Privacy Policy

Last updated [month & year], in accordance with the requirements of the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
This is the [company name], registered in England and Wales [Registered Number] whose registered address is [registered address].

[Company name] is committed to acting in compliance with the General Data Protection Regulation and Data Protection Act 2018.

[Company name] is a [sector] company. We hold your personal data in our database and process it for [data storage reason/s]. We are committed to protecting your privacy and maintaining the security of any personal information received from you. We follow strict security procedures in the storage and disclosure of information, which you may have given us, to prevent unauthorised access in accordance with stringent requirements of the General Data Protection Regulation and Data Protection Act 2018.

The purpose of this statement is to explain to you what personal information we collect and how we may use it.

Our Lawful Basis For Processing Personal Data

[Company name] is a [company sector] company. The data we collect from you is for [marketing/sales] purposes. We may supply your information to third parties for [company specific] purposes.

The main purposes to which your data is used is to [company specific purposes]. Such information may be provided by marketing communications or advertising which is tailored to your interests.

In accordance with the General Data Protection Regulation we can use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals.

Our lawful basis for processing personal data for [company purpose] is known as Legitimate Interest. The benefits being pursued by our organisation are the [company specific benefits]. However, when processing personal data for the purposes of electronic marketing including email and SMS, we will obtain your express, opt-in consent.

What Data We May Collect From You And How We Will Use Your Data

[Company name] conducts telephone and digital campaigns to collect information from you for marketing purposes. This helps us ensure that the goods and service offers which wish to make to you are relevant and tailored to your responses and what we know about you.

The marketing communication may be through:

  • Email marketing
  • Postal /Mailing Marketing
  • Live Telemarketing
  • SMS/MMS Mobile Message Marketing
  • Online Digital / Social Media Advertising
 

In accordance with the Privacy and Electronic Communications (EC Directive) Regulations 2003 any marketing communication we make to you through marketing calls, emails and texts are only where we have been given explicit permission to do so.

The information we collect includes your name and contact information. We will never ask you for your bank account details, nor do we collect sensitive information about your medical history, religious or political belief.

[Delete section if not relevant to the company] We operate an email mailing programme. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages.

Sometimes your data will be used for analysis purposes or to build data products. In these instances, the information is aggregated and wherever possible anonymised in line with the Information Commissioner’s code of practice. Again, these products are of a marketing nature.

[Company name] may use your data to group consumers into profiles, who are more likely to have common habits and interests. Profiling is summarising consumer data which include lifestyles, preferences, demographics, and purchasing patterns. It offers additional insight into customers and to help our clients to identify and gain a deeper understanding of their target market, enabling relevant and tailored marketing. We do not use profiling or any of the data we hold to make automated decisions about you.

Where We Store Your Personal Information

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

How We Use Recorded Data

We use information held about you in the following ways:

  • To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us.
  • To provide you with information about other services we offer that are similar to those that you have already purchased or enquired about.
  • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we may contact you by phone, e-mail, letter or SMS with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please inform us by emailing [company email address]
  • To notify you about changes to our service.
  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Information we collect about you. We will use this information:
  • To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • As part of our efforts to keep our site safe and secure.
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
  • To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

In accordance with the GDPR, personal data shall be kept for no longer than is necessary for the purposes for which it is being processed.
[Company name] systems store personal data therefore all reasonable precautions shall be taken to ensure that appropriate confidentiality and control procedures are in place. We take the security of your data and the accessibility to our systems very seriously, with an emphasis on physical security, network and application security.

Disclosure of Your Information

[Company name] may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. [We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience].
 

[Company name] have a procedure in place if a breach of security
leading to the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data transmitted,
stored or otherwise processed.

 
We will assess the scope and impact of the breach. If, due to the nature
of the breach that [Company name] is required to inform the ICO, we
will do so within 72 hours of becoming aware of the essential facts of
the breach.
Based on the assessment of the likely risks to individuals, we will notify the individuals and/or their connected organisations that a data breach has occurred where this may result in a significant risk to the rights and freedoms of individuals, or where we may be in breach of a contractual obligation. Any such notification to individuals will be carried out as soon as reasonably possible and will include information on the nature of the breach, the name and contact details of our Data Protection representative, the likely consequences of the breach, measures taken or proposed by [Company name] to address it, and recommendations for affected individuals to mitigate any potential adverse effects. Such individuals will also be provided advice on how to make a complaint to the ICO.
 

Your Right To Withdraw

[Company name] respects your rights to your personal data. The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.
 

If you do not wish [Company name] to use your personal data for direct marketing of our goods and services, you have the right to withdraw your permission at any time and can unsubscribe using the link in any email you have received from us or you can notify us in writing either by email to [company email address] or in writing to:

[Company address]

How We Use Cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information. A cookie is a small file of letters and numbers that we put on your computer. These cookies allow us to distinguish you from other users of our websites, which helps us to provide you with a better experience when you browse our websites and allows us to improve our sites. The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the sites when they are using them. This helps us to improve the way our websites work, for example by ensuring that users are finding what they are looking for easily. Our cookies are not used to collect personally identifiable information about you.

We list below the cookies we use on each of our websites and provide a brief explanation of what those cookies do. Most web browsers allow some control of most cookies through the browser settings. For more information on this, and more information about cookies in general, you may wish to visit www.aboutcookies.org. For information about how to delete cookies from your mobile ‘phone you will need to refer to your handset manual. Please be aware that restricting cookies is likely to impact on your ability to use our websites effectively and may make areas of our websites inaccessible or inoperable. The cookies we use are as follows:
[List cookies]

How You Can Obtain Data We Hold About You

You have the right to know what information we hold on our system about you at any given time. To obtain details of the information we hold as it relates specifically to you, you may contact [Company name] at the following address:

[Company address]

[Company email address] with the subject line: Information Request.

When contacting us to ascertain the information we hold about you, it would be helpful if you could provide us with details of your full name, address and contact details.

How can I make a complaint?

Write to: [Company name], [Company address]

E-mail: [Company email]

Tel: [Company phone number]

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the contact details set out above.

Changes To The Policy

[Company name] reserves the right to modify or update this Privacy Policy from time to time. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.