Our Privacy Notice explains the way in which we collect, use, maintain, protect and disclose the personal information of the users of our website and all the products and services offered by Rubious Limited.
Who we are
Registered office address:
46 St. Nicholas Street
Registered as a data controller with the Information Commissioner’s Office (ICO), reference:
How we use your information
This Privacy Notice tells you what to expect when Rubious collects personal information about you when you interact with us offline or online. It also explains how we’ll store and handle that data, and keep it safe.
We only collect personal information such as your name, address, telephone number and email address when you provide it to us, or when you have given a third party permission to share your information with us.
We will only use the data captured for specific purposes in relation to the provision of services from Rubious, whether that’s as part of the Contact Us follow up process (contractual) or as part of the provision of that service (contractual).
If you have given consent using an opt-in process on our website, we may also use your information to keep you up to date with relevant services and useful updates. At all times recipients will be given the option to opt-out of communications and removed if requested.
This applies to information we collect about:
- People who use our services
- Job applicants and our current and former employees
- Visitors to our website
- Personal data via third party services
What information do we collect?
When you contact Rubious to supply a quotation, general enquiry or general request relating to an existing project Rubious may collect data online or offline. Rubious will request just enough information about you to enable us to respond to you and to provide you with a positive experience in any further communication we may have with you in order to fulfil your requirements.
Personally identifiable information would include:
- Company Name
When someone visits www.Rubious.co.uk we use the following third party services:
Google Analytics may collect basic information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Sharing your data
We will not share your information with any other organisation without having first obtained your clear consent.
We will never use your personal data if our legitimate business interests override your interests unless we have your explicit consent to do so, or are required to do so by law.
We will not use your data for any automatic profiling or decision making.
How we keep your information secure
Your information is only accessed by people who need it to perform their role. Your personal data is encrypted at rest and in transit as far as possible, we secure the information you submit through this site using ‘SSL’.
Information is collected using forms on Rubious’ website, are transmitted over SSL to our web server. Our website is hosted within the EEA in a data centre in the UK which has ISO 27001 Information Security accreditation. The data is also stored in backups of the website which are currently stored in the US and are encrypted. Backups are created on the server by a system process to disk and sent over SSL to Amazon S3 where they are stored. AWS has in place effective technical and organisational measures for data processors to secure personal data in accordance with the GDPR. They are encrypted during the send process and while stored in S3. Backups are stored in S3 for 30 days, at which point they are deleted.
Information you provide on our site may be transferred to our CRM and quotation platforms. In this case your information will be processed outside of the European Economic Area (EEA). Data transferred to outside the EEA still complies with security levels needed for GDPR.
In regards to data stored on Rubious’ website Content Management System (contact form enquiries), Rubious perform daily security scans to detect any potential breaches. Rubious also protect logins to the CMS from brute force attacks by blocking out suspicious users who attempt to log in too many times. Rubious keep an audit log of the changes that happen our own website, which cannot be modified or deleted by even an administrator user, so if a breach is suspected we can see what the malicious user did on the website
In relation to to data stored with sub-processors (Customer Relations and Quotation platforms) Rubious have reviewed security and GDPR compliance of these providers and conclude they meet the necessary requirements.
Within 72 hours of the breach being identified, Rubious will inform the Data Subject by telephone/email. An internal investigation will then take place to identify how the breach happened and what controls can be put into place. Rubious shall inform the Data Subject if any data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of the Data. In such case, Rubious will use reasonable endeavours to restore the data. The Data Subject will then be informed in writing of the outcome.
Rubious will also inform ICO within seventy two (72) hours), where the breach is likely to result in a high risk to the rights of such Data Subjects.
Your data and your rights
You have the right to request a copy of any data we may hold about you. We will ensure that it is transmitted to you in an easy to understand way. You will not be charged for this service, except in unfounded or excessive circumstances. We will require proof of your identification before we will allow access to any data. Additionally, you have the right to rectify, restrict and object to the data we hold about you, and to request that it is erased.
You may exercise these rights by sending an email to firstname.lastname@example.org
We will normally respond to any request we receive within one month of receiving it, and we will let you know if we are unable to fully comply with your request for a legitimate reason.
We keep our privacy notice under regular review. This privacy notice was last updated on 25th May, 2018.