Last modified 16 August 2018
We aim to protect any personal information that you give us and don’t pass it on to marketing list providers.
We use two of the six available lawful bases available under the GDPR for the collection, use and storage of personal data, namely legitimate interest and consent.
The following processes form part of our legitimate interest in the operation of Caz Limited, the websites it operates and its subsidiary Helios Professional Audio Limited.
Our website logs are kept for up to 26 months in case they are needed to investigate unauthorised behaviour including attacks.
Apart from dealing with threats, logs help us operate our websites and analyse their performance.
Website cookies are used for Google Analytics and to store preferences eg the language selection option when we implement that. The retention period for this analytics data is 26 months.
Web forms are monitored for abuse.
Web forms set out the process for which the entered data will be used and have individual consent tick boxes.
We will obtain consent for newsletters and similar should we use them as a means of marketing in the future.
What we collect
If you contact us for any reason, that information you provide may be recorded and stored for an appropriate period.
We retain customer financial transactions for six years at least. We reserve the right to delete them after that time.
We only share your address data with the Royal Mail, couriers and other businesses as necessary for the conduct of the work you ask us to do or orders made.
You have many rights regarding personal data. Get in touch if you want something deleted or altered.
These are some of the more common cookies that you may find being used on our websites:
- _ga, _gat and _gid – used by Google Analytics
- ARRAffinity – used for load balancing by our Microsoft Azure cloud hosting service
- .ASPXAUTH – used by the security system when logged in
- ai_user, ai_session – occasionally we turn on Azure Application Insights to ensure that the website is not producing errors
- __RequestVerificationToken – stores an encrypted token developed by Microsoft to mitigate cross-site scripting attacks
- __FormToken - used by an in-house mechanism to mitigate web form spam