Privacy Policy

UK-Bright-Ideas LTD
11 Greenroyd Court,
Sutton In Craven,
Keighley,
North Yorkshire,
England, BD20 7NY

Tel: 0113 328 0606

Email: sales@xtardirect.co.uk

Company number 09526314

Information Collection and Use

UK-Bright-Ideas LTD is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. UK-Bright-Ideas LTD collects information from our users at a number of different points depending on how you use and interact with our website.

Cookies

We may use a number of different cookies on this website. For detailed cookie information please see our cookie policy.

Log File Analytics & Google Analytics

Our web server records IP addresses and writes these to log files that allow us to analyse visitor numbers on this website, track user’s movement around the website and from page to page, we use this information to see how visitors use and interact with our website.

Google Analytics is implemented on this website and collects various data points from visitors to the website. IP Addresses are used to distinguish visitor numbers to the website. Google Analytics will record the country you access this website from using your IP Address. Data gathered by Google Analytics allows us to analyse visitor numbers on this website, track user’s movement around the website and from page to page, we use this information see how visitors use and interact with our website. Google Analytics data is stored for a period of 26 months which allows us to build a year upon year picture of visitor numbers to our website.

Data gathered by Google Analytics may be stored outside of the European Union in line with its undertakings through the EU-US Privacy Shield Program. Further information can be found at https://policies.google.com/privacy/frameworks?hl=en&gl=de
You can find out more about Google’s position on privacy as regards its analytics service at https://support.google.com/analytics/answer/6004245?hl=en-GB

Contact Form & Email Submissions

If you submit an enquiry through our contact form or via email, that enquiry will be emailed to a mailbox monitored by employees of UK-Bright-Ideas LTD, the email is then stored securely on our email server which enables us to respond to your enquiry.

Your enquiry may be forwarded to one or multiple mailboxes within UK-Bright-Ideas LTD to ensure it is dealt with and acted upon by the apprioriate person. If you submit an enquiry through our contact form or via email a copy of that message will be stored on our web server and will be deleted after 14 days or once the enquiry is effectively dealt with.

SSL Encryption

This website utilises SSL encryption. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely.

Website Backups

This website is backed up on a regular basis for security and disaster recovery purposes. The backups are stored securely with Dropbox. Dropbox may store these backups outside of the European Union in line with its undertakings through the EU-US Privacy Shield Program. Further information can be found at https://www.dropbox.com/privacy

Website backups will be stored for a maximum of 30 days before being deleted.

Services & Contracts

When you order a product with UK-Bright-Ideas LTD, the company or individual details provided to us will be entered in to our accounting system. The details entered are Company or Individual Name, Contact Name, Contact Address, Contact Email Address.

It is important to note that accounting records relating to orders for products placed with UK-Bright-Ideas LTD will be stored for a period in line with U.K. tax and accounting regulations. This period is set by the U.K. Government and is currently 6 years, or longer if the records show a transaction that covers more than one accounting period.

Links to other websites

This website contains links to other websites. Please be aware that UK-Bright-Ideas LTD is not responsible for the privacy practices of such other websites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects information. This privacy statement applies solely to information collected by this website.

Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Notification of Changes

If we decide to change our privacy policy, we will post those changes on our website so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Cookies

This site uses cookies – small text files that are placed on your machine to help this website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

The cookies we set are all non-essential cookies that are used to collect information for making reports about how people use our website and to help us improve the site. The cookies collect information in an anonymous form.

The list below describe the cookies we use on this site and what we use them for. We currently place these cookies using Implied Consent – if you are not happy with the usage of cookies on this website, then you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)

First Party Cookies

These are cookies that are set by our website directly.

WooCommerce Cookies

To keep track of cart data, WooCommerce makes use of 3 cookies:

  • woocommerce_cart_hash
  • woocommerce_items_in_cart
  • wp_woocommerce_session_

The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

Third Party Cookies

These are cookies set on your computer or device by external websites whose services are used on this site.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Google Analytics
Cookie Name: _ga – Expires after 2 years – This cookie is used to distinguish users.

Cookie Name: _gid – Expires after 24 hours – This cookie is used to distinguish users.

Cookie Name: _gat – Expires after 1 minute – This cookie is used to throttle request rate.

We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy as regards its analytics service at https://support.google.com/analytics/answer/6004245?hl=en-GB

External Websites

This website contains links to other sites. Please be aware that Sledgehammer Engineering Press LTD is not responsible for the cookie policies of such other sites. We encourage our users to be aware when they leave our site and to read the cookie policies of each and every website that they visit. This cookie policy applies solely to this website.

Accessing & Updating Your Information

You have the right to access, update and delete your personal information. You retain all rights to your personal information and data and can access it at anytime. UK-Bright-Ideas LTD will take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information.

It is important to note that as stated in our privacy policy, there may be times, due to legal and regulatory requirements, that we are unable to delete your personal information, particularly in relation to orders placed with us.

If you would like to access your personal data or know what data UK-Bright-Ideas LTD holds about you, please contact us using the details below:

Phone: 0113 328 0606

Email: sales@xtardirect.co.uk

Write to us at:

UK-Bright-Ideas LTD
11 Greenroyd Court,
Sutton In Craven,
Keighley,
North Yorkshire,
England, BD20 7NY

We aim to acknowledge data access requests within five working days of receipt. We aim to fully respond to access requests within 30 days.

Credit Card Security Policies

PCI DSS 3.0

Version 1.0 – 07/04/2016

CONFIDENTIAL INFORMATION

This document is the property of UK-Bright-Ideas LTD; it contains information that is proprietary, confidential, or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to the above-named owner. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of UK-Bright-Ideas LTD.

 

Revision History

Changes Approving Manager Date
Initial Publication Christopher McLean 07/04/2016

 

Introduction

This document explains UK-Bright-Ideas LTD’s credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program.  UK-Bright-Ideas LTD management is committed to these security policies to protect information utilized by UK-Bright-Ideas LTD in attaining its business goals.  All employees are required to adhere to the policies described within this document.

Scope of Compliance

The PCI requirements apply to all systems that store, process, or transmit cardholder data.  Currently, UK-Bright-Ideas LTD does not store cardholder data in electronic format, nor does it process or transmit any cardholder data on their systems or premises.  Retention of cardholder data, if any, shall be limited to paper reports or receipts.

Due to the limited nature of the in-scope environment, this document is intended to meet the PCI requirements as defined in Self-Assessment Questionnaire (SAQ) A, ver. 3.0, released February, 2014.  Should UK-Bright-Ideas LTD implement additional acceptance channels, begin storing, processing, or transmitting cardholder data in electronic format, or otherwise become ineligible to validate compliance under SAQ A, it will be the responsibility of UK-Bright-Ideas LTD to determine the appropriate compliance criteria and implement additional policies and controls as needed.

Requirement 9:  Restrict Physical Access to Cardholder Data

Physically Secure all Media Containing Cardholder Data

Hard copy materials containing confidential or sensitive information (e.g., paper receipts, paper reports, faxes, etc.) are subject to the following storage guidelines:

All media must be physically secured. (PCI requirement 9.5)

Strict control must be maintained over the internal or external distribution of any kind of media containing cardholder data.  These controls shall include: (PCI requirement 9.6)

Media must be classified so the sensitivity of the data can be determined. (PCI Requirement 9.6.1)

Media must be sent by a secure carrier or other delivery method that can be accurately tracked. (PCI Requirement 9.6.2)

Any transfer of media must be explicitly approved by an appropriate member of management. (PCI Requirement 9.6.3)

Strict control must be maintained over the storage and accessibility of media containing cardholder data. (PCI Requirement 9.7)

Destruction of Data

All media containing cardholder data must be destroyed when no longer needed for business or legal reasons. (PCI requirement 9.8)

Hardcopy media must be destroyed by shredding, incineration or pulping so that cardholder data cannot be reconstructed. Any container storing information prior to destruction must be secured (locked) to prevent unauthorized access to the contents. (PCI requirement 9.8.1)

Requirement 12:  Maintain a Policy that Addresses Information Security for Employees and Contractors

Service Providers

UK-Bright-Ideas LTD shall implement and maintain policies and procedures to manage service providers. (PCI requirement 12.8)

This process must include the following:

  •  Maintain a list of service providers (PCI requirement 12.8.1)
  •  Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of the cardholder data the service providers possess (PCI requirement 12.8.2)
  •  Implement a process to perform proper due diligence prior to engaging a service provider (PCI requirement 12.8.3)
  •  Monitor service providers’ PCI DSS compliance status (PCI requirement 12.8.4)
  •  Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity. (PCI requirement 12.8.5)