hellorocket is a division of inforocket, which in turn is a trading name for me! Patrick Robertshaw.
Data’s part of my business and rest assured that I take data privacy very seriously (goofy website headlines notwithstanding).
The text below sets out in moderately sober (and hopefully clear) legal language the policy which governs how I – as a trading entity – deal with data. The TLDR of it is that:
but do feel free to read the whole thing.
Patrick Robertshaw trading as inforocket – hereafter referred to as inforocket, we, us or our – needs to gather and process personal information about individuals for core business purposes, such as accounting, staff administration and marketing. Individuals can include customers, suppliers, contractors, business contacts, employees and other people the organisation has a relationship with, or may need to contact.
This policy explains how personal data is collected, stored, and handled in order for us to comply with our own organisation’s privacy and data protection standards – and to adhere to the European Union’s General Data Protection Regulation, which became law on 25 May 2018 as well as the UK's implementation of that law in the form of the Data Protection Act 2018.
This data protection policy ensures inforocket:
The General Data Protection Regulation describes how organisations — including inforocket — across all European member states must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. At the time of writing (June 2021) UK law on data protection follows GDPR principles per guidance published by the UK Information Commissioner's Office.
GDPR defines Personal Data as any information that can directly or indirectly identify an individual and includes: forename; surname; title; photo; address; email address; IP address; Location data; Cookies; and Profiling and Analytics data.
The Regulation also places much stronger controls on the processing of Special categories of personal data including: Race; Religion; Political opinions; Trade Union membership; Sexual orientation; Health information; Biometric data; and, Genetic data.
This policy applies to:
This policy applies to all data that inforocket holds relating to identifiable individuals, even if that information technically falls outside of the General Data Protection Regulation Act 2018. This can be made up of:
Identity Data including first name, surname, marital status, title, gender and photo.
Contact Data including business name, billing address, postcode; email address and telephone numbers.
Financial Data including bank account and payment card details.
Transaction Data including details about payments, invoices, and receipts between you and inforocket, and other details of products and services we have purchased from one another.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our services.
Profile Data includes your online username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, and our products or services.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Third Party Services Data includes account user names and passwords for email accounts, internet service providers, social media channels and File Transfer Protocol (FTP) access that you provide to inforocket in order to setup, control and maintain your internet presence.
inforocket collects data from you:
Directly when you contact us by telephone, email, or complete and submit any form on our website.
Indirectly when you take some action on our site (passive data).
We may also have personal data about you, if you:
Like almost all websites we also collect some data in the form of cookies.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small block of data placed on a user's computer or other device by a web browser while the user is browsing a website. Cookies enable websites to store stateful information (such as items added in the shopping cart in an online store) on the user’s device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers.
Cookies are used for useful and sometimes essential functions on the web. Most importantly, authentication cookies are most commonly used by web servers to tell whether the user has logged in or not, and with which account they are logged in. Without such a mechanism, the site would not know whether to send a page containing sensitive information or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by an attacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).
You can choose to accept or decline cookies. By default most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories — a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011. European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.
inforocket also uses some third party cookies for tracking and analytics services, such as Google Analytics. In addition we may link or embed elements which may bring third party cookies with them – for example YouTube videos, Vimeo videos or Google Fonts - into our site.
Third party organisations like these are Data Processors and have obligations to confirm to the European Union GDPR laws. The presence of third party cookies does not give inforocket access to any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to an individual.
inforocket does not sell advertising space, and as such does not employ third party advertising cookies.
As well as outlining our responsibilities to you when we store, handle or process your data in our work, this policy exists to protect inforocket from risks such as:
By transparently outlining our data handling policy here we aim to empower you to make an informed choice when you consent to us storing, handling or processing your data.
Anyone who works for, or with, inforocket has some responsibility for ensuring data is collected, stored and handled appropriately. Anyone that handles personal data must ensure that it is handled and processed in line with this policy and European data protection principles.
our general guidelines
The only people able to access data covered by this policy should be those who need it for their work. Data should not be shared informally. When access to confidential information is required, staff and contractors can request it from Patrick Robertshaw, Owner of inforocket.
Staff and contractors should keep all data secure, by taking sensible precautions and following the guidelines below:
inforocket will ensure that any staff and contractors working with or for us are made aware of these guidelines and have read them. We undertake to provide necessary support to any staff or contractor in understanding their responsibilities when handling data.
These rules describe how and where our data should be safely stored.
inforocket is primarily a digital business and printed data is extremely rare. In cases when data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored digitally but has been printed out for some reason:
When data is stored digitally, either on-site at inforocket, or on cloud-based systems it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
If you have any questions about storing data safely not covered above these can be directed to Patrick Robertshaw, Owner of inforocket.
We do not share your personal data with any third parties. However personal data is of no value to us unless inforocket can make use of it for our day-to-day core business purposes.
It is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
inforocket retains different types of data for different lengths of time.
Identity Data, Contact Data, Profile Data and Marketing & Communications Data: is stored for the length of time that an individual is a customer of, or a supplier to, inforocket.
Contact Data, Financial Data and Transaction Data: is stored for a minimum of seven years, in accordance with guidelines from the UK Government’s HM Revenue and Customs.
Technical Data and Usage Data: is mostly stored for a maximum of 7 months.
Google Data: is stored for 14 months. For more information, please see Google’s Support pages.
Third Party Services Data: is stored for the length of time that an individual is a customer of inforocket.
The law requires inforocket to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of our staff and contractors, who work with data, to ensure it is kept as accurate and up to date as possible.
All individuals who are the subject of personal data held by inforocket are entitled to:
If an individual contacts inforocket requesting this information, this is called a Subject Access Request.
You may request details of data which we hold about you under the EU’s General Data Protection Regulation. Subject Access Requests should be made by email to Patrick Robertshaw, Owner at email@example.com. In accordance with EU regulations, we aim to provide all the relevant data to you within 30 days and for no fee.
We will always verify the identity of anyone making a Subject Access Request before handing over anyinformation.
In certain circumstances, the EU General Data Protection Regulation allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, inforocket will disclose requested data. However, we will ensure the request is legitimate, seeking assistance from legal advisers where necessary.
This Policy was prepared by Patrick Robertshaw, Owner at inforocket and may be considered operational from 25 May 2018 onward.