Data Protection Policy

  1. Introduction

This Policy sets out the obligations of Adgective Graphic Design, incorporated with in ADG Consultancy Ltd a company registered in the United Kingdom under number 3536797, whose registered offices are at Floor 4 Studio 5-11, 5 Millbay Road, Plymouth, PL1 3LF, (“the Company”) regarding data protection and the rights of clients (“data subjects”) in respect of their personal data under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.

The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.

  1. The Data Protection Principles

This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
2.1 Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
2.2 Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
2.3 Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
2.4 Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
2.5 Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
2.6 Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

  1. The Rights of Data Subjects

The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details):
3.1 The right to be informed (Part 12).
3.2 The right of access (Part 13);
3.3 The right to rectification (Part 14);
3.4 The right to erasure (also known as the ‘right to be forgotten’) (Part 15);
3.5 The right to restrict processing (Part 16);
3.6 The right to data portability (Part 17);
3.7 The right to object (Part 18); and
3.8 Rights with respect to automated decision-making and profiling (Parts 19 and 20).

  1. Lawful, Fair, and Transparent Data Processing

4.1 The GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The GDPR states that processing of personal data shall be lawful if at least one of the following applies:
4.1.1 The data subject has given consent to the processing of their personal data for one or more specific purposes;
4.1.2 The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract with them;
4.1.3 The processing is necessary for compliance with a legal obligation to which the data controller is subject;
4.1.4 The processing is necessary to protect the vital interests of the data subject or of another natural person;
4.1.5 The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; or
4.1.6 The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

  1. Specified, Explicit, and Legitimate Purposes

5.1 The Company collects and processes the personal data set out in Part 21 of this Policy. This includes:
5.1.1 Personal data collected directly from data subjects; and
5.1.2 Personal data obtained from third parties.
5.2 The Company only collects, processes, and holds personal data for the specific purposes set out in Part 21 of this Policy (or for other purposes expressly permitted by the GDPR).
5.3 Data subjects are kept informed at all times of the purpose or purposes for which the Company uses their personal data. Please refer to Part 12 for more information on keeping data subjects informed.

  1. Adequate, Relevant, and Limited Data Processing

The Company will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed (or will be informed) as under Part 5, above, and as set out in Part 21, below.

  1. Accuracy of Data and Keeping Data Up-to-Date

7.1 The Company shall ensure that all personal data collected, processed, and held by it is kept accurate and up-to-date. This includes, but is not limited to, the rectification of personal data at the request of a data subject, as set out in Part 14, below.
7.2 The accuracy of personal data shall be checked when it is collected and at regular intervals thereafter. If any personal data is found to be inaccurate or out-of-date, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.

  1. Data Retention

8.1 The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
8.2 When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
8.3 For full details of the Company’s approach to data retention, including retention periods for specific personal data types held by the Company, please refer to our Data Retention Policy.

  1. Secure Processing

The Company shall ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Further details of the technical and organisational measures which shall be taken are provided in Parts 22 to 27 of this Policy.

  1. Accountability and Record-Keeping

10.1 The Company shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, the Company’s other data protection-related policies, and with the GDPR and other applicable data protection legislation.
10.2 The Company shall keep written internal records of all personal data collection, holding, and processing, which shall incorporate the following information:
10.2.1 The name and details of the Company and any applicable third-party data processors;
10.2.2 The purposes for which the Company collects, holds, and processes personal data;
10.2.3 Details of the categories of personal data collected, held, and processed by the Company, and the categories of data subject to which that personal data relates;
10.2.4 Details of any transfers of personal data to non-EEA countries including all mechanisms and security safeguards;
10.2.5 Details of how long personal data will be retained by the Company (please refer to the Company’s Data Retention Policy); and
10.2.6 Detailed descriptions of all technical and organisational measures taken by the Company to ensure the security of personal data.

  1. Data Protection Impact Assessments

11.1 The Company shall carry out Data Protection Impact Assessments for any and all new projects and/or new uses of personal data which involve the use of new technologies and the processing involved is likely to result in a high risk to the rights and freedoms of data subjects under the GDPR.
11.2 Data Protection Impact Assessments shall address the following:
11.2.1 The type(s) of personal data that will be collected, held, and processed;
11.2.2 The purpose(s) for which personal data is to be used;
11.2.3 The Company’s objectives;
11.2.4 How personal data is to be used;
11.2.5 The parties (internal and/or external) who are to be consulted;
11.2.6 The necessity and proportionality of the data processing with respect to the purpose(s) for which it is being processed;
11.2.7 Risks posed to data subjects;
11.2.8 Risks posed both within and to the Company; and
11.2.9 Proposed measures to minimise and handle identified risks.

  1. Keeping Data Subjects Informed

12.1 The Company shall provide the information set out in Part 12.2 to every data subject:
12.1.1 Where personal data is collected directly from data subjects, those data subjects will be informed of its purpose at the time of collection; and
12.1.2 Where personal data is obtained from a third party, the relevant data subjects will be informed of its purpose:
a) if the personal data is used to communicate with the data subject, when the first communication is made; or
b) if the personal data is to be transferred to another party, before that transfer is made; or
c) as soon as reasonably possible and in any event not more than one month after the personal data is obtained.
12.2 The following information shall be provided:
12.2.1 Details of the Company;
12.2.2 The purpose(s) for which the personal data is being collected and will be processed (as detailed in Part 21 of this Policy) and the legal basis justifying that collection and processing;
12.2.3 Where applicable, the legitimate interests upon which the Company is justifying its collection and processing of the personal data;
12.2.4 Where the personal data is not obtained directly from the data subject, the categories of personal data collected and processed;
12.2.5 Where the personal data is to be transferred to one or more third parties, details of those parties;
12.2.6 Where the personal data is to be transferred to a third party that is located outside of the European Economic Area (the “EEA”), details of that transfer, including but not limited to the safeguards in place (see Part 28 of this Policy for further details);
12.2.7 Details of data retention;
12.2.8 Details of the data subject’s rights under the GDPR;
12.2.9 Details of the data subject’s right to withdraw their consent to the Company’s processing of their personal data at any time;
12.2.10 Details of the data subject’s right to complain to the Information Commissioner’s Office (the “supervisory authority” under the GDPR);
12.2.11 Where applicable, details of any legal or contractual requirement or obligation necessitating the collection and processing of the personal data and details of any consequences of failing to provide it; and
12.2.12 Details of any automated decision-making or profiling that will take place using the personal data, including information on how decisions will be made, the significance of those decisions, and any consequences.

  1. Data Subject Access

13.1 Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why.
13.2 Data subjects wishing to make a SAR may do so in writing, using the Company’s Subject Access Request Form, or other written communication. SARs should be addressed to Adgective, Floor 4 Studio 5-11, 5 Millbay Road, Plymouth, PL1 3LF.
13.3 Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
13.4 The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

  1. Rectification of Personal Data

14.1 Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
14.2 The Company shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
14.3 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.

  1. Erasure of Personal Data

15.1 Data subjects have the right to request that the Company erases the personal data it holds about them in the following circumstances:
15.1.1 It is no longer necessary for the Company to hold that personal data with respect to the purpose(s) for which it was originally collected or processed;
15.1.2 The data subject wishes to withdraw their consent to the Company holding and processing their personal data;
15.1.3 The data subject objects to the Company holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so) (see Part 18 of this Policy for further details concerning the right to object);
15.1.4 The personal data has been processed unlawfully;
15.1.5 The personal data needs to be erased in order for the Company to comply with a particular legal obligation.
15.2 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
15.3 In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).

  1. Restriction of Personal Data Processing

16.1 Data subjects may request that the Company ceases processing the personal data it holds about them. If a data subject makes such a request, the Company shall retain only the amount of personal data concerning that data subject (if any) that is necessary to ensure that the personal data in question is not processed further.
16.2 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).

  1. Objections to Personal Data Processing

17.1 Data subjects have the right to object to the Company processing their personal data based on legitimate interests, direct marketing (including profiling).
17.2 Where a data subject objects to the Company processing their personal data based on its legitimate interests, the Company shall cease such processing immediately, unless it can be demonstrated that the Company’s legitimate grounds for such processing override the data subject’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims.
17.3 Where a data subject objects to the Company processing their personal data for direct marketing purposes, the Company shall cease such processing immediately

  1. Personal Data Collected, Held, and Processed

The following personal data is collected, held, and processed by the Company (for details of data retention, please refer to the Company’s Data Retention Policy):
Type of Data: Website Enquiries – Name, Company Name, Company Telephone Number, Company E-mail Address and Message
Purpose of Data: Serves as a contact method for clients as well as a method for collecting sales enquiries via the Company’s website

Type of Data: Client Contact Details – Name, Company Name, Company Address, Company Telephone Number, Company E-mail Address
Purpose of Data: Essential for conducting, managing and support of ongoing and future projects, client communication, finance and invoicing

Type of Data: Client Hosting Provider Login Details – Username, E-mail Address and Password
Purpose of Data: Essential for the support and maintenance of managed websites and user accounts

Type of Data: Client Social Media Profile Logins – Username, E-mail Address and Password
Purpose of Data: Essential for the support and maintenance of managed digital marketing and user accounts

Type of Data: Client E-mail Service Login Details – Username, E-mail Address and Password
Purpose of Data: Essential for the support and maintenance of managed mailboxes user accounts

  1. Data Security – Transferring Personal Data and Communications

The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving personal data:
19.1 All emails containing personal data must be encrypted using Office 365 Message Encryption (OME), built on Azure Rights Management (Azure RMS)
19.2 All emails containing personal data must be marked “confidential”;
19.3 Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
19.4 Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
19.5 Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted;
19.6 Where personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
19.7 Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient or addressed specifically to the recipient if delivered by post;
19.8 All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”.

  1. Data Security – Storage

The Company shall ensure that the following measures are taken with respect to the storage of personal data:
20.1 All electronic copies of personal data should be stored securely using passwords and Advanced Encryption Standard (AES) 256-bit encryption;
20.2 All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar;
20.3 All personal data stored electronically should be backed up at regular intervals with backups stored onsite and offsite. All backups should be encrypted using Advanced Encryption Standard (AES) 256-bit encryption. Recovery of data should be possible remotely in the event of a local area disaster or other disruption to normal access procedures;
20.4 No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise; and
20.5 No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).
20.6 When disposing of old computers or other equipment containing personal data, thorough steps should be taken to completely remove the data. This should include the deletion of all data from the device, performing a factory reset, and the physical destruction and secure disposal of hard drives, where appropriate.

  1. Data Security – Disposal

When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. Personal data stored in hardcopy form shall be cross-shredded and recycled or disposed of. For further information on the deletion and disposal of personal data, please refer to the Company’s Data Retention Policy.

  1. Data Security – Use of Personal Data

The Company shall ensure that the following measures are taken with respect to the use of personal data:
22.1 No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from the Company;
22.2 No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of the Company;
22.3 Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time;
22.4 If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it; and
22.5 Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of the Company to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.

  1. Data Security – IT Security

The Company shall ensure that the following measures are taken with respect to IT and information security: 23.1 All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols; 23.2 Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords; 23.3 All software (including, but not limited to, applications and operating systems) shall be kept up-to-date. The Company’s IT staff shall be responsible for installing any and all security-related updates as soon as reasonably and practically possible, unless there are valid technical reasons not to do so;

  1. Organisational Measures

The Company shall ensure that the following measures are taken with respect to IT and information security: 23.1 All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols; 23.2 Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords; 23.3 All software (including, but not limited to, applications and operating systems) shall be kept up-to-date. The Company’s IT staff shall be responsible for installing any and all security-related updates as soon as reasonably and practically possible, unless there are valid technical reasons not to do so;

The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
24.1 All employees, agents, contractors, or other parties working on behalf of the Company shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the GDPR and under this Policy, and shall be provided with a copy of this Policy;
24.2 Only employees, agents, sub-contractors, or other parties working on behalf of the Company that need access to, and use of, personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company;
24.3 All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately trained to do so;
24.4 All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately supervised;
24.5 All employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be required and encouraged to exercise care, caution, and discretion when discussing work-related matters that relate to personal data, whether in the workplace or otherwise;
24.6 Methods of collecting, holding, and processing personal data shall be regularly evaluated and reviewed;
24.7 All personal data held by the Company shall be reviewed periodically, as set out in the Company’s Data Retention Policy;
24.8 The performance of those employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed;
24.9 All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of the GDPR and this Policy by contract;
24.10 All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and the GDPR; and
24.11 Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

  1. Transferring Personal Data to a Country Outside the EEA

25.1 The Company may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside of the EEA.
25.2 The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:
25.2.1 The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
25.2.2 The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the GDPR); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
25.2.3 The transfer is made with the informed consent of the relevant data subject(s);
25.2.4 The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
25.2.5 The transfer is necessary for important public interest reasons;
25.2.6 The transfer is necessary for the conduct of legal claims;
25.2.7 The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
25.2.8 The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.

  1. Data Breach Notification

26.1 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Company must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
26.2 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 29.2) to the rights and freedoms of data subjects, the Company must ensure that all affected data subjects are informed of the breach directly and without undue delay.
26.3 Data breach notifications shall include the following information:
26.3.1 The categories and approximate number of data subjects concerned;
26.3.2 The categories and approximate number of personal data records concerned;
26.3.3 The name and contact details of a Company contact point where more information can be obtained;
26.3.4 The likely consequences of the breach;
26.3.5 Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

  1. Implementation of Policy

This Policy shall be deemed effective as of 1st May 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

 

Data Retention Policy

  1. Introduction

This Policy sets out the obligations of Adgective Graphic Design, incorporated with in ADG Consultancy Ltd a company registered in the United Kingdom under number 3536797, whose registered offices are at Floor 4 Studio 5-11, 5 Millbay Road, Plymouth, PL1 3LF, (“the Company”) regarding data protection and the rights of clients (“data subjects”) in respect of their personal data under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The GDPR also addresses “special category” personal data (also known as “sensitive” personal data). Such data includes, but is not necessarily limited to, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation.

Under the GDPR, personal data shall be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes (subject to the implementation of the appropriate technical and organisational measures required by the GDPR to protect that data).

In addition, the GDPR includes the right to erasure or “the right to be forgotten”. Data subjects have the right to have their personal data erased (and to prevent the processing of that personal data) in the following circumstances:
a) Where the personal data is no longer required for the purpose for which it was originally collected or processed (see above);
b) When the data subject withdraws their consent;
c) When the data subject objects to the processing of their personal data and the Company has no overriding legitimate interest;
d) When the personal data is processed unlawfully (i.e. in breach of the GDPR);
e) When the personal data has to be erased to comply with a legal obligation; or
f) Where the personal data is processed for the provision of information society services to a child.

This Policy sets out the type(s) of personal data held by the Company for managing client projects, the period(s) for which that personal data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

For further information on other aspects of data protection and compliance with the GDPR, please refer to the Company’s Data Protection Policy.

  1. Aims and Objectives

2.1 The primary aim of this Policy is to set out limits for the retention of personal data and to ensure that those limits, as well as further data subject rights to erasure, are complied with. By extension, this Policy aims to ensure that the Company complies fully with its obligations and the rights of data subjects under the GDPR.
2.2 In addition to safeguarding the rights of data subjects under the GDPR, by ensuring that excessive amounts of data are not retained by the Company, this Policy also aims to improve the speed and efficiency of managing data.

  1. Scope

3.1 This Policy applies to all personal data held by the Company and by third-party data processors processing personal data on the Company’s behalf.
3.2 Personal data, as held by the Company is stored in the following ways and in the following locations:
a) Third-party servers, operated by a GDPR-compliant cloud storage service provider;
b) Computers permanently located on the Company’s premises; and
c) Physical records stored on the Company’s premises.

  1. Data Subject Rights and Data Integrity

All personal data held by the Company is held in accordance with the requirements of the GDPR and data subjects’ rights thereunder, as set out in the Company’s Data Protection Policy.

4.1 Data subjects are kept fully informed of their rights, of what personal data the Company holds about them, how that personal data is used as set out in Parts 12 and 13 of the Company’s Data Protection Policy, and how long the Company will hold that personal data (or, if no fixed retention period can be determined, the criteria by which the retention of the data will be determined).
4.2 Data subjects are given control over their personal data held by the Company including the right to have incorrect data rectified, the right to request that their personal data be deleted or otherwise disposed of (notwithstanding the retention periods otherwise set by this Data Retention Policy), the right to restrict the Company’s use of their personal data, and further rights relating to automated decision-making and profiling.

  1. Technical and Organisational Data Security Measures

5.1 All personal data stored electronically should be backed up at regular intervals with backups stored onsite and offsite. All backups should be encrypted using Advanced Encryption Standard (AES) 256-bit encryption. Recovery of data should be possible remotely in the event of a local area disaster or other disruption to normal access procedures;
a) All emails containing personal data must be encrypted;
b) All emails containing personal data must be marked “confidential”;
c) Personal data may only be transmitted over secure networks;
d) Personal data may not be transmitted over a wireless network if there is a reasonable wired alternative;
e) Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself and associated temporary files should be deleted;
f) Where personal data is to be sent by facsimile transmission the recipient should be informed in advance and should be waiting to receive it;
g) Where personal data is to be transferred in hardcopy form, it should be passed directly to the recipient or addressed specifically to the recipient if delivered by post;
h) All personal data transferred physically should be transferred in a suitable container marked “confidential”;
i) No personal data may be shared informally and if access is required to any personal data, such access should be formally requested from the Company’s Data Protection Officer.
j) All hard copies of personal data, along with any electronic copies stored on physical media should be stored securely;
k) No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without authorisation;
l) Personal data must be handled with care at all times and should not be left unattended or on view;
m) Computers used to view personal data must always be locked before being left unattended;
n) No personal data should be stored on any mobile device, whether such device belongs to the Company or otherwise;
o) All personal data stored electronically should be backed up at regular intervals, with backups stored onsite and offsite. All backups should be encrypted;
p) All electronic copies of personal data should be stored securely using passwords and encryption;
q) All passwords used to protect personal data should be changed regularly and must be secure;
r) Under no circumstances should any passwords be written down or shared. If a password is forgotten, it must be reset using the applicable method;
s) All software should be kept up-to-date. Security-related updates should be installed as soon as reasonably possible after becoming available;
t) No software may be installed on any Company-owned computer or device without approval; and
u) Where personal data held by the Company is used for marketing purposes, the Company shall ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.

5.2 The following organisational measures are in place within the Company to protect the security of personal data. Please refer to Part 27 of the Company’s Data Protection Policy for further details:
a) All employees and other parties working on behalf of the Company shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the GDPR and under the Company’s Data Protection Policy;
b) Only employees and other parties working on behalf of the Company that need access to, and use of, personal data in order to perform their work shall have access to personal data held by the Company;
c) All employees and other parties working on behalf of the Company handling personal data will be appropriately trained to do so;
d) All employees and other parties working on behalf of the Company handling personal data will be appropriately supervised;
e) All employees and other parties working on behalf of the Company handling personal data should exercise care and caution when discussing any work relating to personal data at all times;
f) Methods of collecting, holding, and processing personal data shall be regularly evaluated and reviewed;
g) The performance of those employees and other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed;
h) All employees and other parties working on behalf of the Company handling personal data will be bound by contract to comply with the GDPR and the Company’s Data Protection Policy;
i) All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all relevant employees are held to the same conditions as those relevant employees of the Company arising out of the GDPR and the Company’s Data Protection Policy;
j) Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under the GDPR and/or the Company’s Data Protection Policy, that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

  1. Data Disposal

Upon the expiry of the data retention periods set out below in Part 7 of this Policy, or when a data subject exercises their right to have their personal data erased, personal data shall be deleted, destroyed, or otherwise disposed of as follows:
6.1 Personal data stored electronically (including any and all backups thereof) shall be deleted;
6.2 Personal data stored in hardcopy form shall be cross-shredded and recycled or disposed of.
6.3 When disposing of old computers or other equipment containing personal data, thorough steps should be taken to completely remove the data. This should include the deletion of all data from the device, performing a factory reset, and the physical destruction and secure disposal of hard drives, where appropriate.

  1. Data Retention

7.1 As stated above, and as required by law, the Company shall not retain any personal data for any longer than is necessary in light of the purpose(s) for which that data is collected, held, and processed.
7.2 Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed), as set out below.
7.3 When establishing and/or reviewing retention periods, the following shall be taken into account:
a) The objectives and requirements of the Company;
b) The type of personal data in question;
c) The purpose(s) for which the data in question is collected, held, and processed;
d) The Company’s legal basis for collecting, holding, and processing that data;
e) The category or categories of data subject to whom the data relates;
7.4 If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.
7.5 Notwithstanding the following defined retention periods, certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within the Company to do so (whether in response to a request by a data subject or otherwise).

Type of Data: Website Enquiries – Name, Company Name, Company Telephone Number, Company E-mail Address and Message
Purpose of Data: Serves as a contact method for clients as well as a method for collecting sales enquiries via the Company’s website
Review Period: Two years
Retention Period or Criteria: Indefinite – retained until no longer required

Type of Data: Client Contact Details – Name, Company Name, Company Address, Company Telephone Number, Company E-mail Address
Purpose of Data: Essential for conducting, managing and support of ongoing and future projects, client communication, finance and invoicing
Review Period: Two years
Retention Period or Criteria: Indefinite – retained until no longer required

Type of Data: Client Hosting Provider Login Details – Username, E-mail Address and Password Purpose of Data: Essential for the support and maintenance of managed websites and user accounts Review Period: Two years
Retention Period or Criteria: Indefinite – retained until no longer required

Type of Data: Client Social Media Profile Logins – Username, E-mail Address and Password
Purpose of Data: Essential for the support and maintenance of managed digital marketing and user accounts
Review Period: Two years
Retention Period or Criteria: Indefinite – retained until no longer required

Type of Data: Client E-mail Service Login Details – Username, E-mail Address and Password
Purpose of Data: Essential for the support and maintenance of managed mailboxes user accounts
Review Period: Two years
Retention Period or Criteria: Indefinite – retained until no longer required

  1. Implementation of Policy

This Policy shall be deemed effective as of 1st May 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

Terms and Conditions

The following terms and conditions apply to Adgective Graphic Design (“The Agency”) and its relationship with its clients and potential clients.

  1. General Terms & Conditions of Business

1.1 Quotes & Prices

1.1.1. All quotes/estimates are valid for 30 days from the date of submission.
1.1.2. Quotes/estimates are based on the information provided by the Client, including but not limited to detail on quantities, structure, scope and functionality. Any quote/estimate may therefore be subject to change should the client’s requirements change at any time.
1.1.3. Unless otherwise stated, photography, stock images, delivery, copywriting and VAT will be charged extra.
1.1.4. If the contract or hourly price has not been fixed for the term of a contract, our hourly rate of £60 will apply.
1.1.5. The Agency reserves the right to alter the hourly rate at any time as business needs dictate.
1.1.6. Quotes/estimates are based on the Agency’s current costs of production and unless otherwise agreed are subject to amendment on or at any time after acceptance to meet any rise or fall in such costs.
1.1.7. Any estimates given by The Agency as to the time of completion or performance of its services (whether completion of the whole or a part of those services) shall be estimates only and time shall not be of the essence.
1.1.8. Any stated timescale is reliant upon the client providing all required information/copy/images within the time set out at project initiation.

1.2 Methods

1.2.1. The Agency reserves the right to sub-contract the fulfilment of an order or any part thereof.
1.2.2. Any images supplied electronically will be incorporated into designs without charge provided that they are of suitable quality. All images need to be supplied as EPS illustrator files for logos and suitable Photoshop files (300dpi min) for pictures. Images sourced from external image libraries may incur additional licence/royalty charges payable by the Client.
1.2.3. Should the Client supply text, artwork or images, the Agency is not obliged to edit, check or guarantee the correctness thereof in any way whatsoever, and the end product shall be made at the entire risk of the Client.
1.2.4. The Agency shall be indemnified by the Client in respect of any claims, costs and expenses arising out of any libellous matter or any infringement of copyright, patent design or any other proprietary or personal rights contained in any material supplied by the Client. The indemnity shall extend to any amounts paid on a lawyer’s advice in settlement of any claim.
1.2.5. Origination and/or conceptual work and any copyright subsisting therein shall remain the property of the Agency unless otherwise agreed in writing with the Client.
1.2.6. The Client’s property and property supplied to the Agency on behalf of the Client, while it is in the possession of the Agency or in transit to or from the Client, will be deemed to be at Client’s risk unless otherwise agreed and the Client should insure accordingly.
1.2.7. The Agency may charge rent for storage of goods retained at Client’s request, or items left with the Agency before receipt of the order or after notification to the Client of completion of the work.
1.2.8. When required to expedite project delivery ahead of the time needed for proper production of a given deadline, the Agency shall not be liable for defects occasioned thereby. Should such delivery require payment of overtime wages, delivery charges or other additional costs, all such extras will be for the Client’s account.
1.2.9. The Agency shall not be required to use, print, upload or hold any matter which in its opinion is or may be of an illegal or libellous nature or an infringement of the proprietary or other rights of a third party.
1.2.10 The Agency will store artwork files for a maximum of 12 months from project completion. Archived file requests may be subject to a fee. Please be aware that unless instructed differently artwork files will be deleted after the initial 12 month period from completion of project.

1.3 Invoices & Payment

1.3.1. Payment must be made no more than 30 days after date of invoice unless otherwise agreed in writing in advance.
1.3.2. We understand and will exercise our statutory right to interest under the Late Payment Of Commercial Debts (Interest) Act 1998 amended by European Directive 2000/35/EC if we are not paid according to these terms.
1.3.3. All work remains copyrighted to the Agency until settlement of relevant fee account.
1.3.4. All invoices are subject to UK VAT at the current rate, unless a valid exemption certificate is provided.
1.3.5. All payments must be in UK Pounds Sterling.
1.3.6. All work completed after project inception will be billed as it is completed at the end of every calendar month as Work in Progress (WIP) until the conclusion of the project.
1.3.7. If the Agency incurs any costs as a result of the Client’s neglect or default, the Agency may charge those costs to the Client in addition to the contract price.
1.3.8. The Client shall pay for any preliminary work which is produced at his/her request, whether experimentally or otherwise. A 50% rejection fee is applicable on all designs executed by the Agency should the Client cancel their contract/order.
1.3.9. When payment is overdue, the Agency may suspend work, service and/or delivery without notice and without prejudice to any other legal remedy until due payment has been made. Furthermore, any work started but incomplete may be suspended and payment therefore becomes immediately due and payable, notwithstanding anything expressed herein, and any monies in respect of.
1.3.10. The Agency may require payment in advance, or a deposit of at least 50% of the quote/estimate total prior to instigating work on an order, particularly but not limited to the following situations: new clients; clients with a poor payment history; large, lengthy or complex projects. Where a deposit is required, the balance shall be due upon completion of the work, unless otherwise agreed in writing in advance.
1.3.11. If your payment is returned by the bank as unpaid for any reason, you will be liable for a charge of £50 for each occurrence.

1.4 Proofing

1.4.1. Proofs, pull samples, specimens, sketches, photographs, links or any representation, whether partial or total, of the finished article in whatever form may be submitted to the Client for approval.
1.4.2. After approval the Client shall have no claim against the Agency for errors in the exemplar as approved by them.

1.5 Insolvency

1.5.1. If the Client ceases to pay his debts in the ordinary course of business or cannot pay his debts as they become due or is deemed to be unable to pay its debts or have a winding-up petition issued against it or being a person who commits an act of bankruptcy or has a bankruptcy petition issued against him, the Agency without prejudice to other remedies shall:
1.5.1.1. Have the right not to proceed further with the contract or any other work for the Client and be entitled to charge for work already carried out (whether completed or not) and materials purchased for the Client. Such charge to be an immediate debt due to him.
1.5.1.2. In respect of all unpaid debts due from the Client have a general lieu on all goods and property in its possession (whether worked on or not) and shall be entitled on the expiration of 14 days’ notice to dispose of such goods or property in such manner and at such price as it thinks fit and to apply the proceeds towards such debts.

1.6 Force Majeure

1.6.1. The Agency shall be under no liability if it shall be unable to carry out any provision of the contract for any reason beyond its control including (without limiting the foregoing) Act of God, legislation, war, fire, flood, drought, failure of power supply, lock-out, strike or other action taken by employees in contemplation or furtherance of a dispute or owing to any inability to procure materials required for the performance of the contract. During the continuance of such a contingency the Client may by written notice to the Agency elect ‘to terminate the contract and pay for work done and materials used’, but subject thereto shall otherwise accept delivery when available.

1.7 Information Provided by You

1.7.1. You warrant that the name, address and payment information provided when you place your order with the Agency will be correct and you agree to notify the Agency of any changes in the name, address and/or payment details.
1.7.2. You agree that the Agency may disclose your name and address where any enquiries are made.
1.7.3. You warrant that you possess the legal right and ability to enter into this Agreement and to use the Agency’s services in accordance with this Agreement.

1.8 Indemnity

1.8.1. You shall indemnify us and keep us indemnified and hold us harmless from all liabilities, actions, claims, proceedings, losses, expenses (including reasonable legal costs and expenses), costs and damages, howsoever suffered or incurred by us in consequences of your breach or non-observance of this Agreement, or arising out of claims based upon or relating to our work for you or any claim brought against us by a third party resulting from the provision of any Services to you and your use of them.
1.8.2. The Agency will notify you promptly of any claim for which the Agency seeks specific indemnification at the currently supplied address. The Agency will afford you the opportunity to participate in the defence of such claim, provided that your participation will not be conducted in a manner prejudicial to the Agency’s interests, as reasonably determined by the Agency and/or its legal representatives.

1.9 Limitation of Liability

1.9.1. All conditions, terms, representations and warranties relating to the Services supplied under this Agreement, whether imposed by statute or operation of law or otherwise, that are not expressly stated in these terms and conditions including, without limitation, the implied warranty of satisfactory quality and fitness for a particular purpose are hereby excluded, are subject always to sub clause 1.9.2.
1.9.2. Nothing in these terms and conditions shall exclude our liability for death or personal injury resulting from our negligence.
1.9.3. In any event, no claim against the Agency shall be brought unless you have notified the Agency of the claim within one year of the issue arising.
1.9.4. In no event shall the Agency be liable to you by reason of any representation (unless fraudulent), or any implied warranty, condition or other term, or any duty at common law, for any loss of business, contracts, anticipated savings or profits or any indirect, special or consequential loss, damage, costs, expenses or other claims (whether caused by the Agency’s negligence or the negligence of its servants or agents or otherwise) which arise out of or in connection with the provision of any goods or services by the Agency.
1.9.5. The Agency warrants that its services will be provided using reasonable care and skill. Where the Agency supplies any goods supplied by a third party, the Agency does not give any warranty, guarantee or other term as to their quality, fitness for purpose or otherwise, but shall, where possible, assign the benefit of any warranty, guarantee or indemnity given by the supplier of the goods to the Agency.

1.10 General Terms

1.10.1. These conditions and all other express terms of the contract shall be governed and constructed in accordance with the laws of England and you hereby submit to the non-exclusive jurisdiction of the English courts.
1.10.2. The Agency shall not be liable or deemed to be in breach of contract by reason of any delay in performing, or failure to perform, any of its obligations if the delay or failure was due to any cause beyond its reasonable control.
1.10.3. All quotes/estimates, briefs and other Client/Agency documents are commercially confidential and may not be disclosed to third parties without prior written agreement.
1.10.4. These terms and conditions, together with any documents expressly referred to in them, contain the entire Agreement between the Agency and the Client relating to the subject matter covered and supersede any previous agreements, arrangements, undertakings, proposals or contemporaneous communications, written or oral: between the Agency and the Client in relation to such matters. No oral explanation or oral information given by any party shall alter the interpretation of these terms and conditions. In agreeing to these terms and conditions, you confirm that you have not relied on any representation other than those expressly stated in these terms and conditions and you agree that you shall have no remedy in respect of any misrepresentation which has not been expressly made in this Agreement.
1.10.5. Any notice to be given by either party to the other may be sent by either email or post to the address of the other party as appearing in this Agreement or ancillary application forms or such other address as such party may from time to time have communicated to the other in writing, and if sent by email shall unless the contrary is proved, be deemed to be received on the day it was sent, or if sent by post shall be deemed to be served two days following the date of posting.
1.10.6. Headings, numbering and summaries are included in this Agreement for convenience only and shall not affect the construction or interpretation of this Agreement.
1.10.7. You acknowledge that no joint venture, partnership, employment, or agency relationship exists between you and the Agency as a result of your use of these services. You agree not to hold yourself out as a representative, agent or employee of the Agency. You agree that the Agency will not be liable by reason of any representation, act or omission to act by you.
1.10.8. The Agency reserves the right to revise, alter, modify or amend these terms and conditions, and any of our other policies and agreements at any time and in any manner without prior notification. Notice of any revision, amendment, or modification will be posted in accordance with our Terms and Conditions.
1.10.9. If any of the provisions of this Agreement are judged to be illegal or unenforceable, the remainder shall continue in full force and the effect of the remainder of them will be not be deemed to be prejudiced.
1.10.10. This Agreement takes effect on the date on which you order our services. Acceptance of these terms is an absolute condition of the Client requesting work. An order constitutes acceptance of all our Terms and Conditions.
1.10.11. You shall not assign this Agreement or any benefits or interests arising under this Agreement without the Agency’s prior written permission.

1.11 Service Level Agreements

1.11.1. The hours provided in Service Level Agreements (SLA) can be used in any way, other than for fixed costs and essential services – such as web hosting or advertising placement – or towards payment of debts or existing/quoted jobs.
1.11.2. Once an account handler at the Agency has been given a job brief as part of the SLA, should the work take longer than 30 minutes, we will endeavour to provide a total estimate of how long the job will take for approval by the Client before any work is commenced.
1.11.3. For each job requested by the Client as part of the SLA, a minimum of 15 minutes will be deducted from the remaining SLA time allowance.
1.11.4. All hours worked as part of an SLA are recorded and can be forwarded to the Client on request.
1.11.5. Once a Client approaches the final two hours of their SLA allowance, the Agency will endeavour to notify them automatically via email, providing the opportunity to purchase another SLA.
1.11.6. Any hours that have not been used within the initial 12 months after purchase will roll over to the following year, up to a maximum of 24 months. However, although the Agency reserves the right to increase the hourly rate as business needs dictate, the hours in an SLA will be honoured at the original rate at which they were purchased for one year, after which time, any roll-over hours will be applied to subsequent years at the new hourly rate.

  1. Print Terms & Conditions

2.1 Proofing

2.1.1. After initial design and layout, a mono proof will be submitted for author’s corrections to be identified. These corrections will be carried out inclusive of the quoted price. On approval of a second mono proof, again inclusive of the quoted price, the design will be classed as complete, where a final colour proof will be provided for full Client sign off. Any additional author’s corrections requested after the second mono proof is submitted will be charged at our normal rate of £60 per hour.

2.2 Print

2.2.1. Standing matter and printers’ materials of any kind are effaced or disposed of immediately after the order is executed unless written arrangements are made for retention in advance.
2.2.2. The Agency shall not be required to work to tolerances closer than those applicable to the materials obtained by him in the ordinary course of trade. No liability shall arise from variation in the standard, quality and performance of such materials.
2.2.3. Every endeavour will be made to deliver the correct quantity ordered, but estimates are conditional upon margins of 5% for work in one colour and 10% for other work being allowed for overs or shortage (4% and 8% respectively for quantities exceeding 50,000) the same to be charged or deducted.

2.3 Materials supplied by the Client

2.3.1. The Agency will not be responsible for imperfect work caused by defects in or unsuitability of material and equipment supplied by the Client. The Agency will not be responsible for Client’s material wasted in course of production. Extra costs incurred through the use of defective materials or equipment supplied are for the Client’s account.
2.3.2. The Agency may reject any paper, plates or other materials supplied or specified by the Client which appear to them to be unsuitable. Additional cost incurred if materials are found to be unsuitable during production may be charged except that if the whole or any part of such additional cost could have been avoided but for unreasonable delay by the Agency in ascertaining the unsuitability of the materials then that amount shall not be charged to the Client.
2.3.3. Quantities of materials supplied by the Client shall be adequate to cover normal spoilage.

2.4 Machine Readable Codes

2.4.1. In the case of machine readable codes or symbols, the Agency shall print the same as specified or approved by the Client in accordance with generally accepted standards and procedures.
2.4.2. The Client shall be responsible for satisfying themselves that the code or symbol will read correctly on the equipment likely to be used by those for whom the code or symbol is intended.
2.4.3. The Client shall indemnify the Agency against any claims by any party resulting from the code or symbol not reading or not reading correctly for any reason, except to the extent that such claim arises from any failure of the Agency to comply with any of the above which is not attributable to error falling within the tolerances generally accepted in the trade in relation to printing of this sort.

2.5 Delivery

2.5.1. Goods will be dispatched or must be collected by the Client when ready and the Client shall not refuse or delay delivery.
2.5.2. Advice of damage, delay or partial loss of goods in transit or of non-delivery must be given in writing to the Agency and the carrier within three clear days of delivery (or, in the case of non-delivery, within 28 days of despatch of the goods) and any claim in respect thereof must be made in writing to the Agency and the carrier within seven days of delivery (or, in the case of non-delivery, within 42 days of despatch). All other complaints and claims must be made in writing to the Agency within 28 days of delivery. The Agency shall not be liable in respect of any claim unless the aforementioned requirements have been complied with except in any particular case where the Client proves that it was not possible to comply with the requirements and advice (where required) was given and the claim made as soon as reasonably possible.
2.5.3. Goods completed but not delivered shall thereupon forthwith become due and payable. Moreover after the expiration of 14 days notice the Agency may exercise a general lien on all the Client’s goods and property in our hands and may dispose of such goods and property as they see fit and apply the proceeds towards such debts. The Agency may also elect to cancel further work and/or not produce any unmade balance of such contract and recover from the Client any losses sustained by so doing.
2.5.4. The Agency shall not be liable for any loss to the Client arising from delay in transit howsoever caused.
2.5.5. The risk in the goods passes to the Client upon delivery (whether to the Client or to a common carrier) but legal and beneficial ownership shall remain with the Agency until payment in full has been received (each delivery being considered as a whole). Until the date of payment the Client, if so required by the Agency, shall store the goods in such a way that they are clearly identifiable as the property of the Agency.

  1. Digital Media Terms & Conditions

3.1 Programming

3.1.1. The Agency can only program sites to be as secure as reasonably possible at the time of delivery and can not offer indemnity against future threats/developments.
3.1.2. Once the Agency has deemed a project to be complete, any amendments will be charged at the Agency’s standard billing structure of £60/hour.
3.1.3. The Agency develops websites for compatibility with the current version of Microsoft Internet Explorer: not all previous versions or every browser. If further compatibility is required, the Agency must be advised at the outset.

3.2 Ownership

3.2.1. The ownership of the web pages and copyright therein shall remain with the Agency until payment in full has been received for all sums owing. Once payment has been received, ownership and copyright shall pass to the Client for page text and graphics specific to the Client.
3.2.2. Ownership of all code used in processing web pages shall remain with the Agency and it is expressly agreed that the use of such code in processing the web pages does not confer any passing of title from the Agency to the Client.

3.3 Content

3.3.1. The Client shall supply the copy for your web pages in clear and usable permanent or electronic form and shall be entirely responsible for the content of the web pages.
3.3.2. All images uploaded to websites by the Client (via CMS, FTP or other) should be optimised (compressed file size). The Agency can provide advice on the best image editing software packages, but accepts no responsibility for the performance or compatibility of third-party software, or the results they produce.
3.3.3. When a test link is provided, it is the responsibility of the Client to test the functionality, read and check all copy, as well as approve the design and images used before approval is given.
3.3.4. The Agency can provide legal disclaimers and privacy policies; but it is the responsibility of the Client to confirm with their own legal advisers that these meet their individual requirements, as The Agency accepts no responsibility for their accuracy, relevance or currency.

  1. Website Hosting and Email Terms & Conditions

Summary

The Agency offers website hosting and database hosting services through the use of third party providers and is subject to requirements set out in these terms and conditions and any other relevant terms and conditions, policies and notices which may be applicable to the supply of hosting services.
Below is a summary of the main points covered in these terms:
– Whilst we and our suppliers will always endeavour to give you the best possible level of service, we cannot guarantee 100% availability of service.
– The Agency and our suppliers accept no responsibility for any losses caused through a loss of service.
– Your service will be removed if you fail to pay in time or misuse the service.
– The Agency will not be liable for any costs to restore your service once it has been removed. Specifically, any websites with databases will require reprogramming once they have been removed from their original server.
– Any work undertaken by the Agency at the request of the Client will be charged at our standard rate of £60 per hour, including investigations regarding problems or loss of service that are not due to the Agency or our suppliers. The Agency should only be contacted after you and your IT professional/advisor have established that any problems are not due to you or your systems.

4.1 Website & Email Content & Use

4.1.1. We make no representation and give no warranty as to the accuracy or quality of information received by any person via the Server and we shall have no liability for any loss or damage to any data stored on the Server. You warrant the accuracy, truthfulness and reliability of any information (including, where applicable, statements of opinion or advice) which you place or allow to be placed on your web pages. You warrant that you are authorised to promote and/or provide any information which you promote and/or provide on your web pages (for example if you are providing financial information, that you hold any necessary authorisation under all relevant legislation including the Financial Services Acts).
4.1.2. You represent, undertake and warrant to us that you will use the website allocated to you only for lawful purposes. In particular, you represent, warrant and undertake to us that:
4.1.2.1. You will not use the Server in any manner which infringes any law or regulation or which infringes the rights of any third party, nor will you authorise or permit any other person to do so.
4.1.2.2. You will not host, post, publish, disseminate, link to or transmit:
4.1.2.2.1. Any material or information which is unlawful, infringing, threatening, abusive, malicious, defamatory, obscene, indecent, blasphemous, profane or otherwise objectionable in any way.
4.1.2.2.2. Any material containing a virus or other hostile computer program.
4.1.2.2.3. Any material or information which constitutes, or encourages the commission of a criminal offence, or which threatens, harasses, stalks, abuses, disrupts or violates the legal rights (including rights of privacy and publicity) of others, or which infringes any patent, trade mark, design right, copyright or any other intellectual property right or similar rights of any person which may subsist under the laws of any jurisdiction.
4.1.2.3. You will not send bulk email, whether opt-in or otherwise, from our network. Nor will you promote a site hosted on our suppliers network using bulk email.
4.1.2.4. You will not employ programs which consume excessive system resources, including but not limited to processor cycles and memory.
4.1.2.5. You shall observe the procedures which we may from time to time prescribe and you shall make no use of the Server which is detrimental to other customers.
4.1.2.6. You shall procure that all mail is sent in accordance with applicable legislation (including data protection legislation) and in a secure manner.
4.1.2.7. In the case of an individual User, you warrant that you are at least 16 years of age and if the User is a company, you warrant that the Server will not be used by anyone under the age of 16 years.
4.1.2.8. You are entirely responsible for any civil or criminal liability that is incurred as a result of any use of your web pages. If you post or allow to be posted a defamatory or libellous message, it is you that will be deemed to have published it and you shall be liable for the consequences of it.
4.1.3. We and our suppliers reserve the right to remove any material which they deem inappropriate from your web site without notice (specifically, but not restricted to, Warez and illegal MP3 content).
4.1.4. If you advertise or offer to sell goods or services via your web pages, you undertake to provide goods in conformity with any description and warranties made. You agree to comply with all relevant legislation including Advertising and Broadcast regulations, Consumer Credit Acts and Trades Descriptions Acts. If you are advertising goods in the course of a trade or business this must clearly be so stated.

4.2 Charges

4.2.1. All charges payable by you for the Services shall be in accordance with the scale of charges and rates published from time to time by us and shall be due and payable in advance of their service provision without any set-off or other deduction. We reserve the right to change pricing at any time, although all pricing is guaranteed for the current subscription period.
4.2.2. Payment is due each anniversary month, quarter or year following the date the Services were established until closure notice is given.

 

Disclaimer

The information contained within this website is provided by Adgective Graphic Design for general information purposes only. We endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website. Through this website you are able to access other websites which are not under the control of Adgective Graphic Design. We have no control over the nature or content of those sites. The inclusion of these websites does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, Adgective Graphic Design takes no responsibility for and accepts no liability for the website being temporarily unavailable due to technical issues beyond our control.