Privacy Notice

Our contact details

Name: Just Digital Limited trading as Thumbies

Address: Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, PE29 6FN

Phone Number: 01480 825000

E-mail: legal&compliance@justdigitaluk.com

Website: thumbies.co.uk

 

What we do

Just Digital is an established digital print business, providing high quality creative and print services primarily in the B2B market from our base in Cambridgeshire. The services we specifically offer to clients include:

  • Design and creative services, including sourcing promotional items
  • Digital print, including large format
  • Design and production of exhibition stands, including installation, dismantling and storage
  • Provision of funeral stationery, keepsakes and related items
  • Website building, bespoke online ordering portal and web to print services
  • Storage and fulfilment

 

We take the protection of personal data of all stakeholders extremely seriously, and this Privacy Notice explains how we go about the care and management of all the data we control and process, both directly and through our partners.

Personal Data means any personal information relating to you, or information from which you can be personally identifiable. You have a choice over how it is used by organisations such as Just Digital. This Privacy Notice is issued in compliance to the UK GDPR and will explain:

  1. Who we are
  2. The data we collect from you
  3. What do we mean by “legal basis”?
  4. Who we share your data with
  5. How we keep your data secure
  6. Your data protection rights and how to exercise them
  7. Data Protection Officer
  8. How to contact the authorities

 

 

  1. Who we are

Just Digital Limited is a private limited company incorporated and registered in the UK with the company number 04954829. Our registered office address is Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, Cambridgeshire, PE29 6FN.

 

We are the controller of the personal data we process. This means that we are responsible for deciding how we collect, use and store information about you.

 

We are registered with the Information Commissioner’s Office (ICO) under number ZA266435.

 

 

  1. The data we collect from you

We currently collect and process the following information:

 

Company website browsing

If you visit our company websites, we use cookies. Just Digital and any affiliates and analytics or service providers use cookies and other technologies to ensure everyone who uses our website has the best possible experience. A cookie is a small text file that is placed on your hard drive by a web page server. Some cookies are strictly necessary for the functionality of the website. However, some cookies are non-essential, and you will have choice of whether we can gather these cookies or not. We offer you that choice and provide you the option to consent or not to the gathering of these particular cookies.

 

The lawful basis under UK GDPR we use for processing non-essential cookies is Article 6 (1)(a) consent.

 

We have a detailed Cookie Policy which explains what cookies we gather, how and why we use them, and what your rights are. Our Cookie Policy can be found by clicking the link.

 

Working with us

This data is collected through our day-to-day business transactions with customers, such as taking enquiries and orders, processing orders, sales and marketing, job fulfilment and account management. Customers may include companies and organisations, sole traders, and private individuals. This data is gathered directly from you, generally by email or telephone.

Just Digital provides a “web-to-print” service, which enables a secure transfer of data to enable print production directly from a web-based portal. Business data may also be gathered from this service. Where we collect personal data from users of the web-to-print portals (our customers), Just Digital is acting as a Data Processor, and our customers are the Data Controller and so you should refer to their privacy notices to understand how they will process your personal data.

 

The personal data that we might process is:

  • Contact name
  • Contact address
  • Contact email
  • Telephone number
  • Job title
  • Business financial information

 

In addition to our regular business activities, for our Funeral Home clients, we offer a unique service line that involves the collection of biometric data for the creation of bespoke jewellery and keepsakes. This biometric data, specifically fingerprints, handprints and footprints, is collected directly from the person in question to enable us to design and craft personalised jewellery items.

This data is gathered in the Funeral Home using secure online methods, where consent will be required prior to any data collection. The collection of biometric data is solely for the purpose of fulfilling an order for personalised jewellery and never for identification purposes.

The personal data that we might process in connection with this service includes:

  • Fingerprint data
  • Name

 

We ensure that your biometric data is securely handled and protected in accordance with applicable data protection laws, including the UK GDPR. The lawful basis we use for processing this biometric data is explicit consent, as required under Article 9(2)(a) of the UK GDPR.

For all other personal data related to the processing of other orders, we rely on Article 6(1)(b) for the performance of a contract.

If you have any questions regarding the collection, use, or protection of your biometric data, please feel free to contact us for more information.

 

Sales and Marketing

Just Digital may at times engage in sales and marketing campaigns directed in the business-to-business environment. The data processed for such campaigns is gathered from publicly available business sources and will consist only of business contact details, including:

  • Company name
  • Company contact and email address
  • Job title or function
  • Company telephone number

The lawful basis under UK GDPR we use for this processing is Article 6 (1)(a) by Consent and Article 6(1)(f) where we have a legitimate interest.

Where we have asked for your consent to receive marketing communications and newsletters you may choose to opt out by emailing optout@justdigitaluk.com.

 

 

  1. What do we mean by “legal basis”?

We are only able to use your personal data when the law allows us to. This is called the legal basis. Regarding the above purposes, the legal basis listed for each are explained below:

Read more

Consent – You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. To do so please contact the Data Protection Officer via the details supplied below.

Contract – We need to use your data to fulfil a contract you have with us. Alternatively, it’s necessary to use your data because we have asked you to, or you have taken yourself, specific steps before entering that contract.

Legal Obligation – We need to use you’re your data to comply with the law.

Vital Interests – Processing your data is necessary to protect your vital interests or of another person. For example, to prevent you from serious physical harm.

Public Task – Using your data is necessary for the performance of a task carried out in the public interest, or because it is covered by a task set out in law, for example, for a statutory function.

Legitimate Interests – Processing your data is necessary to support a legitimate interest we or another party has, only where this is not outweighed by your own interests.

 

 

  1. Who we share your data with

Just Digital will not share or sell your personal data with any non-essential 3rd party, company or organisation whatsoever. Should there be any requirement that might involve your personal data being shared with a non-essential 3rd party we would always ask for your consent before doing so.

 

We may share business contact details with 3rd parties that are required to complete or fulfil a job or order that we are processing for you. In these circumstances we only share the minimum data required to complete that process. For Thumbies orders we share your data with our trusted supplier in the USA.

 

We do employ a number of business tools and applications to assist in the smooth functionality of our business, where data storage may be outside the UK. Where this is the case, our due diligence ensures that those tools or applications provide the full and current measures to ensure that the personal data stored remains secure in line with UK GDPR requirements.

 

If you require any specific information regarding those organisations, please contact us using our contact details displayed in this Privacy Notice. The tools and applications we employ include the following:

  • Microsoft
  • Print IQ
  • Sage Intaact
  • Moorepay
  • Claris Filemaker
  • Shuttleworth
  • Clarity
  • Hubspot
  • Etsy
  • Diginex
  • Dataguard
  • Adobe
  • Pageflex, ROI 360 stored on Azure Cloud
  • Shopify, Amazon Web Services
  • OVH Cloud

 

We have agreements in place with all our providers that oblige them to protect your data.

 

Where your personal data is transferred outside of the UK, we ensure that it is protected to a comparable standard to that within the UK. This is either because the destination country has been recognised by the UK government as providing an adequate level of data protection (an adequacy decision), or because we have put in place appropriate safeguards. These safeguards may include the use of the UK International Data Transfer Agreement (IDTA) or other legally recognised mechanisms. In some cases, we may also apply additional technical and organisational measures, such as encryption or pseudonymisation, to further ensure the security and protection of your data.

 

Sometimes, we may be legally obliged to supply copies of personal information to other organisations. For example, to supply information to the police. We might not be always able to tell you that we have shared your information in this way, however we will ensure this is only shared in accordance with the law.

 

 

  1. How we keep your data secure

Just Digital employs a number of business tools and servers to store and process data. Each provider has undergone our vendor due diligence to ensure they provide a safe and secure environment for our storage, processing and transfer of any personal data and information.

 

Just Digital limited is certified ISO27001, which is a stringent standard for any organisation which demonstrates high levels of IT security for the business information management system.

 

We maintain a Data Retention Policy which is reviewed and implemented on a two-yearly basis. Each business function (such as HR, Finance, Sales and Marketing, for instance) will each have every process we undertake as a business, the data we retain for each process, and apply any and all UK statutory requirements for that data in terms of retention periods.

 

Just Digital adheres to the UK GDPR principle of data minimisation, meaning that we only gather, retain and process the minimum data required for any business process or function. Once data is no longer required, as per our retention policy, this data will be deleted.

 

 

  1. Your data protection rights and how to exercise them

Under data protection law, you have rights including:

  • Your right of access. You have the right to ask us for copies of your personal information.
  • Your right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing. You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Your right to withdraw consent. Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.

 

The Information Commissioners Office (ICO) has detailed information which is easily accessible about your rights. This can be found here: A guide to individual rights | ICO

 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us if you wish to make a request: legal&compliance@justdigitaluk.com.

 

 

  1. Data Protection Officer

Please contact our internal person responsible for data protection in the first instance at legal&compliance@justdigitaluk.com.

The details of our designated Data Protection Officer are: DataCo International UK Limited, Suite 1, 7th Floor, 50 Broadway, London, United Kingdom SW1H 0BL, telephone: 0203 514 6557, email: privacy@dataguard.co.uk.

 

 

  1. How to contact the authorities

If you are unhappy with any aspect of this Privacy Notice, or how your personal data is being processed, please contact  legal&compliance@justdigitaluk.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by telephone on 0303 123 1113, or online at www.ico.org.uk

 

 

Policies and Notices are reviewed no longer than 2 years or as operational requirements demand.

 

Last reviewed September 2024