Version: 12/03/2021
Web Widgets provides you the ability to build a website with many CRM and Ecommerce features, and thus, allows you to collect personal data from your customers, that are stored on our servers. When referring to privacy laws, Web Widgets Ltd consider ourselves a data processor, not a data controller. The following privacy policy should aid with understanding your own privacy exposure, and how we manage your private data.
We will not share nor sell your data, excepting in the following instances:
- In order to we can provide you with customer support, all of our authorized staff have access all your website data, and customer data contained within. We need access to that data so that we may answer questions that you may have about the smooth running of your website based business functions. Our staff are bound by non disclosure agreements.
- Some of our team members are independent contractors, who are bound by appropriate non disclosure agreements, and may only access your data for the purpose of supporting you in this role.
- The web designer or re-seller, who built or sold you a website, usually retains administrative access to your website and data. You can remove administrators in the security tab of your website.
- Your data is stored on virtual servers provided by Amazon Web Services based in Sydney.
- We will never sell your data, however, our web hosting business may be acquired by other web hosting business in the future.
- If an authorized government agency makes a legal request for your data, we will comply with the request.
- If you opt in to a link building or content sharing feature, then you are sharing the specified data with the web master who manages that specific directory. Only your public contact and product information is shared, but that webmaster will also know your private account email address, such that they may contact you regarding your listings.
Of visitors to your website, our system collects and stores the following information.
- All visitors to our website will have their IP address logged automatically. The purpose of the log is to identify hackers and to create statistical reports, and the logs are deleted after 60 days. We use a statistical package called "awstats".
- If a customer completes any form on your website, our data will retain all the information they entered, plus their IP address. Refer to data collected of your customers below.
- We store several session cookies on a website visitors web browser. These cookies are deleted by the web browser when the browser application is closed. If a visitor clicks a checkbox to be "remembered" then a more permanent cookie is stored on their computer. The use of cookies is necessary to maintain a user session, or remember a shopping basket for example.
- Your data will remain in the database until you delete it, or subject to our auto archiving rules. Please note we retain backups of data for a period outlined below.
Of visitors to our website, we also collect the following information
- If you complete any forms on our website, then we will retain that data until you request it is deleted, or your trial expires.
- We make use of third party data analytical services such as Facebook Pixel and Google Analytics. These are common data analytical services. Please refer to their privacy policies.
Of your customers, we also collect the following information, for your benefit
- A log of all logged in member activity, including what key actions they perform while logged in, including their IP address.
- Transaction history of orders and payments
- We keep an audit trail of modifications to a customers contact data, in case of fraud.
- A log of who was sent a bulk email, and if they opened it, and on which links they clicked. Some statistical data is stored for a short time. We record the history of each email being sent, or unsubscribed, and how consent was derived, to comply with the unsolicited messages act.
- Any other data they entered into any form on your website is potentially stored permanently until you delete it. Custom form posts are deleted after 1 year. Custom membership forms, are retaining permanently.
Of our customers, we also collect the following information
- We make use of Xero for managing our financial transactions, and this information is accessible by our book keeper and accountant. Please refer to Xero's privacy policy.
- We use Google Suite for managing our email. We may use any other support ticketing system from time to time. Any correspondence you have with our support desk or any of our staff, may reside in such a system.
- We may share your financial records with a debt collection agency if you don't pay your bills on time.
Deemed Consent for Email Delivery
- Irrespective of payment, we provide a subscription type service, where ongoing communication is expected for support, training, and notifications of expiry, renewal or changing terms and conditions. We deem to have the consent of customers who have signed up for a free trial, or purchase a domain name, as it is necessary for us to communicate with you.
- In all other cases, consent to receive our emailed newsletters must be expressly given by you. You can give consent by entering your email in to a subscription form, or ticking an opt in tick box on any other inquiry form.
- We record the method and time of consent in our customer database.
- Recipients will be automatically removed from our mailing list after 1 year of inactivity.
Regarding requests to delete data.
- We are obligated to retain financial records for at least 7 years to comply with IRD requirements. If you have a financial history with us, then we cannot delete your account until that time frame has elapsed.
- We are obligated to retain all information relating to a domain name registration, even after the domain name has expired.
- If you unsubscribe from our newsletter, we will record that status in our database, and not send you any further generic newsletters.
- If you cancel your trial website, we will delete your website in due course.
- We are often asked to "undelete" websites that have been deleted for several months. To facilitate this, we keep backups of our databases. Some backups may be kept for as long as 2 years, after your website is technically deleted. Long term backups are only accessible by a very small team of system admins. Eventually, all data is deleted permanently.
- If a member of the general public requests personal information is deleted from your website, and they provide suitable ID, then we will comply with their request and notify you.
- If you request to have your all your email history deleted, and there is no dispute regarding your account, we will delete all email history older than 1 year. The request to delete your data will be retained for auditing purposes.
Google Calendar Synchronisation
- For those users who use our booking system, synchronised with Google Calendar, the following privacy policy applies.
- The scope of acccess to your calendar is "View and edit events on your calendars"
- Our application will retrieve a list of your events for the calendars you make available to us.
- Our application will store a local copy of your calendar events in our database, so that we can determine your availability.
- Our application will only reveal availability to visitors to your website within the strict timetable you permit.
- Our application will create events in your google calendar when a customer makes a booking.
- Our application will edit an event in your google calendar when a customer, or authorised website administrator, makes a change to the booking in our control panel.
- Our application will delete your personal events from our database, once the date has passed.