Who we are
Our website address is: https://elainesassoon.com.
What personal data we collect and why we collect it
We use the information you have supplied in our form, this is only used so that we can contact you regarding a procedure you have expressed interest in. We don’t ask for your whole address, just the city or town where you live.
We do not pass on your information to any other parties regardless of how appropriate or relevant their services may be to you.
If you wish to leave your name and telephone number for us to call you back during office hours, we will use the information to do just that, the information is not saved to the database.
We collect your email address where you have requested it. The email address is retained on the database for 30 days before being exported and saved in a password protected folder locally. This is then used on the occasions we send out newsletters.
Every email we send contains an unsubscribe link so you are free to leave the mailing list at any time.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use the anonymous IP tracking code for Google analytics and use the information solely to try and improve the website, check for errors and access issues etc.
Who we share your data with
Once you have completed one or more of the forms, we pass that directly on to Elaine’s secretary in order for her to contact you regarding further information. The information is retained on our database for no more than 30 days and is not stored in any backups.
The information is regularly deleted, so no information is retained on the website database for longer than 30 days.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We do not send out the data to any third parties.
Our contact information
If you have any further questions please email us on firstname.lastname@example.org
How we protect your data
Primarily limiting the data collected, our website uses an industry standard SSL for encryption and wherever possible data transfer is also encrypted. Folders are kept behind passwords and if accessed on other devices they are capable of wiping the data if lost or stolen.
Our response policy in the event of a data breach
We endeavour to keep the sites we design as secure as possible by keeping all plugins and components up to date on our client sites.
We also apply security updates as they are released.
We also ensure that passwords are as secure as possible using a combination of upper and lower case letters and special characters.
Data breach within a single client site
In the event of a client reporting a data breach on their site, we will change all passwords relevant to that account and restore the site from a clean backup where possible (assuming we have been notified in time to use a backup). If the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.
Data breach within our own internal systems
The immediate priority is to identify and isolate the breach by locking down all systems and resetting all system passwords.
We would then reset all client passwords and check the logs to see if any client sites have been accessed as a result of the breach.
We would notify all clients of the breach, explaining what had happened and what steps we had taken to prevent future occurrence.
If we detected that any client sites had been accessed as a result of the breach, then we would notify them and if the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.
In the event that client websites had been accessed as a result of the breach of our system, we would then report the breach to the relevant authorities within 72 hours as per the GDPR requirements
What third parties we receive data from
We use these data controllers /processors within normal operations, please click on the links to view the updated GDPR compliant privacy policies.
Facebook (Social Media)
Ninja Forms (Plugin)
Industry regulatory disclosure requirements
Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.
Smush uses a third-party email service (Drip) to send informational emails to the site administrator. The administrator’s email address is sent to Drip and a cookie is set by the service. Only administrator information is collected by Drip.