Skip to content

Privacy Policy

Think-Inks is a division of the company Waterloo Business Management Ltd. (hereafter referred to as “WBM Ltd.”). As a division of WBM Ltd., Think-Inks adheres to the Policies and Procedures as put in place by the company WBM Ltd, and any reference to WBM Ltd. is to include the division of Think-Inks.

1. Our Commitment to Personal Data.

The protection of personal data should be your right.
It is our responsibility to do everything we can to protect your data.
Data should ONLY be collected when it is required to provide a certain product or service.

We will NEVER sell, share or disclose your personal data without your permission unless it is requested by law enforcement agencies, court order or the revenue.

2. Legislation We Abide By.

WBM Ltd. follows the guidelines and legislation of the following bodies
The UK Data Protection Act 2018
The EU General Data Protection Regulation (GDPR) 2018
We follow the guidelines of the Information Commissioners Office the UK's official data protection body.

All the regulators above impose strict practices when it comes to the processing and storing of your personal data. If you are not from the UK, the chances are we will meet the data regulations in your country too. If you wish to check on any aspect of your data protection rights, you think may not be covered you can contact our data protection officer whose contact details can be found in section 9.

3. Data Retention.

WBM Ltd. collects various kinds of information depending on the product or service being ordered by our clients or visitors. In this section, we tell you what information we collect, why we collect it, how long we store it for and where we store it.

3.1 Account Information Data (Registration for any of our programmes)

What: We collect full legal name, postal address, email address, telephone number, IP address when you register as a client at the time of registration.

Why: We collect this information to run your account, contact you with important information about our service, to record your transactions and balance and to provide you with support.

How Long: Client data is stored for the life of the client account. After an account is closed the data will no longer be used for processing, however, it will remain stored for a period of 5 years from the end of the tax year in which you close your account. This is to comply with HMRC tax reporting which is a statutory requirement and so overrules any request to completely remove data.

Where: We store all form input securely in our admin area on our site and in our email accounts. All our hosts servers encrypt data during transfer and employ server security. Your account details will also be kept on the computers in our offices which are also secured.

3.2 Client Mailing List

We do not currently run a mailing list from this website.

3.3 Browser Tracking Information

What: What site you came from to get to our site, what link you clicked, what browser you use, what operating system you use, your geographical location, your IP address.

Why: Like a lot of websites we may use Google Analytics or other tracking software to track user interaction with our website. This helps us find out things like how many people visit our site, how they navigate around our site, the pages that are most visited. This data is stored on our website to provide us with traffic analysis. It helps us improve our site and our services. This information does not directly identify you as a person it is just behavioural data. Google may also record your IP address which could be used to identify you, however, they do not give us access to that information.
Google also uses cookies you can find details on that in the developer section of their site. Google is a third-party service provider see section 5.

How Long: This data is normally purged every 3 years. It is not personally identifying data so there is no way we can remove data about your visits as we do not know what part of the data is attributed to you.

Where: Basic tracking information we store on our web hosts cloud servers in the UK. All their servers encrypt data during transfer and employ the latest in server security. This data, however, does not personally identify you and is not classed as sensitive personal data.
Any Google based tracking is stored by Google on their servers. While this data may be used to track you, Google does not give us access to that kind of information. See third-party providers.

3.4 Support Emails

What: Your email address, your name, your contact telephone number, the text of your enquiry, any attachments you upload.
Why: We store these details so that we can deal with your support or enquiry requests.

How Long: Emails are normally stored for a period of 5 years.

Where: We store this information in the admin area of our website or within our email accounts. All our web hosts servers encrypt data during transfer and employ the latest in server security.

3.5 Collection Request Emails.

What: Your email address, your name, your contact telephone number, your address, the text of your enquiry, any attachments you upload.

Why: We store these details so that we can deal with your collection requests.

How Long: These emails will be saved for 5 years.

Where: We store this information in the admin area of our website or within our email accounts. All our web hosts servers encrypt data during transfer and employ the latest in server security.

3.6 Account Creation Form

What: Your email address, your name, your contact telephone number, your company name, your address.

Why: We store these details so that we may create an account for you within our office systems.

How Long: Until your account is created within our office systems at which point the emails may be deleted.

Where: These emails will be stored in our secure admin area and within our email accounts. All our web hosts servers encrypt data during transfer and employ the latest in server security.

3.7 Session Tracking

What: The time and date you log into our site, any actions you perform while logged in, the IP address you log in from.

Why: To monitor the security of our billing and support area and to help investigate any malicious attacks against our system. To track actions performed on your account in case of dispute.

How Long: This data is kept for a minimum of two years after which time it is deleted.

Where: We store this information on our web hosts cloud servers in the UK. All their servers encrypt data during transfer and employ the latest in server security.

3.8 Email sending Log

What: Details of all emails that we send to you will be stored within our secure email accounts.

Why: For our reference, so that we can prove communication if there is a dispute and to monitor that our support system is working as it should.

How long: This data is deleted after five years.

Where: We store this information on our email hosts servers in the UK. All their servers encrypt data during transfer and employ the latest in server security.

3.9 Backups of Our Website

What: Our host takes daily backups of our entire website.

Why: For recovery purposes if our site gets damaged, hacked or in the case of hardware failure resulting in data loss.

How Long: These backups are kept for three days then automatically deleted as they are replaced by newer backups.

Where: They are stored securely on our web hosts Google Drive account. See third-party providers for details on how they protect your data.

4. Where We Store Your Data

4.1 Your Account Data (see 3.1 above)

Your customer data is stored on CRM, our Inventory Management System and on our Sage software. All are password protected and all are data stored locally which is backed up and also in the cloud.

All communications between your computer and our site where account details may be asked for are encrypted using the latest SSL 256bit encryption to make data unreadable during transfer. (See How We Protect Your Data.)

4.2 Mailing List Data

We do not currently run a mailing list from this site.

4.3 Payment Data and Financial Information

This is stored securely within our office systems.

4.4 Our Website Backups

These are stored securely on our web hosts Google drive account.

5. Third Party Providers and Data Processors

Some of the services we use may process, store or have access to your data to help us run our service to you. We have no control over their processing or data storage however they are all reputable and data protection focussed companies that have been vetted by us. The companies we use are as follows;
Upcloud See Privacy Policy
Google See Privacy Policy
3001web See privacy policy
Microsoft Office 365:
We also use Microsoft Dynamics 365 for CRM purposes: See privacy policy
UPS See privacy policy

6. How We Protect Your Data

Our web hosts server team make sure that our server security and our site is always is up to date.
Data is encrypted when sent between the client and our servers using 256bit encryption provided by SSL certificates issued for our own site.
Our web hosts servers have regular security checks and hardening performed on them by their server administration team.
Our web hosts servers contain (among others) the following security protocols;
cPHulk brute force protection to protect against brute force attacks
Mod Security
PHP open_basedir Protection
CageFS is enabled This provides filesystem-level protections for our users and server.
Apache Symlink Protection: CloudLinux protections are in effect ensuring each hosting account is caged and totally separate from other accounts on our cloud.
CSF firewall is installed, and LFD is running.
System kernels are updated instantly as released.
The MySQL port is blocked by the firewall, effectively allowing only local connections.
Password strength requirements are strong at both server level and admin areas for individual sites.
Outbound SMTP connections are restricted.
Php versions upgraded regularly as soon as they are stable.
Our site is monitored daily for out of date or no longer supported plugins, themes and core code and immediately updated by our host where required.
Pseudonymisation is recommended by GDPR and ICO, however, developers of software like WordPress are still working on this. We will, of course, implement that as soon as it is available and stable.

7. Data Breaches

We will report any unlawful data breach of our site, our database or any third-party data processors. This will be reported to the ICO in the UK. The report will be submitted within 72 hours if we can establish that personal data was accessed or stolen. In the event that personal data was accessed and in accordance with the GDPR rules we may also inform the data subject (you).

8. Name and Address of The Controller

The controller for the purposes of the General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA) is:
Heather Brooks
Unit C Sellers Business Park, Drury Lane, Oldham, OL9 8EY U.K.
0161 338 5208

9. Name and Address of the Data Protection Officer

James O’Connor
Unit C Sellers Business Park, Drury Lane, Oldham, OL9 8EY U.K.
0161 338 5208
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

10. Cookies

The website of WBM Ltd. uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate your browser from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.

Through the use of cookies, WBM Ltd. can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimised with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilise our website. The website user that uses cookies e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

You, of course, may, at any time, prevent the setting of cookies through our website by means of corresponding settings of your Internet browser, and deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programmes. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in your browser, not all functions of our website may be entirely usable.

11. Your Rights as A Data Subject

GDPR and DPA give you the following rights to do with the data we store on you.

The right to be informed.
Put simply you can ask our data controller why we store your information and what we use it for. However, that is openly discussed above.

The right of access
You have a right of access to that data to look at it. In the case of your main support and billing account, you have full access to that by logging into our client area. In the case of logs, we keep when you access our site you can ask us to provide you with a copy of them. Please contact our data protection officer from the ticketing area of your client account.

The right to rectification
If any of the information we hold about you is incorrect you have the right to have it amended. In most cases this is possible by logging into our client area you can correct it yourself. Anything you cannot edit yourself you can ask our data controller to edit for you. Obviously, we will need to verify your identity before we edit any of your information. Please contact our data protection officer from the ticketing area of your client account.

The right to erasure (right to be forgotten)
You have the right to have all data we have on you erased. This, in the case of WBM Ltd., would mean you closing your account with us and terminating of all your services, as without that basic data we cannot provide our services to you. There is SOME data that can NOT be erased even on request as we are required to keep it by statutory law in the UK. EG financial transactions and invoices which we are legally obliged to store for 5 Years after the end of the financial year they occur in. Statutory law trumps any privacy law in most countries. Please contact our data protection officer from the ticketing area of your client account if you wish to have your data erased.

The right to restrict processing
If you want to restrict us from processing information that is incorrect until it is corrected. If you close your account with us but would like us to still let you have access to the data for your accounting, in this case, it would be stored but not processed. When processing is unlawful and you oppose erasure and request restriction instead. If we no longer need your personal data but you require the data to establish, exercise or defend a legal claim. Please contact our data protection officer from the contact form if you wish to have data processing restricted.

The right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from WBM Ltd. to another company in a safe and secure way, without hindrance to usability. Please contact our data protection officer from the contact page for a portable copy of your data.

The right to object
You have the right to object to the processing of your data for the following purposes;
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.
WBM Ltd. do not currently process data in any of these ways.
Rights in relation to automated decision making and profiling.
WBM Ltd. does NOT employ automated profiling in any way.

12. Lawful Basis for The Processing of Your Data

Our lawful basis for processing your data is Contract. We need to process your personal data to offer our services. Your legal name and legal address are required to comply with UK tax laws which supersede data protection laws. Your contact details such as email or telephone numbers are required to be able to contact you and maintain your account with us.

13. Changes to this policy

This privacy policy was created by WBM Ltd. on 1st August 2018. We may change this policy at any time. It is your responsibility to check this privacy policy regularly for changes.

Call Now