Pixelart General Data Protection Regulation
As we are all most likely aware now, new regulations on how companies use and store your data have come into effect as of May 2018. At Pixelart we are, and always have been, committed to protecting our customers’ personal information. We wanted to take a moment to explain the steps we take to keep your data safe and exactly how we use it.
We have a strict internal Security Policy at Pixelart, which everyone who works for the company has to adhere to at all times. It covers all the steps we take to protect access to customers personal data via our computers, devices and the software that we use. The policy makes it clear how and why we collect customers data and that safeguarding that data is always a top priority. It also details the company’s policy around responding to a potential breach of data to the DPO (Data Protection Officer) including reporting breaches as required under the new GDPR guidelines.
- Store data in safe and secure ways
- Ensuring consent procedures are always lawful
- Analysing and documenting the type of personal data we hold
- Checking procedures to ensure they cover all the rights of the individual
- Implementing/reviewing procedures to detect, report and investigate any personal data breaches
What Data Does Pixelart Collect?
We only ever collect data that we need to collect and store to run our business effectively. However, some of the data we do collect may be of a personally identifiable nature. In order to operate our business we need to collect three main types of data:
Customer contact data. This is usually the details of the person who orders our service, or is the contact point for billing queries. We typically need a name, address, email address and phone number. We also collect and store any purchasing data. We do not collect or store any credit card payment details as these are passed directly to our payment handler.
Data that is uploaded to Pixelart CMS to be shown on any of the screens that people are subscribing for. This may or may not contain personal data, depending on what our customers choose to upload to the system. Pixelart must make it clear that we do not mandate what data is uploaded to our system to allow full freedom for users, but we accept that for some customers they may choose to upload personally identifiable data. Hence, we treat this data in the same manner as any other personal data we collect from our customers.
Employee or potential employee data. Anyone who applies to work for Pixelart and those that do work for us already will have sent us details including resumés/CV’s which will inevitably contain very personal data. Employees also provide us with other personally identifiable data such as ID and bank details that we use to be able to pay them and pay taxes. As such we treat this data with the same sensitivity that we do our customers data.
Why Does Pixelart Collect This Data?
Essentially we need certain data in order to be able to deliver the service that our customers pay us for. But like most companies, we of course also may use this data to tell our customers more about the services we offer or to survey their opinions about us and our future plans to improve our offering. We have taken a number of steps to make it clear to anyone whose data we intend to hold, why we need the data and what it will be used for. We also give anyone the option to opt out and to let us know with ease whether or not they want us to use their personal data in this way.
Data Retention Policy
At Pixelart it is part of our Security policy that we only hold onto data for as long as is needed to manage our business or service a customer's account. We do this to be responsive to all our customers, past and present, and adhere to any legal requirements that may arise or be requested of us.
Data Protection & Our Suppliers
We work with a range of carefully vetted and selected suppliers in order to deliver the service we provide: such as the companies we use to host content or the companies that manage payments and subscription billing on our behalf. Where we identify that any of our suppliers may have access to data we ensure that we have an agreement with them in place and that they equally adhere to rigorous protection in line with GDPR. In most cases, our suppliers are established businesses so they are fully prepared and aware of the requirements that GDPR places on all of us.
Maintaining Full Transparency
Our aim is to be open and transparent with our customers and the data we hold for them. We equally wish to make it easy for our customers to see, edit and remove any data we hold on them at all times. We shall continue to regularly review our policies and welcome any feedback or suggestions our customers have.
If you want to check what data we hold about you now, you can send us a data request form to firstname.lastname@example.org.