Policies

Data Protection and Records Management Policy

GENERAL DATA PROTECTION REGULATIONS (DATE APPROVED: 9.03.23) STATEMENT FOR CLIENTS

Values Statement

Self Space prides itself on openness and transparency in all we do and the way we gather, process, store, transfer and dispose of data is no exception.

This policy will detail our roles in data management, how we meet our obligations, our expectations of those working with/for us and the actions to be taken should either our standards and/or any legal framework is broken.

This policy supports the following company values:

We keep clients at the heart of what we do
We say what needs to be said and
We take responsibility

Policy brief & purpose

This Self Space Policy details our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

2.1 Scope

This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.

2.2 Who is covered under the Data Protection Policy?

Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.

Policy elements

As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.

Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.

Our data will be:

Accurate and kept up-to-date

We recognise the need to retain a certain amount of data in order to perform our core business and to maintain our working practices and that the data must be up to date and accurate.

Data will be reviewed for relevance and accuracy on each occasion where the data provider re-commissions our work or there is a contractual obligation to re-engage with the data provider. Any amendments will be updated across our platforms accordingly.

Collected fairly and for lawful purposes only

Personal data is any information relating to an identified or identifiable individual. It does not include data where the identity has been removed (i.e. anonymous data). We may collect, use, store and transfer different kinds of personal data about you when we engage with you.

This may include:

Identity Data – title, first name, last name, date of birth or similar identifiers. If you interact with us through social media, this may include your social media username;
Contact Data – billing address, email address and telephone numbers;
Financial Data – bank account and payment card details;
Transaction Data – details about services we have provided to you;
Technical Data – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website;
Profile Data – your username and password, your preferences, feedback and
survey responses;
Geographical Data – information setting out your primary address to control the
use of location services in most mobile devices and desktop settings;
Usage Data – information about how you use our website and services;
Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Processed by the company within its legal and moral boundaries

UK data protection law requires us to have a “legal basis” for processing personal data. The legal bases we rely on are:

Performance of a contract we are about to enter into or have entered into with you;
Compliance with a legal or regulatory obligation;
Carrying out activities that are legitimate to our business interests;
Consent.

However, generally, we shall not rely on consent as a legal basis for processing personal data other than where the law requires it. Where our legal basis is consent, data providers have the right to withdraw consent any time.

Further details are retained in the Self Space Privacy Policy.

Protected against any unauthorized or illegal access by internal or external parties

All Self Space data sources are secured on platforms that are password protected and all those with access to data have enhanced DBS clearances in place.

Our data will not be:

Communicated informally
Stored for more than a specified amount of time
Self Space will weed any data from systems after the reason for the collection has expired and after 10 years in all other cases.
Transferred to organizations, states or countries that do not have adequate data protection policies
Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically we must:

Let people know which of their data is collected
Inform people about how we’ll process their data
Inform people about who has access to their information
Have provisions in cases of lost, corrupted or compromised data
Allow people to request that we modify, erase, reduce or correct data contained in our databases

Actions

To exercise data protection we’re committed to:

Restrict and monitor access to sensitive data
Develop transparent data collection procedures
Train employees in online privacy and security measures
Build secure networks to protect online data from cyberattacks
Establish clear procedures for reporting privacy breaches or data misuse
Include contract clauses or communicate statements on how we handle data
Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)

Our data protection provisions will appear on our website in the form of the Self Space privacy Policy.

Disciplinary Consequences

All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.

Further reading:

Data Protection Act of 1998 (UK)

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
intercom-device-id-*	8 months 26 days 1 hour	Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
intercom-id-*	8 months 26 days 1 hour	Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
intercom-session-*	7 days	Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gat_UA-112764771-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
_hjSession_*	30 minutes	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
attribution_user_id	1 year	This cookie is set by Typeform for usage statistics and is used in context with the website's pop-up questionnaires and messengering.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
rl_anonymous_id	never	RudderStack set this cookie to store statistical data of users' behaviour on the website, which can be used for internal analytics by the website operator.
rl_group_id	never	RudderStack sets this cookie to collect user activity on the web.
rl_group_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referrer	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referring_domain	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_user_id	never	RudderStack set this cookie to store a unique user ID for the Marketing/Tracking purpose.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_healcode_v3.0.1_session	session	No description
_hjIncludedInSessionSample_2242878	2 minutes	Description is currently not available.
AWSALBTG	7 days	No description available.
AWSALBTGCORS	7 days	No description available.
DEVICE_INFO	5 months 27 days	No description
intercom-device-id-ll7yqek1	8 months 26 days 1 hour	No description
intercom-id-ll7yqek1	8 months 26 days 1 hour	No description
intercom-session-ll7yqek1	7 days	No description
tf_respondent_cc	6 months	No description
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.