Data Security and Protection Policy
(A) Alkaline Solutions Limited trading as Popcorn email marketing
(B) Popcorn is a provider of email marketing and data processing services, in particular, the provision of marketing tools, management information, storage and support.
To fulfil our contractual obligations and in the legitimate interest of the day to day running of its business, Popcorn needs to collect, store, and process data, especially personal data for our users and our employees. We take the protection of this data very seriously because we understand the importance of this information to you.
As with information online, Popcorn cannot guarantee a 100% safety for the information. However, as a data processor working to best practice, we have in place safeguards to ensure that any personal data, as defined by the GDPR, that you give to us is protected.
- One of the ways we want to protect your data is at the point of collection, and as such our website is hosted on a leading, secure host site. Our software and databases are also separate from our website which gives your personal data are another level of protection if our website is ever compromised.
- Your account password is stored as encrypted versions using the hash method.
- Before we begin processing, we would carry out a Data Protection Impact Assessment to identify where risks to your data are present and implement necessary steps to mitigate these risks.
- Information risks assessments will be carried out regularly to allow us to implement appropriate organisational and technical security measures to protect the data we hold and the data we can access.
- Any and all information we collect are stored in a password protected UK based cloud storage, so none of the information can be accidentally seen by anyone.
- All data that is processed by our software are kept in separate databases so that no one can see data that is not relevant to the work they do. This separation also means that we have no access to our users contact data without explicit authorisation from them.
- We will not transfer data out of the European Economic Area, unless we have seen that the company and the country have data protection procedures that are compliant with the GDPR.
- To fulfil our contractual obligation to you, your personal data and your contacts’ data may need to be shared with developers and email managers who have links to third countries. To protect data, we ensure that these companies are GDPR compliant and any future company we work with will be required to meet the standards of the GDPR before any information is shared.
- Although we see purchase and order information, your credit card and payment information are not visible to us and only the necessary information to process payment are held securely by Stripe.
- Data will be held for the length of the agreement stipulates. After this period, the information will be reviewed to see if it is still relevant to processing in any way and may be destroyed.
- Database security is consistently reviewed, and updates are implemented as needed to maintain the safety of your personal data.
- If there are any breaches to our database that poses a likely risk to you and your fundamental rights, we will inform the Information Commissioner’s Office without undue delay. If is determined that the breach has a high risk to you and your rights, we would get in touch with you directly without undue delay.
- If a breach occurs, there will be relevant upgrades to the security of the database.
- We have a Data Protection Officer who is in charge of making sure that our information protection policy is adhered to and to assist with staff training, to help make sure your data is secure.
- If you have any questions about how your data is being kept and protected, you can contact our data protection officer Simon Washbrook by email at firstname.lastname@example.org
Release Date: 25th May, 2018