Privacy Policy

Updated 12th July 2023

This Privacy Policy (“Policy”) explains how your information is collected, used and disclosed by 8 Million Stories Limited (“8MS Ltd.” or “We” or “Us" or “our”). This policy applies where we are acting as a Data Controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.

We are committed to safeguarding the privacy of our website visitors and service users. We will never sell, share, or use your personal information other than as described here.

By using our website and agreeing to this Policy, you consent to our use of cookies in accordance with the terms of this Policy.

Privacy Statement Summary:

Who will use my data? 8 Million Stories Limited
What for? 8MS Ltd. is a creative Digital & Content Marketing Agency. We will store and process your data in order to allow us to provide our products and services, such as content marketing, SEO, paid media, social media and data analytics to you and run our company. We will also send any relevant details to authorities, when there is a legal obligation to do so.
What will happen if I contact you? If you contact us, we will use your data to send you the information that you have requested and other information that we think you might be interested in.
What data will be stored?

We may store and process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services.

We may process your personal data that are provided in the course of the use of our services (“service data“). The service data may include name, email address, and/or phone number, address, billing details. The source of the service data is you or your employer. The service data may be processed for the purposes of providing our services, and communicating with you.

We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you.

In addition to the specific purposes for which we may store and process your personal data, we may do so where necessary for compliance with a legal obligation of for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court-procedure.

Moreover, we may store and process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.

What data will be shared?

We may disclose service data to our partners or subcontractors identified in our contract with you, insofar as reasonably necessary for us to deliver our services to you.

We will moreover share your personal data if there is a legal obligation to do so, or to enforce or apply our contractual terms.

How long?

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain your personal data as follows:

  • usage data will be retained for a minimum period of 12 months following your first 8ms.com website session, with the data retention set to not automatically expiring, and resetting on each session.
  • enquiry data will be retained for a minimum period of 12 months following initial contact with us, and for a maximum period of 7 years following the termination of your contact with us.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

  • the period of retention of service data will be determined based on the duration of the contract with us.

Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Who can access my data?

We will never sell, share or otherwise distribute your data to any other third party other than as described here. We will share your information with a regulator or legal body that requests it and we have a legal obligation to share your personal data with.

How is my data kept secure? We will store and process your data on secure UK based servers. We use industry standard security protocols/technology to secure your data.

About This Privacy Policy

The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process and store personal information. These rules apply regardless of whether personal data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:

We take these responsibilities seriously, this document describes our approach to data protection.

This policy helps to protect us from data security risks, including:

 

Who We Are And How To Contact Us

This website is owned and operated by 8 Million Stories (8MS) Ltd.

We are registered in Scotland under registration number SC430348, and our registered office and principal place of business is at 15 Queen Street, Edinburgh, EH2 1JE. Our Data Protection Lead is Robin Richmond.

You can contact us:

(a) by post: 15 Queen Street, Edinburgh, EH2 1JE;
(b) using our website contact form;
(c) by telephone +44 (0)131 202 0360; or
(d) by email: hello@8ms.com.

Who This Policy Applies To

This policy applies to individuals who have shared their data with 8MS Ltd. as either a customer, website visitor, contractor, employee, intern, supplier or in any other capacity. Processing of your data is required in order to offer you our digital and content marketing services.

It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR.

What this policy applies to

This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. This includes:

We do not routinely collect or process sensitive data about you however where this is the case we will ensure we keep that data safe as required under Article 9 of GDPR.

Our Lawful Basis - What this policy applies to

This section describes the lawful basis for processing your data and applies to all personal information collected, stored, and processed which relates to any individual.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing; for example:

Purpose/Activity Type of data Lawful basis for processing
To register you as a new client

(a) Name and Last Name
(b) Contact information

(a) Performance of a contract with you
(b) Legitimate interest
(c) With your consent

Monitoring and improving our website and services

(a) Usage data (as defined above)

(a) Legitimate interest

To process and deliver our services you request including content marketing, SEO, paid media, social media and data analytics and communicate with you

(a) Service data (as defined above)
(b) Financial transaction

(a) Performance of a contract with you
(b) Where necessary to comply with a legal obligation

Obtaining and maintaining insurance coverage; managing risks; obtaining professional advice

(a) Name and Last Name
(b) Contact information
(c) Financial transactions

(a) With your consent, to protect your vital interests or the vital interests of another natural person
(b) Legitimate interest

To manage our ongoing relationship with you which will include notifying you about changes to this Policy, our Terms & Conditions, to maintain our records

(a) Name and Last Name
(b) Contact information
(c) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interest to keep our records updated and to study how customers use our products/services
(d) With your consent

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Name and Last Name
(b) Contact information
(c) Technical information

(a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security
(b) To prevent fraud and in the context of a business reorganisation or group restructuring exercise
(c) Necessary to comply with a legal obligation
(d) With your consent

To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising

(a) Name and Last Name
(b) Contact information
(c) Usage information
(d) Marketing and Communications
(e) Technical information

(a) Necessary for our legitimate interest to study how customers use our products and services to develop them further; to grow our business and to improve our marketing strategy and
(b) With your consent

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical information
(b) Usage information

(a) Necessary for our legitimate interests to define types of customers for our products and services,
(b) To keep our site updated and relevant,
(c) To develop our business
(d) To improve our marketing strategy

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Name and Last Name
(b) Contact information
(c) Technical information
(d) Usage data

(a) Necessary for our legitimate interests to develop our products/services and grow our business and
(b) With your consent

We may take personal information from:

Personal data we receive will be used for the purposes it was provided, including:

In accordance with your preferences, we may also use your personal information to provide you with information about products, services, promotions and offers that may be of interest to you. We may use your personal information in order to ascertain the services, and offers that are likely to be of particular interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services communications, including communications in relation to any purchases you make or services you use.

How to change your preferences

We operate in line with GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the competent supervisory authority. Any requests or objections should be made in writing to the Data Protection Lead or you can visit our website, call, or email us to contact us to change your preferences at any time. Moreover, you may instruct us at any time not to process your personal information for marketing purposes.

Scope of Agreement

By submitting your personal data on this site or as required for us to provide products and services to you, you are affirming your agreement for such information to be used in accordance with this Privacy Policy. You will be able to change your preferences at any time by the methods described as prescribed in this document.

We may from time to time use your information for marketing, account management or relationship management purposes. The main purpose of this is to provide you with information about services which we think may be of interest to you and/or to maintain any existing relationship we may have with you.

How we collect, store, process and transfer your data

Your data will be collected, stored and processed primarily in the UK, where we transfer your data outside the UK, we ensure that appropriate technical and organisational safeguards are in place to protect your data. When transferring data, we shall make use of legally-recognized data transfer mechanisms, which may include the European Commission’s standard contractual clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer. Your data will be stored for a period of time, as defined above.

In order to provide our services we may use carefully selected third parties, namely partners or subcontractors identified in our contract with you, insofar as reasonably necessary for us to deliver our services to you. These third parties may operate outside the UK, if this is the case we will ensure precautions are in place to protect your data in rest and migration.

We may also use recognised third parties to take payment, conduct credit reports and other checks, manage our company accounts and similar.. We will store transactions, payment and order data for a minimum period of five years following the date of the transaction, and for a maximum period of seven years following that date or for as long as required by UK financial and company regulations. These third parties may operate outside the UK, if this is the case we will ensure precautions are in place to protect your data.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and/or we are acting as you would reasonably expect. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.

We may be legally obliged to disclose your personal information without your knowledge.

Our obligations

We are a Data Controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.plex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third Parties

We require all third parties, namely partners or subcontractors identified in our contract with you, insofar as reasonably necessary for us to deliver our services to you, to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will report any breaches or potential breaches to the appropriate authorities and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine. Should you not accept, then you are free to leave our website, at any time.

Cookies that we use

We use cookies for the analysis purposes: – we use cookies [to help us to analyse the use and performance of our website and services (cookies used for this purpose are: wcs_bt.

Cookies used by our service providers

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/. The relevant cookies are: _dc_gtm_UA-39894094-1, _ga and _gid.

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) https://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies may have a negative impact upon the usability of many websites

If you block cookies, you will not be able to use all the features on our website.

Legitimate Interest

We have completed a detailed Legitimate Interest Assessment to ensure that sharing your information and processing your information as described here is reasonable and that we have an appropriate lawful basis.

Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this Policy.

We may notify you of changes to this policy by email.

Contacting us, exercising your information rights and Complaints

If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact our Data Protection Lead Robin Richmond. We will respond to your requests (exercising your rights) under GDPR within 30 days. We reserve the right to charge for excessive, repetitive, or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.

Our EU Representative:

Under Article 27 of the GDPR , we have appointed an EU Representative to act as our data protection agent.

Our nominated EU Representative is:

Instant EU GDPR Representative Limited
Adam Brogden
contact@gdprlocal.com
Tel + 353 15 549 700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

Your right to a complaint to the ICO

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

www.ico.org.uk