1. Our Commitment To Personal Data.
The protection of personal data should be your right.
It is our responsibility to do everything we can to protect your data.
Data should ONLY be collected when it is required to provide a certain product or service.
We will NEVER sell, share or disclose your personal data without your permission unless it is requested by warrant by law enforcement agencies.
2. Legislation We Abide By.
2001 Downloads follows the guidelines and legislation of the following bodies
We follow the guidelines of the Information Commissioners Office the UK’s official data protection body.
All the regulators above impose strict practices when it comes to the processing and storing of your personal data. If you are not from the UK the chances are we will meet the data regulations in your country too. If you wish to check on any aspect of your data protection rights you think may not be covered you can contact our data protection officer whose contact details can be found in section 9.
3. Data Retention.
2001 Downloads collects various kinds of information. In this section, we tell you what information we collect, why we collect it, how long we store it for and where we store it.
3.1 Account Information Data (Registration for any of our products or services)
What: We collect full legal name, postal address, email address, shipping address, telephone number, IP address when you register as a customer at the time of registration.
Why: We collect this information to run your account, contact you about the products you bought, contact you with important information about our products, to invoice or bill you and to provide you with support.
How Long: Client data is stored for the life of the client account. After an account is closed the data will no longer be used for processing, however, it will remain stored for a period of 22 months from the end of the tax year in which you close your account. This is to comply with HMRC tax reporting which is a statutory requirement and so overrules any request to completely remove data.
Where: We store this information
3.2 Our Newsletter
What: We collect your name, email address, IP address you signed up from, your consent to send the newsletter.
Why: We use this newsletter to communicate with you regarding new products we may add to our site.
How Long?: For the life of your account with us or until you remove yourself or unsubscribe from our newsletter.
Where: This information is stored at mailchimp.com. Mailchimp is the company that provides our newsletter mailing system. See third-party providers.
3.3 Browser Tracking Information
What: What site you came from to get to our site, what link you clicked, what browser you use, what operating system you use, your geographical location, your IP address.
Why: Like a lot of websites we may use Google Analytics and other tracking software to track user interaction with our website. This helps us find out things like how many people visit our site, how they navigate around our site, the pages that are most visited. This data is stored on our website to provide us with traffic analysis. It helps us improve our site and our services. This information does not directly identify you as a person it is just behavioural data. Google may also record your IP address which could be used to identify you, however, they do not give 3001web access to that information.
How Long: This data is normally purged every 2 years or so. It is not personally identifying data so there is no way we can remove data about your visits as we do not know what party of the data is attributed to you.
Where: Basic tracking information we store in our web hosting account with our web host. Our site encrypts data during transfer and employs the latest in website security. This data however does not personally identify you and is not classed as sensitive personal date.
Any Google based tracking is stored by Google on their servers. While this data may be used to track you Google do not give us access to that kind of information. See third-party providers.
3.4 Session Tracking
What: The time and date you log into our site, any actions you perform while logged in, the IP address you log in from.
Why: To monitor the security of our site and to help investigate any malicious attacks against our system. To track actions performed on your account in case of dispute.
How Long: This data is kept for a minimum of two years after which time it is deleted.
Where: We store this information
What: Our host takes daily backups of our site which are stored remotely by them see third-party services.
Why: For recovery purposes if our site gets damaged, hacked or in the case of hardware failure resulting in data loss.
How Long: These backups are kept for three days then automatically deleted. They are stored securely by our web host.
Where: Our host stores this information on their Google Drive account in the UK. See third-party providers for details on how they protect your data.
What: We temporarily store emails either in our Gmail accounts or any of our 2001downloads.com email addresses.
Why: To be able to respond to your questions or carry out any tasks requested.
How Long: Once the issue is resolved or we have answered you the emails are deleted we do not store email long term.
Where: We store this information securely on our web hosting account or on our computers.
4. Where We Store Your Data
4.1 Your Account Data (see 3.1 above)
All your account data is stored in our website admin area. The password data is encrypted in the database. The rest of the data is not. However, all communications between your computer and our site are encrypted using the latest SSL 256bit encryption to make data unreadable during transfer. Our database is also protected by the latest web security.
4.2 Mailing List Data
This is not stored on our servers but on the secure servers of Mailchimp.com who provide our newsletter sending system. (see Third Party Providers)
4.3 Payment Data And Financial Information
We DO NOT store this kind of information. This is stored securely by Paypal or your own bank. Your account details are not revealed to us other than your PayPal email address and details provided to us by Paypal. (see Third Party Providers)
4.5 Your Data Within Our Website Backups
These are stored securely in our web hosts Google drive account.
5. Third Party Providers And Data Processors
Some of the services we use may process, store or have access to your data to help us run our service to you. We have no control over their processing or data storage however they are all reputable and data protection focussed companies that have been vetted by us. The companies we use are as follows;
6. How We Protect Your Data
Data is encrypted when sent between you and our website using 256bit encryption provided by SSL certificates issued for our own site by letsencrypt.org
We chose our web host 3001web based on their high-security standards.
The servers our site is hosted on have regular security checks and hardening performed on them by our host.
Our host regularly updates WordPress the programme that runs our site.
Our host uses (among others) the following security protocols;
cPHulk brute force protection to protect against brute force attacks
PHP open_basedir Protection
CageFS is enabled This provides filesystem-level protections for our users and server.
Apache Symlink Protection: CloudLinux protections are in effect ensuring each hosting account is caged and totally separate from other accounts on our cloud.
CSF firewall is installed, and LFD is running.
System kernels are updated instantly as released.
The MySQL port is blocked by the firewall, effectively allowing only local connections.
Outbound SMTP connections are restricted.
Php versions upgraded regularly as soon as they are stable.
7. Data Breaches
We will report any unlawful data breach of our database or the database(s) of any of our third party data processors. This will be reported to the ICO in the
8. Name And Address Of The Controller
The controller for the purposes of the General Data Protection Regulation (GDPR) And The UK Data Protection Act (DPA) is:
18 Thirlmere Ave
DN33 3EA Grimsby
Phone: 01472 313120
9. Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:
Mr Gary McHugh
18 Thirlmere Ave
DN33 3EA Grimsby
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
You, of course, may, at any time, prevent the setting of cookies through our website by means of corresponding settings of your Internet browser, and deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programmes. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in your browser, not all functions of our website may be entirely usable.
11. Your Rights As A Data Subject
GDPR and DPA give you the following rights to do with the data we store on you.
The right to be informed.
Put simply you can ask our data controller why we store your information and what we use it for. However, that is openly discussed above.
The right of access
You have a right of access to
The right to rectification
If any of the information we hold about you is incorrect you have the right to have it amended. In most
The right to erasure (right to be forgotten)
You have the right to have all data we have on you erased. This in the case of 2001 downloads would mean you closing your account with us and terminating of all your access to your account with us, as without that basic data we
The right to restrict processing
If you want to restrict us from processing information that is incorrect until it is corrected. If you close your account with us but would like us to still let you have access to the data for your accounting, in this case, it would be stored but not processed. When processing is unlawful and you oppose erasure and request restriction instead. If we no longer need your personal data but you require the data to establish, exercise or defend a legal claim.
The right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from 2001downloads.com to another company in a safe and secure way, without hindrance to usability.
The right to object
You have the right to object to the processing of your data for the following purposes;
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.
2001downloads.com do not currently process data in any of these ways.
Rights in relation to automated decision making and profiling.
2001 downloads do NOT employ automated profiling in any way.
12. Lawful Basis For The Processing Of Your Data
We need to process your personal data to offer our services as a digital downloads site in the UK. Your legal name and legal address are required to comply with UK tax laws which supersede data protection laws. Your contact details such as email or telephone numbers are required to be able to contact you regarding our products should we need to.
13. Changes to this policy