Cookie policy

This website uses cookies to distinguish you from other users of the website.  This helps us to provide you with a good experience when you browse our website and also allows us to improve the website.

By continuing to browse the website, you are agreeing to our use of cookies as set out by this policy.

  1. Information about cookies

A cookie is a small file of letters and numbers that, if you agree to their use, is stored on your browser or the hard drive of your computer or device.  They contain information that is transferred to your hard drive.

The cookies that we could use can be split into the following categories:

  • Necessary cookies. These are cookies that are required for the operation of the website.  They include, for example, cookies that enable you to log into parts of the website.
  • Analytical cookies. These cookies allow us to recognise and count the number of visitors to the website and to see how they move around within the website when they are using it.  This helps us to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily.
  • Third party cookies. These are used to third parties (such as Google) to enable their services to work, for example Google Captcha on forms or Google Maps. Some third parties use their cookies for advertising purposes. We have no control over these cookies and provide a link to the third party’s privacy policy, where you may have the option to opt-out of their data collection.
  1. The cookies we use

We use the following cookies:

Category Cookie Name Purpose
Necessary Cookies PHPSESSID Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAccepted Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAcceptedGoogle Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Necessary Cookies cookiesAcceptedAnalytics Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Analytical cookies '_ga', '_gat', '_gid' Used to see how our website users navigate the site
Google 'NID' Used by Google for delivering Google Maps on the website

 

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control.  These cookies are likely to be analytical/performance cookies or targeting cookies.

  1. How you can block cookies

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

However, please be aware that blocking cookies may affect your ability to use the website.  In particular, you may not be able to access all or parts of the website or use the functionalities contained on it.

Privacy policy and Statement

 

We Prepare Ltd are committed to protecting and respecting your privacy.

This policy, together with any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting this website, you are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Act 1998 (Act), the data controller is Frank Phillips, a company registered in England and Wales under company no. 11195279. Registered Office: We Prepare Limited, TVP 2, 300 Thames Valley Park Drive, Reading, Berkshire, United Kingdom, RG6 1PT.

Our nominated representative for the purpose of the Act is Frank Phillips.

  1. Information we collect from you

We will collect and process the following categories of data about you:

  • Information you give us. This is information about you that you give us by filling in forms on the website (Site), interacting with the Site or by corresponding with us by phone, e-mail or otherwise.  It includes information you provide when you sign up to our newsletter service, make an enquiry about our products and services or log a support ticket.

The information you give us will include your name, address, e-mail address and phone number, as well as preliminary information about your business.

  • Information we collect about you. This is information that we collect automatically about your visit during your time on the Site.  It typically involves technical information and is often collected using small data files called “cookies”.  This information helps us to provide you with a good experience when you browse the Site and also to indicate where the Site requires improvement.

More information on how cookies work, what cookies we use and why can be found in our Cookie Policy (see above).

  • Information we receive from other sources. This is information that we receive about you if you use any of the other websites we operate.  In this case we will have informed you when we collected that data if we intend to share those data internally.  We will also have told you for what purpose we will share your data.

This also includes information that we receive from third parties, such as business partners, sub-contractors in technical services, advertising networks, analytics providers, search information providers and so on.  We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

Social Media platforms

We operate social media platforms. These platforms are, in most cases, operated outside of the EU and do not comply with current Data Privacy Act and subsequent GDPR provision although they may well conform to the U.S Privacy Shield protocol.

It is our process and protocol that any personally identifiable data gathered on these platforms is only in response to users interacting out of their own volition with our marketing pages. The contact is deemed as a legitimate business enquiry. The personal contact data is removed from the site once the enquiry is processed or the user has requested so.

Analytics

Our website uses Google Analytics to collect information about how visitors use our website. We anonymise this data at the point of collection and automatically delete user and event data that is older than two years.

  1. Uses made of the information

All information about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:

  • To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • To provide you with information about other goods and services that we, or our selected partners, offer that are similar or relevant to those that you have already purchased or enquired about, such contact will only be made by email or phone from which you can opt out at any time; To notify you about changes to our services;
  • To administer the Site and for internal operations, including troubleshooting, system and security updates, data analysis, testing, research, statistical and survey purposes;
  • To improve the Site to ensure that content is presented in the most effective manner for you and for your computer;
  • To allow you to participate in interactive features of our service, when you choose to do so;
  • As part of our efforts to keep the Site safe and secure;
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  • To comply with our record keeping and information storage obligations and policy (please see the “Where We Store Your Personal Data” section below for more details).

Information we receive from other sources.  We will combine this information with information you give to us and information we collect about you.  We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

  1. Disclosure of your information

We may share your information with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • Analytics and search engine providers that assist us in the improvement and optimisation of the Site;
  • Third party support services, such as, but not limited to project management tools, accounting systems and hosting data centre.
  • We will only disclose your personal information to third parties:
  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or
  • To protect our rights, property or safety, or those of our clients or others.
  1. Where we store your personal data

All information that you provide to us is stored on our, or our selected business partners’, secure servers, and we will take reasonable steps to protect your information in accordance with this policy, including (without limitation):

  • Installing a secure firewall;
  • Using anti-virus protection software;
  • Encrypting data; and
  • Carrying out regular back-ups.

All data sent via website forms is passed through a third-party relay service and deleted after 30 days.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to the Site; and any such transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Your rights

You have the following rights under law in respect of your personal information:

  • The right to be informed about the collection and use of your personal information;
  • The right of access to your information to verify the legality of our use of it;
  • The right to request that inaccurate or incomplete information about you is rectified;
  • The right to request the deletion or removal of your information where there is no further reason for us to use it (such as you have withdrawn your consent or we no longer provide your children with education);
  • The right to restrict the use of your information;
  • The right to obtain and reuse the information that we have about you for your own purposes;
  • The right to object to certain uses (such as for marketing purposes); and
  • The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.

Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given below.  In some cases, we are permitted to charge a small fee of no more than £10 in respect of our administrative costs.

If you would like to request the information we hold about you under a Subject Access Request (“SAR”) you can download the application template here.

If you feel that your rights have been breached in any way, you should contact Frank Philipps at the address given above or lodge an official complaint with the Information Commissioner’s Office via their website (https://ico.org.uk) or by writing to:Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire,  SK9 5AF.

The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

  1. Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page.  Please check back frequently to see any updates or changes to our privacy policy.

  1. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Frank Phillips, e-mail: frank@weprepare.co.uk

 

Data retention policy

The types of data we retain:

1) NEW ENQUIRIES

2) CLIENTS

3) STAFF

4) SUPPLIERS

5) MEMBERS OF THE PUBLIC NOT COVERED INTO THE CATEGORIES OF 1-4

 

1) NEW ENQUIRIES

Where it’s stored

We store your data in the following way:

  • Microsoft 365 – on our e-mail system
  • Mailgun – our website enquiry form relay service
  • Our internal cloud based server
  • Instagram

Who has access to the data

The Directors & staff of We Prepare Ltd

How long we keep it

We retain the data for 1 year or for as long as we continue to provide a legitimate business service relationship with the subject. Data is deleted earlier upon request by a subject invoking the Right to Erasure which we will act upon within 48 hours of the instruction.

The Deletion Process

Our cloud-based server has a hard‐delete mechanism – once deleted it is unrecoverable

Microsoft 365 is subject to the deletion process at Microsoft

Mailgun is deleted and removed from their servers after 30 days

Instagram – refer to Facebook’s own privacy policy for their data retention policy.

 

2) CLIENTS

Where it’s stored

We store your data in the following way:

– Our in-house database on our cloud-based servers

– Microsoft 365- our email system

‐ Mailgun – our website enquiry form relay service

‐ Instagram

‐ Internal network (firewall protected)

‐ HMRC

‐ Company and staff ‘phones

‐ Our accountants

‐ Company computers

‐ Analytics & advertisers

‐ Sage Accounting software

‐ Web Design and Support company

‐ Data Centre & domain registries

‐ Courier & Delivery Partner Companies

Who has access to the data

Access to each location by staff of the company and controlled and limited by Company Directors.

How long we keep it

We retain the data for all current clients for as long as they remain active or until requested and invoking the Right to Erasure. When you cease to become a client, we will retain your data on our e-mail and we undertake an annual data purge to remove it, this will be done at the time of our annual review of this Policy each October.

The Deletion Process

We hard‐delete all records according to the above stated methods except where we are required, by law and regulated bodies (such as HMRC) to retain the records for longer.

 

3) STAFF

We retain staff records indefinitely on our internal secure network (firewall protected) purely for the purpose of processing payroll and other legitimate employer correspondence. The information is shared only with HMRC, our bank, pension provider, and our accountancy practice and systems.

We retain employee data, both current and past, in accordance with regulation set by HMRC. We delete past employee details upon request and approval by HMRC.

 

4) SUPPLIERS

We retain supplier details on our internal secure network, accountancy practice, bank, email. Details are purged annually unless an ongoing business transaction is required.

 

5) MEMBERS OF THE PUBLIC NOT COVERED BY POINTS 1-4

We do not retain details relating to members of the public whatsoever.

 

Data breach policy

Definition of ‘breach’

A breach of data is defined as an unauthorised access or release of PII (personally identifiable information).

As a data controller

We will inform the ICO within 72 hours of becoming aware of a PII data breach.

We will inform potentially affected subjects and the process they must undertake.

As a data processor

We will notify the data controller as soon as we become aware of a data breach and provide as much support as we feel appropriate to assist them in their reporting obligations to the ICO.