PRIVACY POLICY

7Tieds is committed to handling personal, business and contractual data responsibly and in compliance with the UK Information Commissioner’s Office (ICO) and the General Data Protection Regulation (GDPR). This policy outlines our approach to data collection, storage, and preservation.

2. Data Collection

We collect personal and non-personal data only for lawful and specific purposes, ensuring transparency and fairness.

A. Types of Data Collected

  • Personal Data: Name, contact details, email address, payment information, IP address.
  • Sensitive Data: Only collected with explicit consent and when necessary (e.g., health data, biometric data).
  • Usage Data: Website interactions, preferences, and analytics.

B. Lawful Basis for Collection

Data collection is based on one or more of the following legal bases:

  • Consent: Explicit user consent for marketing or optional services.
  • Contractual Obligation: Required for fulfilling agreements with users.
  • Legal Compliance: To meet regulatory requirements.
  • Legitimate Interest: For business operations, fraud prevention, and service improvement.

C. Data Collection Methods

  • Online forms, account registration, cookies, third-party integrations, and direct communications.

3. Data Storage & Preservation

We ensure data is stored securely, retained only as long as necessary, and disposed of properly when no longer needed.

A. Data Retention Periods

  • Personal data is retained only for the period necessary to fulfill its original purpose.
  • Retention policies align with legal, contractual, and business requirements.
  • Data that is no longer required is securely deleted or anonymized.

B. Security Measures

  • Encryption for data in transit and at rest.
  • Access controls to limit data access to authorized personnel.
  • Regular audits and assessments to ensure compliance with ICO & GDPR standards.

C. Data Disposal

  • Personal data is permanently deleted or anonymized when no longer needed.
  • Secure erasure methods are used for digital data, and physical records are shredded.

4. User Rights & Compliance

Under the GDPR, users have the following rights:

  • Right to Access: Users can request a copy of their data.
  • Right to Rectification: Users can correct inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): Users can request data deletion.
  • Right to Restrict Processing: Users can limit how their data is used.
  • Right to Data Portability: Users can request their data in a machine-readable format.
  • Right to Object: Users can object to data processing for marketing or other purposes.
  • Right to Withdraw Consent: Users can withdraw consent at any time for data processing based on consent.

5. Third-Party Data Sharing

  • Data is only shared with trusted third parties (e.g., payment processors, cloud service providers) under strict agreements.
  • We do not sell personal data to third parties.
  • International data transfers comply with GDPR’s adequacy decisions and Standard Contractual Clauses (SCCs).

6. Policy Updates & Contact Information

This policy is reviewed regularly to ensure compliance with regulatory changes. Users will be notified of significant updates.