1. Introduction

This privacy policy outlines how the partnership of Harvey Washington and Isaac Marshall, trading as Arcscribe ("we", "us", or "our"), collects, uses, and protects any personal data that you provide when you use our website or services.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement and UK data protection law.

The data controller is the partnership of Harvey Washington and Isaac Marshall, trading as Arcscribe. You can contact us regarding any data protection matters at: [email protected].

2. The Data We Collect

• Identity Data: Includes first name, last name, and business name.
• Contact Data: Includes billing address, email address, and telephone numbers.
• Financial Data: Includes bank account details for bank transfers. For card payments, we use Stripe as a third-party processor; we do not collect or store your full card details, only a secure token representing the transaction.
• Technical Data: Includes your Internet Protocol (IP) address, browser type and version, time zone setting and location, and other technology on the devices you use to access this website, as collected by our analytics provider.
• Usage Data: Includes information about how you use our website and services.

3. How We Use Your Data and Our Lawful Basis

We are required to have a valid lawful basis for using your personal data. We will use your data for the following purposes and under the following bases:

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

4. Data Sharing and Third Parties

We do not sell your personal data. We may have to share your personal data with the third parties set out below for the purposes detailed in the table above:

• Payment Processors: Stripe, for securely processing credit and debit card payments.
• Analytics Providers: Google Analytics, to help us understand website traffic and user behaviour.
• IT and System Administration Providers: Hosting providers and email providers that support our business operations.
• Professional Advisers: Including lawyers, accountants, and insurers who provide consultancy, banking, legal, and accounting services.
• HM Revenue & Customs (HMRC): and other authorities who require reporting of processing activities in certain circumstances.

5. International Transfers

Some of our external third parties (such as Google and Stripe) are based outside the United Kingdom, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are in place, such as using contracts approved by the UK authorities (like the International Data Transfer Agreement) or ensuring the country has been deemed to provide an adequate level of protection for personal data.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include, but are not limited to, SSL/TLS encryption for data in transit and access controls to our systems.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

• Client Data: We will retain data relating to client projects and financial transactions for a period of six years after the end of our business relationship, as required by UK tax law.
• Enquiry Data (non-clients): We will retain data from enquiries for up to 24 months before it is securely deleted.

8. Your Legal Rights

Under UK data protection law, you have rights regarding your personal data:

• Right of access: You have the right to request a copy of the information that we hold about you.
• Right of rectification: You have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten: In certain circumstances, you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing: Where certain conditions apply, you have a right to restrict the processing.
• Right of portability: You have the right to have the data we hold about you transferred to another organisation.
• Right to object: You have the right to object to certain types of processing, such as direct marketing.

To exercise any of these rights, please contact us at [email protected].

9. Cookies

Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer. In accordance with the Privacy and Electronic Communications Regulations (PECR), we will not set any non-essential cookies (such as those for analytics) unless you have provided your explicit consent to do so. You can manage your preferences at any time via our cookie consent tool.

10. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.