Data ProtectionThis document relates to information we retrive and/or store in order for us to do business with you.
Last Updated: 28/05/18
Collection of Data
In order to do business with our customers, we collect the minimum amount of information from them at point-of-sale. This will include full name, contact number, contact email and postal address. This information is entered by the customer as the normal process of a sale. We do not collect, store or ask for IP addresses.
Security of Data
Devilish Publishing runs its own server on-site, where it runs all of its web services (except DNS - the technology that matches a domain name to the actual server address). This means that when you visit our website or send us an email, it is being directed to our server at our administration office in York, United Kingdom. We run 128-bit encryption at www.devilishpublishing.com and data entered at point-of-sale is then entered on our enterprise-class systems on our server, and is not stored on an office computer, external storage device or otherwise removed from the server unless for temporary backup only. Backups are always performed securely and are completely destroyed within 48hrs of them being made. The database of our main system (we use a full-blown ERP solution called Adempiere) cannot be accessed outside the local network. Access within the network is highly restricted, and part of the Devilish Publishing policy is that all internal authentication (particuarly passwords) is randomly generated; there is strictly no generic passwords, and each authentication is unique.
How we Use your Data
We use your data so we can provide our service to you. We currently do not maintain or operate a mailing list. Any future mailing lists will be an opt-in; you will never be emailed to ask if you want to be opted-in; the only way to opt-in is through an online form or clearly marked at point-of-sale. We never give out, sell or otherwise make known any of your personal details unless you give us permission to do so.
Right to be Forgotten
Under the new GDPR legislation, people have the 'right to be forgotten'. If requested, we will replace your database records with anonymised data. This means the records still exist, but your personal details are replaced with arbitrary data which cannot be linked or referenced to you. This allows us to comply with your request inline with GDPR, whilst keeping the integrity of our data intact.