Privacy Policy

Who we are

Our website address is: https://dandcsupplies.co.uk wholly owned by D & C Supplies Ltd. The website platform is hosted by Bytemark, the Cloud Hosting company and run by Projects Point, which is owned by the Get the Point Ltd.

What personal data we collect and why we collect it

Comments

Customer comments are disabled.

Media

No customer media can be uploaded to the website, but if a client’s exif data is attached to an image, potentially location information could be revealed.

Contact forms

We collect a minimum of personally identifiable information for the purposes of establishing contact with a customer. We delete the server copy as quickly as practical, or within the month.

Cookies

Cookies are used exclusively for account holders.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

We use Google Analytics and WordPress.com to gather depersonalised / anonymised statistics.

We have accepted the default data retention period set by both organisations.

The website uses JetPack.

How long we retain your data

For users that register on our website (if any), we also store the information they provide in their user public profile – users will want to take care not to publish more personally identifiable information than is necessary.

All users can see, edit, or delete their personal information at any time (but cannot change their username).

Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments and contact info may be checked through an automated spam detection service.

Your contact information

craig@dandcsupplies.co.uk

Additional information

How we protect your data

GTP Ltd use strong passwords and 2 factor authentication to access cloud services.

Our websites and email are secured by SSL,  website security certificates are issued by LetsEncrypt.

Our servers are run on a cloud platform in the United Kingdom, with Bytemark in a data centre in York.

The operating system keeps an eye on connections and will blacklist suspicious traffic.

Projects Point monitors system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities.

Projects Point uses a number of tools to keep our sites protected from hackers, that automatically throttle or ban certain IP addresses and fraudulent attempts to login.

Projects Point also restricts outgoing connections to only trusted sites, using a firewall, which can be helpful in the event of one our sites being compromised.

Projects Point keeps all our plugins up to date, and at intervals run software audits to identify known problems.

We employ trusted software that is actively developed and supported in the Open Source community.

Projects Point oversees a triple backup regime, whereby a snapshot of the server is taken daily. This retained for 4 days. We also take daily and weekly snapshots of the files and databases, with data retained over a period 10 weeks. Finally we run an incremental backup daily, which is auto pruned over a period of around 3-4 months.

What data breach procedures we have in place

We assess the risk of the incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website. Having established the risk (likelihood of harm X magnitude of impact), we will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function while assessing the impact on user’s personal data. If a personal data breach should occur, we would inform website owners first and discuss plans to inform their users of the breach.

What third parties we receive data from

See Analytics above.

What automated decision making and/or profiling we do with user data

None.

Industry regulatory disclosure requirements

Get the Point Ltd is registered with the UK ICO.