The Sofa Man is committed to protecting individual privacy and securing the personal information made available to us when you visit https://thesofaman.com and use our services.
Who We Are
Company Name (Data Controller): Kenneth Hope trading as The Sofa Man
Email address: thesofamanglasgow[at]gmail.com
Postal address: 18, 70 Strathclyde St, Glasgow G40 4JR
We will update this policy if our practices change, or as we develop better ways to keep you informed about them. You should periodically check this page for the latest information and the effective date of any changes. If we decide to change this policy, we will post a new policy on our site and change the date at the bottom. We may notify you of significant changes to this policy by email or by placing a prominent notice on our site.
What Information Do We Collect and How Do We Use It?
We collect personally identifiable information (personal data) from you when you use our website and services.
For example, you may voluntarily provide information by entering your name, e-mail address, mailing address or phone number when completing a contact form or you may choose to leave a comment on our blog.
We also collect some information automatically, including technical information relating to the use of our website, e.g. IP address, browser type, time zone setting, time on site etc. This allows us to properly administer our website and provide a better user experience.
We also receive some information from third parties to help us run and manage our business, for example, analytics information from Google, and payment processing from PayPal.
Here’s more information about the data we collect, how we use it and our legal grounds for processing. We will only the collect the information we need for the purpose it’s intended.
- Contact Data: any communication information that you send/give us. Whether that data be collected through a contact form on our website, by email, text, social media messaging, social media posting or any other communication method.
This may include: your name, email, address, phone number and any data you choose to disclose during your contact with us.
We use this data in order to: respond to enquiries, keep records of our communications and manage our business by taking the necessary steps to follow-up.
Our lawful grounds for processing: our legitimate interests in managing our business, record keeping, and to found, pursue or defend any legal claim.
- Marketing and Communications Data: this is the information you provide when you voluntarily signing up for our marketing communications and give your explicit consent for us to send you marketing information.
This may include: your name, email, phone number and your communication preferences in receiving marketing communications from us and our third parties.
We use this data in order to: send you our marketing content (marketing promotions, freebies, newsletters, notifications of upcoming events etc) to promote our products and services. You can opt-out of receiving any further marketing information at any time by simply clicking the Unsubscribe link shown in every marketing email sent.
Our lawful grounds for processing: on the basis of your consent and on the basis of legitimate interest to grow our business and to inform our marketing strategy.
Note: Under PECR (Privacy and Electronic Communications Regulations) we may only email or text you marketing information if you have made a purchase or asked for details about our services and products. Or where you have consented to receive marketing information. In line with these regulations if you are a Limited Company, we may send you marketing emails without your consent. You always have the option to opt-out of receiving any further marketing information from us at any time.
- Customer Data: this is the information we collect from you when you’re placing an order with us and that we keep so we are able to fulfil that contract with you.
This may include: name, email, address, phone number, contract details, signature, photo, testimonial and/or case study information provided by you.
Our lawful grounds for processing: to fulfil our contract and taking steps at your request to enter into such a contract. And for our legitimate interests in keeping you up-to-date with our services and products, marketing and growing our business, managing our business, record keeping, and to found, pursue or defend any legal claim. And to comply with a legal obligation.
- Financial Data: Billing information you provide so that we can process your payments.
This may include: your name, bank account and payment card details.
We use this data in order to: process financial transactions to enable you to purchase our services or products and to collect monies owed to us.
Our lawful grounds for processing: to fulfil our contract and our legitimate interests to manage payments and collect and recover money owed to us.
- Transaction Data: Transaction information relating to any purchases of services or goods.
This may include: your name, company details (company number, VAT registration etc), order information, invoices, payments, transaction query information between us and other details of purchases made by you.
We use this data in order to: perform a contract with you, keep a record of and process orders, manage our accounting, respond to related queries, deal with complaints, and comply with any legal obligations we are subject to or as required by a government authority.
Our lawful grounds for processing: To fulfil our contract, and in our legitimate interests in managing our business, record keeping and to found, pursue or defend legal claim. And to comply with a legal obligation (financial record keeping).
- Technical Data: Technical information we collect from online users, including visitors to our website.
This may include: Login ID, IP Address (internet protocol address), browser information, time zone and location details, operating system and other technology related information on the devices you use to access the site. This data comes from our analytics tracking system.
We use this data in order to: monitor and improve our website and online services, to help diagnose problems with our server, to manage the site by identifying which areas are most heavily used (including page views, navigation paths), to personalise your experience, to deliver relevant content and advertisements and to understand the effectiveness of our website performance and advertising, and to inform our marketing strategy.
Our lawful grounds for processing: our legitimate interests to properly administer our business online services, to grow our business and to inform our marketing strategy.
- Public User Data: Information, feedback and comments you provide to us publicly.
This may include: Blog comment details including the name and email of comment author, IP, browser agent, address and details of the post; information you post in Facebook groups we manage; information you share on group calls/meetings.
We use this data in order to: gather product/service feedback to help us improve our products/services, to deliver better/relevant content, to inform our marketing strategy, to protect our website from SPAM comments.
Note 2: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Note 3: In any instance you choose to publish Personal Data in a public forum (blog comments, Facebook posts, information disclosed on group calls/meetings) where others can view, collect or use this information, we cannot be accountable in any way for any third party’s improper or illicit use of this information.
Sensitive Data and Automated Processing
We do not collect any Sensitive data about you. That would include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
And we do not collect any details about criminal convictions and offences. Nor do we do any automated decision making or automated profiling.
Professional Advice and Insurance
We may process personal data in relation to getting professional advice and insurance. Our legal basis for doing so is our legitimate interests to protect and develop our business.
Keeping Your Information Up-to-Date
It’s important that the information we hold is up-to-date, so please let us know if your details change (e.g. you switch email addresses or change your name) by getting in touch. We may also contact you from time-to-time to make sure the personal data we hold for you is still right.
With Whom Do We Share Your Personal Data?
Your personal data may need to be shared with the following parties:
Authorities / Government Bodies
We may provide your personal data to supervisory authorities such as Tax and Customs Administration, the police and other statutory bodies. We provide your personal data:
- To comply with a statutory obligation or court order; or
- If this is necessary to prevent, trace or prosecute criminal acts; or
- If this is necessary to enforce our policies, or to protect the rights and freedoms of others.
Business Service Companies (data processors)
We make use of business service companies to help us perform our business functions. These organisations act only on our instructions, can only process the data for the specified purpose and treat it in accordance with the law. They are contractually bound by us not to use your data for their own purposes. This includes:
- Service providers who provide IT, administration and business support services;
- Payment service providers
When you make a purchase, you may receive a request to provide your payment details. This information may be collected and processed directly by the payment service provider. This provider is responsible for processing your payment details within the limits set by law.
- Professional advisers including, accountants, auditors, insurers, bankers, lawyers.
- Fraud prevention agencies.
- Any parties to whom we are engaged with regarding the sale, transfer or merger of the business and/or business assets.
Data Transfers Outside of the European Union / European Economic Area
Your personal data may be transferred outside of the European Union / European Economic Area. We are bound by the requirements of the General Data Protection Regulations and have taken steps to ensure that measures are in place to protect your personal data.
We may transfer your personal data to any country that provides an acceptable level of protection as approved by the European Commission. This may include:
- Service providers outside the EEA that uphold certain certifications, or are bound by standard contractual clauses we have in place that are approved by the European Commission
- Any US-based provider that is part of the EU-US Privacy Shield.
In any case where none of these protections is available, we may ask for your explicit consent to transfer your personal data. If you have consented, you may opt-out later.
Keeping Your Data Secure
Your Personal Data will be kept private and only disclosed to those who help us collect, manage and store the information. Your Personal Data will be accessible by those with a specific ‘need to know’, including our team members, service partners, web host, email marketing service provider and such.
We take commercially reasonable steps (technical and procedural) to stop your information from being accidentally lost, stolen, used without authorisation, altered or shared. That being said, we cannot guarantee that your Personal Data will always be secure due to technology or security breaches. We have procedures in place to deal with breaches we become aware of and will notify you when we are legally required to.
Storing and Deleting Your Personal Data
When deciding how long we need to keep information, we consider the legal requirements, the nature and sensitivity of the information, the amount of information, the processing purpose and whether we can achieve those purposes through other means.
There are instances where we are required to keep personal data to meet accounting, reporting and legal requirements imposed by public institutions. For example, tax law requires us to keep contact, identity, financial and transaction data for 6 years.
Your Legal Rights Under GDPR
You have the right to request access to your personal data.
You have the right to have your data corrected or that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You can also object to direct marketing and profiling. We do not carry out any automated profiling, but if you no longer want to receive direct marketing communication, you can withdraw your consent. Simply use the Unsubscribe link in the last communication you received.
Similarly, if we are processing your personal information based on your consent, you can withdraw that consent at any time. Please note that withdrawing your consent will not affect the processing of your personal data where the processing is being done on lawful grounds other than consent.
Please keep in mind too, that withdrawal does not have retrospective effect.
You may also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability.
All these rights are known collectively as your ‘data subject rights’.
You can find out more about your rights here:
Note: If you have an login account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you on our website database, including any data you have provided to us.
Also, be aware that we may ask for additional information when dealing with your request to verify your identity as a security measure.
We try to reply to requests within one month. Where your request is more complicated, or you have made multiple requests, it may take longer and we will advise you as such.
Furthermore, you have the right to complain to the UK Data Protection Authority ‘Information Commissioner’s Office (ICO)’, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.
Children’s Online Privacy Protection
We believe in the importance of protecting the privacy of children online and do not knowingly contact or collect personal information from children (in compliance with COPPA – Children’s Online Privacy Protection Act and the GDPR – General Data Protection Regulation of the EU). Our website and its content is directed to individuals who are at least 18 years old or older.
Data Protection Contact Details
Name: Kenny Hope, The Sofa Man
Email address: thesofamanglasgow[at]gmail.com
Postal address: 18, 70 Strathclyde St, Glasgow G40 4JR
Last updated 22 November 2018.