to use, this site or any material contained in it, or from any action or decision taken as a result of using this site or any such material.

Doofus Ideas Ltd
Doofus Ideas Ltd  GDPR Cookie Compliance
Privacy Overview

What is this Privacy Policy for?
This privacy policy is for this website [http://doofusidea.com] and served by Doofus ideas the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirements for user privacy.

What information do we collect?
We may collect the following personal information:

Your IP address (in server logs)
Your name (where it is provided to us in the contact forms on this website)
Your email address (where it is provided to us in the contact forms on this website)
Your phone number (where it is provided to us in the contact forms on this website)
What do we use this information for?
Your IP address may be used for diagnostic and forensic reasons on our server or for the purposes of identifying your business name when browsing the site from a corporate network location.

We will use your name and other contact details for the purposes of answering inquiries.

How long will we keep your data?
Your IP address information will be retained in server logs for 30 days and then deleted.
Email address and contact information will be retained for 7 years following completion of any contractual engagement.
Contact information collected for newsletter purposes will be retained until removal is requested by the data subject.
How can I control the use of my data?
You have a wide range of rights as regards your personal data. Under current data protection laws, you have the right to request the following:

The right to the erasure of your data (the right to be forgotten).
The right to object (the right to have us stop using your data for a specified purpose)
The right to amendment (the right to have incorrect data amended)
The right to access (to be given a copy of all the data we hold on you in a portable format)
The right to the restriction of processing (to restrict the use of your data)
Rights related to automated processing (we do not conduct any automated processing)
If you have any questions at all about your data or Doofus Ideas data protection, please use the following contact information:
Email: hello@doofusidea.com

Phone: +44 8008321522

You are also entitled to raise a complaint with the ICO whose details can be found here: www.ico.org

How do we protect your data?
As an accredited organization, we already have the foundations of compliance pre-built as the technical and organizational measures required under this ISO accreditation are a good match to meet, and exceed, the test of “reasonable technical and organizational measures” required under the regulation. We are also registered with the ICO as a controller and processor under the terms of the DPA (Data Protection Act).

All our staff receives training on information security and data protection and we take this responsibility very seriously as an organization.

Use of Cookies
This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.

Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computer’s hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [http://www.google.com/privacy.html ].

Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email the submission process but advise users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products/services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe to you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

Email Newsletter
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through a prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies/people outside of the company that operates this website. Under the Data Protection Act 1998, you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates, and frequency of activity [this is by no far a comprehensive list].

This information is used to refine future email campaigns and supply the user with more relevant content based on their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.

External Links
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should, therefore, note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertiser’s website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may, in turn, be saved on your computer’s hard drive. Users should, therefore, note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms
Communication, engagement, and actions taken through external social media platforms that this website and its owners participate in are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons that help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Please do not hesitate in contacting us regarding this Privacy Policy at hello@doofusidea.com