Here’s you’ll find all the necessary links to important documents and policies for everything pertaining to our services.
The purpose of this site is to offer nothing else other than important documentation for our service.
Last updated: 22 May 2018.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.
The GDPR imposes additional requirements upon companies to strengthen the security around, and enhance the protection of, personal data of EU residents.
Wibble Web Design LTD. identifies itself as a data processor and therefore we process data on behalf of a controller – our clients. As a client of Wibble, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner and that you are using processors, such as below, that are committed to handling the data in a compliant manner. In order to supply the services that we do, we engage with other processors and we adhere to article 28 when dealing with acting as a processor and interacting with other processors. They are detailed below.
Security of information and privacy are Wibble Web Design LTD.’s most important assets. It is in our greatest interest that you have confidence in how we handle your personal data.
We place a high importance on information security and we already comply with a number of standards that focus on it.
We will always comply with the GDPR as a processor and controller of data.
In our role as a data controller we are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.
In our role as a data processor, we are responsible for implementing appropriate technical and organisational measures to meet the requirements of GDPR, ensuring a level of information security appropriate to the risk, and acting in accordance with the relevant data controller’s instructions.
We are committed to safeguarding your privacy online. We will not knowingly support any use of your information which is illegal or which contravenes the laws or common practice in the country of your origin.
Wibble Web Design LTD is committed to ensuring that your privacy is protected and that there is transparency with regard to the processing of your information. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this statement.
We’ve revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including but not only:
We have also revised our Terms and Conditions to comply with the GDPR
Legal Basis for Processing – We have revised all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our GDPR obligations are met
Obtaining Consent – We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
Data Protection Impact Assessments (DPIA) – Where we process personal information that is considered high risk, we have developed stringent procedures for carrying out impact assessments that comply fully with the GDPR. We have implemented processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
Wibble Web Design LTD., as a web design and development company, is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have already put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
We will collect and look after your data for the purpose of delivering services and information to you that you have requested and to correspond with you about our Services. We will never pass your information to any external party outside of Wibble Web Design LTD. unless required by law to do so. We will never, ever, give, sell or lease your personal information to anyone outside of our organisation.
If you have subscribed to our services, signed up for the newsletter, survey or similar, we will include you on our mailing list for our regular newsletter and occasional news of our services.
You can opt out of this communication permanently at any time.
Wibble Web Design LTD. will always respect your rights that concern the protection of your personal data.
You have the right to be informed about the collection and use of your personal data.
We are obligated to provide you with the following information:
We do not need to provide you with privacy information if you already have them or if it would involve a disproportionate effort to provide it to you.
The information we provide to you will be always concise, transparent, intelligible, easily accessible, clear and easy to understand. We will, of course, be open to feedback on our documents if you feel there is scope for clarification.
We provide individuals with privacy information at the time we collect their personal data from them.
You have the right to access your personal data and supplementary information. This right allows you to be aware of and verify the lawfulness of the processing.
You have the right to obtain:
We are obligated to provide a copy of the information requested. We will verify the identity of the individual making the request, using “reasonable means”. If the request is made electronically, we will provide the information in a commonly used electronic format.
Personal data is inaccurate if it is incorrect or misleading as to any matter of fact. You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
When a request is made, we will verify the identity of the individual making the request, using ‘reasonable means’. If the request is made electronically, we will provide the information in a commonly used electronic format.
If we receive a request for rectification, we will take reasonable steps to confirm that the data is accurate and to rectify the data if necessary. We will also take into account the arguments and evidence provided by the data subject.
You have the right to have personal data erased. This is also known as the “right to be forgotten”.
The right is not absolute and only applies in certain circumstances.
We already have processes in place to ensure that we respond to a request for erasure.
If you no longer want to use our services and you want your personal information to be erased, you may request it by contacting us at any time.
Please note, we may not be able to honour these requests when they conflict with legal circumstances and requirements that we are obligated to fulfill.
We will explain this to you if and when such a conflict arises.
You have the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that we use your data. This is an alternative to requesting the erasure of your data (see above).
We have processes in place to ensure that we respond to a request for restriction without undue delay and within one month of receipt.
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
The right to data portability only applies:
We are obligated to provide the personal data in a structured, commonly used and machine readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.
The information provided is free of charge.
If you request it, we may be required to transmit the data directly to another organisation if this is technically feasible. However, we are not required to adopt or maintain processing systems that are technically compatible with other organisations.
Clarification: This pertains only to your personally identifiable data.
You have the right to object to:
You must have “grounds relating to your particular situation” in order to exercise your right to object to processing for research purposes.
We are obligated to halt processing personal data for direct marketing purposes as soon as we receive an objection.
Automated individual decision-making is a decision made by automated means without any human involvement. It does not have to involve profiling, although it often will do.
We do not currently use your personal data to make automatic decisions about you. If this changes in the future you will be notified.
You are always welcome to communicate with us about the exercise of your rights concerning the protection of your personal data.
We only accept written requests since we cannot deal with verbal requests immediately without first:
Your request should contain a detailed, accurate description of which right you want to exercise.
We will respond to your request without delay and at the latest within one month of receipt.
We will extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
We do not charge a fee to comply with your request.
We are fully committed to ensuring that we act in accordance with various global data protections laws as applicable, including GDPR, and will take seriously any data protection concerns you raise with us.
You have a right to lodge a complaint with a supervisory authority. For the detailed information, please see here:
Last updated: 14 May 2018.
Wibble Web Design LTD, as a web design and development company, has made information security and data privacy, foundational principles of every step we take.
We recognise the importance of passing regulations to advance information security and data privacy for citizens of the EU, and all citizens, regardless of their location.
We are firmly committed to GDPR compliance.
Our main services include, but are not limited to:
Web design & development
WordPress support and management
Custom WordPress development
This Privacy Notice is meant to help you understand what Personal Data we might collect, why we collect it, and what we do with it. It also describes the choices available to you with regard to the use of your Personal Data and how you can access and update this information.
We are committed to protecting the privacy of our websites visitors (“Visitor”), individuals/businesses that purchase our services (“Customer”) and individuals who register with our website or services (“User”).
We have adopted the following principles to govern its use, collection, and transmittal of Personal Data, except as specifically provided by this Policy or as required by applicable laws:
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Personal data is subject to the protection requirements set out in the GDPR.
Examples of data considered as personal data:
Examples of data not considered as personal data:
We collect and maintain information about our Customers and Users, which may include:
In order to communicate with us or to use our services, you may be prompted to provide certain personal data in the following ways:
Typically, the personal data you give us may include name and email address, and any personal details required to resolve any enquiries or complaints. Any information gathered from you through the means mentioned above may be transferred to our internal CRM system in order to provide a service or follow up on an enquiry. This data is only used for correspondence from Wibble Web Design LTD and to provide our services efficiently. This information is not sold or distributed, in any way, to third party providers.
When Customers or Users contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers or Users related to such support or service requests.
We use personal data provided by you to provide the services and for business purposes such as processing and fulfilling orders, marketing, and for other general purposes.
We will never share your personal data, or otherwise make your personal data available to any third parties for the purposes of marketing or targeting you. We will not sell, rent, or exchange your personal data with any third-parties. If, for whatever reason this needs to change in the future, we would never do so without your express permission.
We use your personal data we collect to:
Some of your personal data will be stored in out internal CRM system, this information is encrypted and has security features in place to protect against data breaches.
All of your Personal Data remain private and confidential. The security of your Personal Data is extremely important to us.
We follow generally accepted standards to protect personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
However, we adopt physical, technical, organisational and policy measures to ensure that your Personal Data are protected, including the prevention of their alteration, loss, damage, unauthorised processing or access, having regard to the nature of the Data, and the risks to which they are exposed.
We will never request your account credentials. You should never share your account information with anyone else, including your username and password. We recommend that you use a unique password for your appropriate accounts that you have with us on our various services, that is not in any way associated with other websites. You should check your account regularly to ensure that your Personal Data has not been tampered with or altered.
Any suspicious activity regarding your account, including automated messages from parties you cannot identify, should be reported to us using the contact information below.
We use various 3rd party services to the collection, management and processing of our data.
Our commitment to data protection and information privacy demands the use of 3rd party services that are also committed to the same end.
All our 3rd party services will be GDPR compliant and will themselves have their own applicable privacy policies.
All such 3rd parties and their relevant policies are listed at the end of this policy notice.
Where lawful to do so, and subject to your consent where required, we may communicate with you about our services. If you wish to unsubscribe from receiving these kind of communications, you may do so at any time. At the current time, we do not use our clients information to communicate any form of marketing or newsletter style information. This may change in the future and will be reflected here.
We do, however, avail of MailChimp to contact all clients regarding business specific events. Examples include: downtime, legal requirements, security issues, support opening hours. Although these can be unsubscribed to, we very much suggest that they aren’t as they mainly contain important account information.
Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session ID” cookies. Persistent cookies remain on your computer when you have gone offline, while session ID cookies are deleted as soon as you close your web browser.
We may use both session ID cookies and persistent cookies. For session ID cookies, once you close your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on your computer’s hard drive for an extended period of time.
In general, cookies are used to retain user preferences, store information, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
We absolutely cannot take responsibility for any interaction you have with 3rd parties or services that are not directly our own.
As our Customer or User, you have the right to:
It is important to note that you also have responsibilities when it comes to Data Protection.
One such important case is where you may request from us a copy of the information about the data we store. We are obliged to ensure that the request is legitimate and does in-fact originate from you.
In this regard, we will undertake steps in an attempt to verify the legitimacy of the request, before releasing such information. If you do not cooperate in this, or we cannot satisfiably verify legitimacy, we may not release such information in a timely manner. To act otherwise could represent a significant breach of privacy. As such, we request your full cooperation in this regard – any requests on our part to verify your request will be undertaken solely to protect against breach of your personal information.
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved.
We’ll do this where it is necessary or is based on your explicit consent.
Data Retention Period is the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period.
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
If none of these criteria apply, we commit to purging any Personal Data no later than 16 months following your latest interaction/exchange with our services.
We are required by law to be able to report sales and tax information for up to 10 years. In this case we must retain any pertinent information of these transaction. We will have no choice to but to refuse any requests to erase this type of information from our records as they are required by law.
We may change this Privacy Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this Privacy Notice for changes whenever you visit our websites.
We are a dedicated data controller of your personal data. We have Data Protection Officer you can reach any time by using the details below.
If you have any questions about this Privacy Notice or complaints about how we process your Personal Data and you want to contact our Data Protection Officer, you can do that by going to the Contact Us section of our websites or send email to firstname.lastname@example.org. Your issue will be resolved as quickly as possible.
Last updated: 5 June 2018.
We are sure you understand how important it is as a small business that you pay the invoices that we send you promptly. You agree to stick tight to the following payment schedule:
Our payment terms are 30 days net for invoices and 15 days net for Direct Debits. We accept payment by cheque, bank transfer or in cash in GBP. We only accept payment by Bank Transfer / PayPal / Stripe for other currencies. Because of the Money Laundering Regulations 2007 we do not accept payments in cash exceeding £500.
If payment is not made within the agreed payment terms, Wibble Web Design LTD. reserve the right to suspend all your services without notice. This can include email hosting, web hosting and DNS management plus any others. We also reserve the right to redirect your domain to wearewibble.com, put an account suspended message on your site or sell your domain to re-coup any loses incurred through the outstanding balance.
If there is an outstanding balance and requests for work are submitted, these will not be carried out until payment has been made. If there is an outstanding balance at the end of a project, we reserve the right to not transfer content, database, code, domains or any other files pertaining to the project until full payment has been made; we also reserve the right to not transfer domains, DNS management or provide access to your site to facilitate transfer until full payment is made.
Server Security & access
We do not provide FTP access / SFTP access / SSH access to the server to any third parties due to security and IP restrictions. We strive for 99.9% uptime, sometimes things outside our control happen and your site may be unavailable for a short period of time but we will do everything in our power to get your site back up and running ASAP. We do not allow third party developers access to our server or to the databases in any way. We do not identify as a standard web host, we are a managed hosting service so only offer restricted access to the server for security and IP reasons.
Any domains purchased by Wibble for a client will be registered by Wibble, however, the domain ownership can be transferred to you without a fee as long as there are no outstanding payments due to Wibble. We reserve the right to hold a domain in our name if an outstanding balance is present, once payment has been made, the domain will be transferred – without a fee. If domains are not confirmed to be renewed by the client before the expiry date there will be a recovery cost of £75+VAT to renew the domain after the expiry date, if possible.
We provide email hosting as a service to clients. We strive for 99.9% uptime, sometimes things outside our control happen and your email may be unavailable for a short period of time but we will do everything in our power to get your email back up and running ASAP. We do not provide personalised support for every client but have a support portal to guide you through set up etc.
We have a team of highly qualified support developers who can support your project if changes and developments are needed. The best way to avail of the Wibble support is through our support helpdesk – this will then create a support ticket that any of our staff can pick up. This is our recommended means of contact as your project manager may not be able to respond quickly if they are out of the office etc.
Support Service Level Agreement
We operate Monday – Friday 9am-4pm GMT excluding bank holidays. We aim to respond to all tickets within 1 working day and resolve within 5. If contact is made directly to a staff member of Wibble and not through our support channel, there will be no guarantee of when the response will be. We recommend using the support helpdesk for any issues with your services.
Wibble Support Package
This is the first level of support that covers: your hosting on Wibble’s VPS servers, automatic backups and off server storage, security patches and updates carried out by Wibble to ensure that your site is up-to-date and secure. We constantly scan and audit your site to check for vulnerabilities and will patch these issues as soon as they are detected. Any issues caused by updates to themes built by Wibble will be included in the support package. As part of the Wibble Support Package, we require DNS management to be transferred to us to help with resolving issues.
WordPress core updates
We take care of all core updates – if they are not critical, security updates we may not update for a little while to ensure bugs and issues have been patched. If a core update causes an issue with your site, we will spend one hour trying to fix this issue as part of the Wibble Support Package, if further fixes are required this will be billed at our hourly rate.
We will update all plugins as part of the Wibble Support Package, this generally takes place at the same time as the core updates. If a plugin update causes an issue with your site, we will spend one hour trying to fix this issue as part of the Wibble Rescue Package, if further fixes are required this will be billed at our hourly rate.
We do not offer refunds on any services that are provided by Wibble Web Design LTD.
By becoming or continuing to be a client of Wibble’s, you indicate and consent that you have read and agree to the Terms & Conditions listed and detailed on this page including the regulations and terms by processors that we use to deliver the services of Wibble. We reserve the right to changes our terms at any time.
If any part of this agreement is declared unenforceable or invalid, all remaining clauses in this agreement shall remain binding on the customer.