Calico UK takes your data privacy seriously. In order to provide you with our services we collect and use personal data which means that we are a ‘Data Controller’ and we are responsible for and committed to complying with Data Protection Laws and the UK General Data Protection Regulations (UK GDPR) and any subsequent regulation.
In this Privacy Notice, we want to inform you about what information we collect, how we use it and what rights individuals have in relation to the collection and processing of their personal data.
Our Contact Details:
27 High Street, Cromarty, Ross-shire, IV11 8YR
Tel: 01381 600580
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact using the above details.
Whose Personal data do we collect and process?
In the course of our business, we generally process information about our clients, suppliers, professional advisors or individuals making enquiries about our services.
We do not offer our services or process data related to Children.
What personal data does Calico UK Limited collect and process?
We collect the following types of data:
Special Categories of Personal Data that we collect:
We do not collect or hold special categories of personal data.
How we collect your information
In most cases we collect your data directly from you. We collect data and process it when you:
We also receive your data indirectly from the following sources:
Please Remember: Where you provide any of this information relating to or on behalf of another individual such as a nominated deliver contact, you must remember to ensure that you have the consent of the individual and provide them with a copy of or access to this Privacy Notice.
Why we do we collect your information?
Where we collect and process personal data, we must identify both the purpose and our legal basis for doing this. There are 6 possible legal bases for us to do that which are:
Consent – where we have consent from you to the processing of your personal data for one or more specific purpose.
Contract – where the processing is necessary for the performance of a contract or a potential contract of service with you.
Legal Obligation – The processing is necessary for compliance with our legal obligations.
Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person.
Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate Interests - Where the processing is necessary for the purposes of the legitimate interests pursued by us, except where those interests are overridden by your interests or fundamental rights and freedoms.
Our various reasons and legal basis for the information we collect, and process is detailed below:
Why We process your data (our purpose)
Our Lawful Basis
To understand your requirements prior to entering into a contract of service with you
The processing is necessary for the performance of an anticipated Contract
To understand your requirements to ensure that any contract of service meets your needs
The processing is necessary for the performance of a Contract with you
To fulfil our contract with you and provide you with the agreed services therein
The processing is necessary for the performance of our Contract with you
To manage or host user accounts
The processing is necessary for us to deliver our Contract of service
To manage our business operations and comply with any internal policies and procedures
It is in our legitimate interests to use your personal information to ensure that we provide and adapt our services
To notify you about updates and changes to our business or service
It is in our Legitimate Interests to use your personal information to keep you informed about any changes that may affect you
For Email Marketing of similar services to existing customers
It is in our legitimate interests to use your personal information for marketing purposes where the services being marketed are relevant to you.
For electronic Marketing of services to potential new customers at incorporated companies
It is in our Legitimate Interests to use personal business email addresses for marketing purposes to incorporated firms where we can support individual’s rights
For electronic Marketing of services to potential new individual customers or sole traders
We rely on Consent for direct marketing to individuals or sole traders who are potential new customers
To comply with our legal obligations, law enforcement, court and regulatory bodies requirements
To comply with our Legal Obligations
To identify and prevent fraud
It is in our Legitimate Interests to act as a responsible business
Where we rely on your consent you have the right to withdraw this consent at any time by contacting us.
Legitimate Interests - Where the processing of personal data is based on our Legitimate Interests, it is to deliver and improve on our service and security and maintain accurate records. It is also in an aim to prevent fraud or illegal activity in favour of the wellbeing of our customers, shareholders and our employees.
We may send you details of similar services to those you have enquired about or purchased from us previously. You can opt out of receiving this information from us at any time by contacting us at the above address or clicking ‘unsubscribe’ on any messages you may receive.
We will never share or sell your information to any other party for marketing purposes.
You will always have the right to object to any direct marketing from us. Please contact us using the details at the beginning of this notice to do so at any time.
Who we share your information with?
From time to time we may share your personal information with the following third parties for the purposes set out above:
We are registry operators and when you purchase a domain, we register your domain on behalf of registry authorities. To do this we share your contact details. This information can appear on the ‘Whois’ server and be available on the internet as having purchase the domain name. If you do not wish these details to be made public, please contact us using the details at the beginning of this notice. You can find the details of the Registry Authorities here:
International data transfers
With today’s modern technology, some recipients of your personal data can be located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we ensure that there are appropriate safeguards in place.
We can use software processors and platforms which can share data outside of the UK. We always review our providers to ensure that additional safeguards are in place including Adequacy decisions and where relevant Standard (or Model) Contract Clauses.
Automated decision-making or Profiling
We do not process personal data for automated decision making or profiling.
How Long do we keep personal data for?
The following details the criteria used to establish the retention period set out within our policy.
Where it is still necessary for the provision of our Services
This includes the duration of any contract for services we have with you and for a period of 7 years after the end of any contract with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Where required by Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data regarding pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.
Your Rights as a data subject
As a data subject, you have rights in relation to your personal data. These are:
Access – You have the right to request details of personal information held or processed and to copies of this data. We do not usually charge for this service.
Rectification – You have the right to request that any information be updated or corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
Erasure – In some cases, you have the right to request that we erase your personal information.
Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances.
Object to Processing – In some cases, you have the right to object to our processing of your data.
Data Portability – You can also have the right to request that we transfer the data that we have collected to another organisation or directly to you.
You also have the Right to Withdraw Consent where you have previously provided this at any time.
To exercise any of these rights, or if you have a complaint please contact us using the details at the beginning of this notice. We aim to resolve any complaints quickly and directly with you, however if you do remain unhappy, you also have the right to complain to the Supervisory Authority.
Where you wish to report a complaint in relation to your personal data or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
Information Commissioners Office
Helpline: 0303 123 1113
Contractual Obligations and Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, employment and legal obligations) or can also result from contractual provisions. This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided. In those circumstances where the data is not provided or where certain rights are exercised, (Erasure, Object) there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled.
Cookies & similar technologies
To learn more about how to manage your browser cookie settings in general please see www.allaboutcookies.org.
When clicking on external links via our website, or finding us via external sources or social media platforms, you are visiting or redirected to the domain of those websites. We have no control over the privacy settings on these websites and the cookies they set, so please bear in mind that you should set your preferences in line with their own privacy policies and cookie controls separately.
We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.
We store customer records in cloud-based services and data centres which have controlled and restricted access. We operate records management and Information security policies which include detail on our physical security, cloud storage security monitoring, access control and password security measures. We also maintain and use anti-virus and malware software and firewalls.
Our role as a Data Processor
Where we register your new domain name with a registry authority as detailed above, in some cases we act as a data processor on their behalf. In these circumstances, they act as the ‘Data Controller’ in relation any personal data that they collect, store or process using these services.
As such where this is the case, we ensure that we have a Data Processor Agreement in place to ensure that the obligations under GDPR are met and understood by all parties.
In some cases we also act as a data processor for you, our client for example when we provide email hosting and database management. Where this is the case, please contact us for a copy of our Data Processor Agreement with you.
Changes to our Privacy Notice
Calico UK Limited keep our Privacy Notice under regular review. This Privacy Notice was last updated on 5th October 2021.