Click the tabs above to access the statements.
Updated 24 May 2018 in line with GDPR
Workflows’ business operations has no paper trail. Any details that we have in relation to you are kept electronically. It is the intention of this section to let you know EXACTLY what happens to this data.
Workflows has no ‘paper’ booking system.
Workflows has a Professional Indemnity Combined Insurance policy that covers Professional Indemnity, Public & Products Liability & Legal Expenses,
Online Payment Methods
Online payments are made by Standing Order or by Bank Transfer to our bank account. Your financial details are not stored in any way by us.
Client Information Systems & Accounting System Data
If you trade with Workflows then the following processes are in place pertinent to your data:
– Client information required for invoicing and accounts purposes is stored on an online accounts system. The accounts system is Xero. It is password controlled. There is access to one user and the accountant.
– A copy of accounting information is held by Workflows’ accountants at Workflows registered office.
– The following details are kept in MS Outlook for the purposes of managing client monthly accounts and for contact needs: First Name, Surname, Company Name, Email Address, Telephone Numbers, Future Website Consideration Information. The PC it resides on is password controlled.
– The following details are kept in Last Pass, an industry standard Password Management System, for handling client website passwords and usernames safely: Client website address, username and password. Client DNS domain provider login details are also kept in Last Pass. Access to Last Pass is via Two-factor authentication (2FA).
– The system is password protected. It runs in a secure firewalled computer environment and is only accessible to one person who oversees the above process.
– Workflows utilises an online backup service called SugarSync. Files are transferred securely using TLS (Transport Layer Security) and are stored in the cloud in an encrypted format using 256-bit AES – the same level of protection used for online financial transactions.
Client Website Systems & Data
– All Adaptable Websites are hosted by Siteground – a specialist WordPress Web Hosting Provider. All Websites are run on the WordPress platform.
– The following security is deployed at the server level on Siteground servers:
Account Isolation – Uses chroot so shared server safe i.e. Apache in a chrooted environment with suExec.
WordPress-Specific Firewall – prevent DDOS & provides Brute Protect.
Hardware traffic filtering and software … also limits login attempts.
Latest PHP and MySQL versions.
Siteground use Mod security on the server.
– The following security is deployed at the wordpress level:
Htaccess is used to provide numerous security rules e.g. blocking access to wp-login.php and wp-admin, blocking access to the htaccess file itself, disabling xml-rpc, blocking include-only files, protecting wp-config, disabling directory browsing.
Usernames are unique. Passwords for Adaptable Websites are 128 digits for the primary account.
Secondary accounts are not encouraged due to increased security risk …. but are enabled for clients that require their own access. Secondary accounts are only created on request by the client.
– The following security is deployed at the wordpress plugin level:
The security plugin Sucuri is used and consistent settings and checks used across all sites
– Clients sites are accessed via SFTP (Secure File Transfer Protocol) via the FTP software FileZilla or from Cpanel on the Web Hosting Provider’s system
– Client sites are all SSl-enabled i.e. https://
– Workflows provides an ’email-received’ check system for client contact form submissions. A submission from a client website generates an email to both the client and Workflows. Workflows checks that the client has received the email and on confirmation deletes the email. A deleted email is permanently deleted after 1 month. Workflows keeps no data from client contact form submissions.
The Information We Collect
Workflows (”We”) may collect, store and use the following kinds of personal data:
– information relating to any transactions carried out between you and us in relation to this Website, including information relating to any purchases you make of our goods or services including that as advised under ‘Accounting System Data’ in the ‘Workflows Operations’ section.
– information that you provide to us for the purpose of registering with us.
– information that you provide to us for the purpose of subscribing to our Website services.
– any other information that you choose to send us.
Personal Data Collected From Our Website
Personal data is only collected on our website if you choose to contact us via our contact form located on our contact page. If you make a submission we receive an email with the details of the submission. You will have consented to our usage of your data in order to fulfil your request. We only use your details to contact you.
We may use your personal information to:
– administer the Website;
– supply to you services that you are interested in as outlined on our Website;
– send statements/ invoices to you, and collect payments from you;
– send you general (non-marketing) commercial communications;
– send you email notifications which you have specifically requested or that are part of our service e.g. monthly client email;
Also, please note:
– where you submit personal information for publication on our Website, we will publish and otherwise use that information in accordance with the license you grant to us, e.g testimonials;
– we will not provide your personal information to any third parties for the purpose of direct marketing;
– we do not send newsletters;
– all our financial transactions are handled through our bank, HSBC via Standing Order or Bank Transfer. We may use Paypal in the odd circumstance to get a payment in advance.
Personal Data Collected On Client Websites
All client websites are SSL-enabled.
All client websites are the legal obligation of the client. It is the obligation of the client to make requests to changes of the site to fall in line with GDPR law and not that of Workflows.
Client sites, with the exception of e-commerce sites, have no cookies.
In addition, we may disclose information about you:
– to the extent that we are required to do so by law;
– in connection with any legal proceedings or prospective legal proceedings;
– in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
– to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
International Data Transfers
We only operate in the United Kingdom. The data centre, that handles our web services provided to clients, is based in London. The web hosting company used is Siteground. Data is not transferred internationally.
Security Of Your Personal/Company Data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. All personal information you provide is on secure (password- and firewall- protected) computers.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and user details confidential for your website if we have provided you with access to your website.
You may instruct us to provide you with any personal information we hold about you. We will provide this information and if you so require delete any data.
Third Party Websites
The Website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Workflows Ltd, 552-554 Bristol Rd, Selly Oak, Birmingham B29 6BD
The data controller responsible for the Workflows’ Website is:
Workflows Ltd, 552-554 Bristol Rd, Selly Oak, Birmingham B29 6BD
Registered in England and Wales.
Company No: 6624239
Registered Office: 552-554 Bristol Rd, Selly Oak, Birmingham B29 6BD
Data Protection Registration: Workflows acts as a data processor, and not as a data controller, of its clients’ data. Workflows only accesses data under client instruction or for important administration purposes. Workflows has been advised that it is notification exempt with regard to its general business activities.