Caz Limited GDPR privacy policy statement

Last modified 21 May 2018

TL;DR

We aim to protect any personal information that you give us and don’t pass it on to marketing list providers.

Since Caz Limited is primarily a business-to-business organisation, it holds very little personal information.

Questions

If you have any questions about this privacy policy or the personal data we hold, please use the contact form, call us on 0117 941 5920 or write to us at Caz Limited, Ashley Lodge, 82 Cobourg Road, Montpelier, Bristol, BS6 5HX, UK.

Processes

We use two of the six available lawful bases available under the GDPR for the collection, use and storage of personal data, namely legitimate interest and consent.

Legitimate interest

The following processes form part of our legitimate interest in the operation of Caz Limited, the websites it operates and its subsidiary Helios Professional Audio Limited.

Website logs

Our website logs are kept for up to 26 months in case they are needed to investigate unauthorised behaviour including attacks.

Apart from dealing with threats, logs help us operate our websites and analyse their performance.

Website cookies

Website cookies are used for Google Analytics and to store preferences eg the language selection option on some of our websites. The retention period for this analytics data is 26 months.

Website forms

Web forms are monitored for abuse.

Consent

Website forms

Web forms set out the process for which the entered data will be used and have individual consent tick boxes.

Newsletters

We have not made a practice of sending out newsletters for information or marketing purposes. As a result, we have not made any attempt to collect personal information for this purpose.

We will obtain consent for newsletters and similar should we use them as a means of marketing in the future.

What we collect

Customer information

If you contact us for any reason, that information you provide may be recorded and stored for an appropriate period.

We retain customer financial transactions for six years at least. We reserve the right to delete them after that time.

Generally we delete non-financial data relating to perceived dormant or non-operational customers within twelve months.

Data sharing

We only share your address data with the Royal Mail, couriers and other businesses as necessary for the conduct of the work you ask us to do or orders made.

Rights

You have many rights regarding personal data. Get in touch if you want something deleted or altered.

Appendix

Specific cookies

These are some of the more common cookies that you may find being used on our websites:

  • _ga, _gat and _gid – used by Google Analytics
  • ARRAffinity – used for load balancing by our Microsoft Azure cloud hosting service
  • .ASPXAUTH – used by the security system when logged in
  • __RequestVerificationToken – stores an encrypted token developed by Microsoft to mitigate cross-site scripting attacks
  • __FormToken - used by an in-house mechanism to mitigate web form spam

E&OE