Data Protection Policy

              Revised Janruary 2017

LATEST: Please see our response to GDPR here


Vogal Design is committed to preserving the confidentiality and integrity of all information it holds and processes and to operating its business in compliance with the requirements of the UK Data Protection Act 1998.
We recognise the importance of Personal Data and of respecting the privacy rights of individuals. This Data Protection & Security Policy (“Policy”) sets out the principles which we apply to our Processing of Personal Data and use of Confidential Information so that we not only safeguard one of our most valuable assets, but also that which belongs to our customers. For the most part we process this information as a Data Processor when carrying out our software-as-a-service (or “SaaS”) operations for our customers.
Any questions about this Policy should be raised with the Vogal Design whose details are at the end of this Policy.



The following key words and phrases are used within this Policy:
“Confidential Information”
means all information (however recorded, preserved or disclosed) disclosed to Vogal Design or its representatives, whether or not marked as “confidential”, including but not limited to:
(a) Personal Data, any information designated as confidential or commercially sensitive or that which is, by its nature, clearly confidential,

(b) the business, affairs, customers, clients, suppliers, plans, developments, intentions, or market opportunities of the disclosing party or of the disclosing party’s group;

(c) the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party or of the disclosing party’s group; and

(d) any information or analysis derived from Confidential Information; but not including any information that:

(d1) is or becomes generally available to the public other than as a result of its disclosure
by Vogal Design in breach of this Policy;


(d2) was available to Vogal Design on a non-confidential basis prior to disclosure by the
disclosing party;

(d3) is received by Vogal Design from a third party who lawfully acquired or developed it
and who is under no obligation of confidentiality in relation to its disclosure;

(d4) the parties agree in writing is not confidential or may be disclosed; or

(d5) is independently developed by Vogal Design without the use of the disclosing party’s
Confidential Information.


means information that is processed electronically (e.g. by computer); is recorded manually (e.g. on paper) with the intention of being processed electronically; or is recorded as part of any filing system structured by reference to individuals or criteria relating to them in such a way that specific information relating to a particular individual is readily accessible;

“Data Controller”

means the organisation that determines the purposes for which and the manner in which Personal Data is processed;

“Data Processor”

means the organisation that processes Personal Data on behalf of the Data Controller;

“Data Subject”

means a living, identifiable individual about whom Personal Data is processed;

“Personal Data”

means Data which relate to a living individual who can be identified from those Data or from those Data and other information which is in the possession of or is likely to come into our possession as Data Controller or Data Processor, as the case may be. Personal Data include opinions and any indications of our intentions towards an individual;


includes obtaining, recording, holding, altering, retrieving, consulting, using, disclosing, blocking, erasing or destroying Personal Data;

“Sensitive Personal Data”

means information about the Data Subject relating to the (a) racial or ethnic origin, (b) political opinions, (c) religious beliefs or other beliefs of a similar nature, (d) trade union membership, (e) physical or mental health or condition, (f) sexual life, (g) commission or alleged commission by any offence, and (h) any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.

Data Protection Principles

Vogal Design is committed to complying with the data protection principles set out in the Legislation. Under the UK Data Protection Act, these are set out as eight data protection principles, under which Personal Data must:
1. be processed fairly and lawfully;
2. be obtained and processed only for one or more specified and lawful purposes;
3. be adequate, relevant and not excessive in relation to the purpose;
4. be accurate and, where necessary, kept up to date;
5. be kept for no longer than is necessary for the purpose;
6. be processed in accordance with the rights of Data Subjects under the Legislation;
7. be held securely and appropriate technical and organisational measures must be taken
against unauthorised or unlawful Processing and against accidental loss, destruction or
8. not be transferred to a country or territory outside the European Economic Area unless
adequate protection is in place.

Confidential Information

Vogal Design will keep Confidential Information (which of course extends beyond Personal Data) it receives confidential and, except with the prior written consent of the disclosing party, and will:
- not use or exploit the Confidential Information in any way except for the purposes for which it has been disclosed;
- not disclose or make available the Confidential Information in whole or in part to any third
party, except as expressly permitted by the disclosing party;
- not copy, confirm in writing or otherwise record the Confidential Information except as strictly necessary for the purposes for which it has been disclosed and any such copies,
confirmations or records shall remain the property of the disclosing party; and
- apply the technical and organisational measures as Annexed to this Policy to Confidential

Vogal Design may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction provided that, to the extent we are legally permitted to do so, we give the other party as much notice of this disclosure as possible.

Vogal Design may, provided that we have reasonable grounds to believe that the disclosing party is involved in activity that may constitute a criminal offence under the Bribery Act 2010, disclose Confidential Information to the Serious Fraud Office without first notifying the disclosing party of such disclosure.

At the request of the disclosing party, Vogal Design shall:
- destroy or at Vogal Design’s discretion, return to the disclosing party all documents and materials
(and any copies) containing, reflecting, incorporating, or based on the disclosing party’s
Confidential Information;
- erase all the disclosing party’s Confidential Information from its computer systems or which is stored in electronic form (to the extent possible); and certify in writing to the disclosing party that it has complied with the requirements of this clause.

Amendments to This Policy

This Policy and its Schedules will be updated from time to time by Vogal Design to reflect any
changes in legislation or in our methods or practices. The current issue of the Policy will be available from our website at or by contacting us directly.

Contact Information

For further information, please contact Vogal Design directly.
Contact Details
By Email:
In writing: Vogal Design, 7 Valley Heights, Denholme, Bradford, BD13 4AT

Registered in England & Wales No: 9740426                              Data Protection Policy        Abuse Policy         Terms of use        Complaints