Privacy and Cookies

Virtual Tapestry is brought to you by Needs To Be Seen Limited, a company incorporated and registered in England and Wales under company number 4775488 whose registered office address is at 23 Stanley Road, Alvaston, Derby, Derbyshire, DE24 0AB.

We are registered with the Information Commissioner's Office (ICO). Our Registration Number is Z1536788. For more information, visit the ICO website. The Data Controller is Needs to be Seen Ltd of 23 Stanley Road, Alvaston, Derby, DE24 0AB.

We care about the privacy of visitors to our website, and take steps to protect it. Please read this Privacy Policy carefully as it contains important information about how your personal data will be used. By registering or placing an order on this website, you consent to the collection, use and transfer of your information under the terms of this Policy.

Personal data that we collect from you

• Personal information that you provide about you, such as your name, email address, and telephone number, whenever you complete forms on the website, send feedback, post material, contact us for any reason and by any medium, share information via the website's social media functions, enter a competition, complete a survey or report a problem with the website, or a website we host for a client.
• Personal information that you provide when you make purchases through the website, such as your name, email address, telephone number and postal address.
• Personal information that you provide when you enter into a design, hosting or other contract with us, such as your name, email address, telephone number, postal address and product or service interests.
• We may retain a record of any contact you make with us.

Information from third parties

Occasionally we may receive information about you from other sources which will be added to the information already held about you in order for us to help supply our services and products to you.

Information that will be collected automatically

• Cookies: We may monitor your use of the website through the use of cookies and similar tracking devices. For example, we may monitor how many times you use the website and which pages you go to. This information helps us understand how visitors use our website. Most of this data will be aggregated or statistical, which means that we will not be able to identify you individually. For further information on the use of cookies on the website, please see the 'Use of cookies' section below.
• Telephone: Our telephone is provided by Voipfone (iNet Telecoms Ltd). Voipfone store information including caller telephone number, time, and call duration. Answer phone messages are also stored by Voipfone. We use Caller Line Identification (CLI) which shows the dialling telephone number.
• Device information: We may also collect information about your device each time you use the website. For example, we may collect information on the type of mobile device that you are using, the type of browser and operating system that you are using.
• Our website hosting server collects information about visitors to the website, for example the number of users viewing pages on the site, the IP address and time and date of visits to the website or a website we are hosting for a client.

How your personal data will be used

We will use your personal data for the following purposes:

• provide you with access our website and to supply the goods, services or information you have commissioned from us;
• enable us to bill you and to contact you regarding goods, services or information you have commissioned from us;
• to provide you with ongoing support;
• fraud prevention and detection;
• enable you to participate in interactive features of our service, when you choose to do so;
• to notify you occasionally about important changes or developments to the website or our services;
• marketing: where you have consented, we may use your information to let you know via email about other products and services which we offer which may be of interest to you. See the 'Marketing' section below for further details.

What is our lawful basis or ground for using your personal data?

• Contract: for us to provide the goods and services we have agreed to provide to you;
• Consent: where you have given us your clear consent to use your data for a specific purpose. You have the right to withdraw your consent at any point and more details can found in the 'Your Consent and Rights of Access' section below;
• Legal obligation: for us to comply with the law;
• Legitimate interest: where necessary for our interests or the interest of a third party, but only after carefully considering any effect this may have on you, and in particular your rights and freedoms.

Marketing

If you have provided your consent to receive newsletters, we use a third party provider, Mailchimp (The Rocket Science Group LLC), to deliver them. We gather statistics regarding email opening and clicks using industry standard technologies to help us monitor and improve our newsletter. For more information, please see Mailchimps's privacy notice here: mailchimp.com/legal/privacy/.

Disclosure of your personal data

We do not sell, rent, trade or otherwise disclose your data, except as described in this Policy.

We may disclose your personal data to:

• third parties in order to fulfil contracts, process credit card payments and provide support services on our behalf;
• other companies and organisations for the purposes of fraud protection;
• law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law.

In the unlikely event that our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data, for example:

• where you create an account on the website, this will be controlled by a password and email address that are unique to you;
• we will store your personal data on secure servers;
• paper documents are stored in a locked room;
• payment details are encrypted using SSL technology.
• email: we use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the Internet. If you have any particular concerns about your information, please contact us.

Transfers of data out of the EEA

Where we use data servers that may transfer data out of the EEA we will take steps to ensure adequate protections are in place to ensure the security of your information and give you remedies in the unlikely event of a security breach.

All information you provide to us is stored with secure data processors for the purposes of storing your data, accounting purposes and social media purposes for example.

Please note that we review all processors we utilise and ensure that there are adequate safeguards in place to protect your personal data, such as adherence to binding corporate rules or compliance with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: www.privacyshield.gov/welcome

Your Consent and Rights of Access

We will collect and store information about you with your consent. You provide us with your consent by choosing to provide your personal details as detailed above in the 'Personal data that we collect from you' section, when you use our service and by reading and agreeing to this Policy.

You can change your mind or remove or add your consent at any time.

• You have the right of access to your personal records or other information that we hold about you. There is no administrative charge for this service.
• You have the right to rectify any errors in the data we hold about you. If any data or information we hold about you is inaccurate or out of date, please contact us and we will correct this immediately.
• You have the right to have the data we hold about you erased.
• If you wish us to continue to store your information but keep your data separate and not process it in any way, please let us know.
• You have the right to ask us to stop processing your personal data for direct marketing purposes.
• You have the right to data portability. If you wish to obtain your data for your own purposes across different services, we will provide this information to you in a CSV file. There is no administrative charge for this service.

To revise your consent, access, amend or remove your records or assert any of your rights set out above, please contact us. You may need to provide proof of identity, and you will need to specify the personal data you want access to, amended or removed.

How long we will store your data

We retain a record of your data to provide you with a high quality of service. We will only retain your data in accordance with the law and we will only retain it for as long as is necessary. The data may be deleted in the following circumstances:

• You have withdrawn your consent to data processing;
• The original purpose for processing the data is no longer relevant or cannot be performed any more;
• The data is no longer up to date or accurate.

Use of cookies

Cookies are small files stored on a visitors computer. There are two types: 'session cookies', that are maintained for the duration of a browsing session, and then destroyed when the user closes the browser window, or 'persistent cookies', which are saved on a users' hard drive in order to identify either the user, or information about the user, the next time they log onto a website.

This website uses both session cookies only.

Links to third party websites

Links to third party websites on this website are provided solely for your convenience. If you use these links, you leave this website. We do not control and are not responsible for these websites or their content or availability. We do not endorse, accept any responsibility or liability for, or make any representations about them or any material found there, or any results that may be obtained from using them. These websites, apps and services will have their own privacy policies/terms of use. If you decide to access any of the third party websites linked to this website, please ensure that you review the relevant privacy policies/terms of use prior to providing any personal data to them.

Contact us

All comments, queries and requests relating to our use of your information are welcomed, please contact us.

Changes to our Privacy Policy

Any changes to our Privacy Policy in the future will be posted to the website and, where appropriate, through email notification. You should check this Policy frequently to ensure you are aware of the current applicable version.

This Privacy Policy was edited on 23rd May 2018.

Data Protection Supervisory Authority

The Data Protection Supervisory Authority in the UK is the Information Commissioner's Office. Should you have any complaints about the way we handle your data, you may direct them to the ICO. More information on the ICO can be found on their website here: ico.org.uk