There is a full privacy statement further below (Titled – Your Right To Be Informed) which you are free to read – however this section provides a summary of what data we collect and what we do with it in simple and straightforward terms.
If you have any questions at all, or need anything clarifying feel free to email us at email@example.com
Online data – we use google analytics to collect overall data on the number of visitors to our website and what they do when they are there. For example, if 100 people viewed our home page and then 86 of them viewed our about us page, we can see that information.
We also review how long people stay on our site and broadly, where they come from down to a regional level. We do not store or collect any data on IP addresses or use that data to identify individuals. Although this information is potentially available through google analytics, it is not used by us or processed in any way. We use the data we collect to alter our website on a general level. We do not, at present, tailor the site to individuals.
Business Prospecting – we collect the names and contact details of business prospects, with whom we would like to work. These are sourced through shows, exhibitions, online research, networking and referrals. We collect and process this data on the basis of our legitimate business interest. It is in our interest to market towards companies who may wish to purchase our services, and we believe that it is in their interest to hear from us. We give prospects the opportunity to opt out of any and all communications. In this we abide by GDPR 2018 and PECR – regarding business to business marketing and emailing.
Business Clients – we collect the names and addresses of our customers (but not app users) as well as their contact details for the purposes of delivering the services we offer, keeping them informed of progress, as well as standard business processes, such as invoicing and reporting. This is necessary if we are going to be able to deliver on our customers’ requirements. It is not possible to specify, deliver and monitor any of our digital solutions if we do not talk to the clients regularly through the process. We communicate with our customers during the delivery of the services on the legal basis of contractual obligation. Once we have completed a job we store customers’ data for up to 10 years after last contact, after which it is assessed, and if thought prudent, securely destroyed (shredded). There may be some instances, where it is necessary to retain the data for longer, due to legal obligations.
We send out occasional mailings and newsletters to our business clients – this is done on the basis of legitimate business interest. It is in our interest to keep in touch with our customers and inform them our services, and we believe it is in their interests to receive our communications.
Suppliers – we work with a number of suppliers and freelancers to deliver on our services. Where those suppliers have any access to personal data, we clarify their obligations under data protection legislation, and confirm their GDPR compliance. We process the information about our suppliers on the basis of our contractual obligations to them and in some cases, legitimate business interest. It is in both our interests to maintain a consistent and healthy business relationship, and regular communications are, in our view, essential to achieving this.
Client data – in some cases we have access to, and process data on behalf of our clients (but not our users). For example a client may have a site hosted with us, which we have designed and built, in which case we may have access to their files and analytics data. Or, we may have built an app or digital solution which collects data for our clients. In these cases we act as a processor for the client. Clearly in such cases we ensure that the data is collected in line with GDPR, but, the data itself is owned by the clients, who are the data controllers. As the data processor, any questions or information regarding this data which we receive would be shared with the client, and where appropriate a joint response delivered. If you have any questions about a specific solution we have developed, on behalf of our client then email us at firstname.lastname@example.org.
Anyone can opt out of receiving any contact from us, other than that mandated by our contractual obligations, by emailing us at email@example.com.
We do not pass on your data to any third parties, except where required by law. Or where, as we have stated above, we are acting as a processor for a client. In these cases it is always made clear who is the data controller and on whose behalf the data is being collected and processed.
We keep your data securely, respecting your right to privacy – you can find out more about our data security by emailing us at firstname.lastname@example.org
You have the right to be forgotten by us. If you want to be forgotten, please email us at email@example.com. We will remove all the data we hold other than what is required under our contractual obligations (we must hold some data legally for 10 years). We will not however, communicate with you (except where this is legally required). However, you should be aware that by being forgotten, we will not store any data on you and will not be able to access or process your service history.
We also need to ensure that we remember your request to be forgotten (for example, should we need to restore systems from a backup, we need to know, to remember, that you wanted to be forgotten).
As part of handling and processing your data your first point of call should you have any issues or questions about what we do, or why we do it;
Your right to be informed
You have the right to be informed about what we do with your data, and why. Therefore, to ensure that you are, we have compiled a handy summary below.
We respect your privacy and safeguard your data.
Your personal information
Collecting very specific, relevant information is a necessary part of us being able to provide you with the services you are purchasing. We will only use your personal information fairly and securely, and will never do anything with it (such as sharing it with any other party) that you have not clearly agreed to, or that could be considered irresponsible.
How we collect your data – We collect data from a range of sources:
Customers – direct from customers through the normal process of undertaking our business obligations – quoting for work, developing digital solutions.
Business Prospects – through online research, referral and business development activities.
Our customers data – we occasionally process data on behalf of our customers – acting as a data processor. We have access to customers sites, apps and solutions we develop (not our app users). The data we collect is specific to each individual customer and you can find out more by emailing us at firstname.lastname@example.org.
Lawful basis of our processing – we process data under our contractual obligations to you and under our legitimate business interests.
Contractual Obligations – it is necessary for us to process your data to deliver on our contractual obligations – for example, to support our business services, development of digital solutions, communications and invoicing. Legitimate business interest – it is in our legitimate business interest to keep you informed of our services, products, and interesting developments in the world of digital marketing and design, with the purpose of retaining your custom for the future and developing new business opportunities.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We collect a range of personal data – information required to deliver on our services and prospecting activity. We collect contact details (e.g. email address, phone number, address).
Where we collect data on behalf of a client – this is covered by our data processing contract with the client, and their GDPR compliance and processes. In this case this data may include details of individuals under the age of 16 if they have identified themselves as the main contact and the information has been supplied by them. Where the individual is under the age of 16, we obtain explicit permission for all contact from the individual, and if under 13, from their parent or guardian where possible, as determined by our clients GDPR compliance processes. Specific details of the data we collect on behalf of our customers can be found by emailing us. As a data processor we will refer the request to the client, and work with them to develop our specific response.
We use our data (excluding data processed on behalf of a client) – to prospect for new business, manage client services, to deal with our suppliers, invoice and manage payments, as well as periodic marketing.
We do not share this data with anyone (excluding data processed on behalf of a client), except in specific circumstances where required by law to do so.
We do share the data we collect on behalf of our clients – with our clients as you would expect– in this case we act as processors on behalf of our clients, and so our contractual obligations, and their GDPR compliance require us to share data. In each case it is made clear where relevant who is holding the data, and who the data is shared with.
We do not transfer data outside of the UK or EEA. However, by the nature of the Internet, the personal data you supply through this website may be sent electronically to servers anywhere in the world – google analytics data for example. It may be used, stored and processed anywhere in the world, including countries outside the European Economic Area. For any transfers of the data outside the EEA we will ensure that all reasonable security measures are taken and that any third party processers will be required to process the data in accordance with GDPR.
We have a number of clients outside of the EEA, and where we collect and process data on their behalf we undertake due diligence to ensure that our clients abide by GDPR and the countries ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
We retain all data for up to 10 years from last contact, after which it is securely destroyed. You can find out more about our data retention policy by emailing email@example.com, or reviewing the text at the bottom of this page.
You can find more information on your individual rights on the ICO website by clicking here https://ico.org.uk/
You can withdraw your consent for any aspect of our data processing in relation to your own personal data at any time by emailing firstname.lastname@example.org. Please be aware that we must process and maintain data to support contractual obligations to you and to third parties so withdrawing your consent will not necessarily mean your data is deleted. We will retain what is necessary to fulfil our contractual obligations, and also an identifier to ensure we do not collect your data again – so we have a record that you have withdrawn your consent.
You can object to the processing of any aspect of our data processing at any time by emailing email@example.com. Please be aware that we must process and maintain data to support contractual obligations to you and to third parties so withdrawing your consent will not necessarily mean your will not be processed. We will retain what is necessary to fulfil our contractual obligations, and also an identifier to ensure we do not process your data again – so we have a record that you have asked us not to process your data.
You can request rectification – of any of the data we hold on you if you believe it to be inaccurate by emailing firstname.lastname@example.org.
You have the right to see what data we have on you. You can do this by emailing email@example.com. We will deal with your request within 1 month of request. In the case where we are processing data on behalf of a client we will refer to the client and develop a joint response.
You have the right to data portability – so we will transfer the data we have on you to any other appointed company at your request. This will not include business confidential information.
You can also lodge a complaint with the ICO if you feel we have not lived up to our obligations by clicking here https://ico.org.uk/concerns/
The data we hold comes from a range of sources – for our customers it comes from the customers themselves (or their appointed representatives). For business prospects – from online research, referral and normal business development activities. On behalf of our clients, the data is collected through the hosting, apps and digital services we develop.
We do not use our data for the purposes of profiling or automated decision making. On occasion we may develop products for our clients where data is profiled – in such a case we confirm the details of the profiling and the GDPR compliance with the client.
In order to provide you with the best, tailored experience of our site we will need to place small text files, or ‘cookies’, or your computer.
Most cookies that we use are ‘session’ cookies and only exist for the time that you are using our site. They perform functional tasks – such as remembering that you are logged in as you move from page to page, or to pre-load your personal details into forms to save you time.
We may also track cookies anonymously to fuel our site analytics and learn how to improve your experience and hone the relevance of our products and services.
You can set your browser to reject all cookies. Please note that if you do this then certain areas of this website may not be able to function for you. We recommend that you choose a browser setting that rejects third-party cookies but allows the benign, functional ones that make the good stuff work.
External links – The way that external sites that we link process data is not our responsibility however we endeavour not to link to any sites that behave in an unethical or illegal manner. To find out more or highlight such links please email firstname.lastname@example.org.
Security – you can rest assured that all your personal data is kept securely. Unfortunately, no data transmission over the Internet is guaranteed 100% secure, but we do take appropriate steps to protect the security of your personal data as required under our obligations under GDPR.
We endeavour to keep your personal data accurate and up to date. If you become aware of errors or inaccuracies, please email email@example.com.
Copyright – the Iconic Reserve logo and contents of this website (including text, design and graphics) are trademarked and copyrighted materials of Iconic Reserve or its partners. All rights are reserved.
Online Advertising We May Use – we reserve the right to use Google AdWords Remarketing to advertise ourselves across the Internet. AdWords Remarketing will display relevant ads tailored to you, based on what parts of our website you have viewed by placing a cookie on your internet browser. The cookie does NOT in any way identify you or give access to your device. Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
How to Opt-out of Remarketing and Advertising – if you do not wish to participate in our Google AdWords Remarketing, you can opt out by visiting Google’s Ads Preferences Manager.
Data Retention Policy
We store your data as securely as is practical, respecting your privacy. It is stored in a few locations: our offices, some on mobiles devices, on various websites and online backups.
We store data for up to 10 years after the point of last contact, after which it is reviewed and when deemed appropriate securely destroyed. There will be some instances where we retain the data for longer, if required under our contractual obligations or by law.
We believe that 10 years is a reasonable time scale, and after 10 years we review the customer and take decisions on data retention on an individual basis.
Data is securely deleted, and/or shredded at the end of the retention period.
A small amount of data – such as analytics data on our website – is stored permanently. This is so we can track activity on our site over a long period.
If you want to find out more email firstname.lastname@example.org.
This Policy was updated on 1st Dec 2021.