Aimed Business is committed to adhering to the GDPR (General Data Protection Regulations), this means that we are transparent about why we request certain data from you and what we do with that data.
What is the GDPR?
GDPR is new legislation which will supersede the Data Protection Act as of May 25th 2018. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.
This policy describes the data that we collect from you or about you, and the way that we may use it from time to time. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process. Please read the policy carefully as it will help you to understand the way that we may use your data and our reasons for doing so.
The “data controller” of your personal data (in other words, the organisation that determines how your data is used) is Aimed Business. If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer, Andrew Callard by email (email@example.com)
2. The way that we use your personal data
A. What personal data do we collect?
Personal data is any information that could be used to identify you in some way (even if, in some scenarios such as online advertising, we don’t know your name). The personal data that we may collect from or about you could include the following:
• E-mail address;
• Phone number;
• Demographic information, such as postcode, preferences and interests;
• Technical information, such as the Internet protocol (IP) address used to connect your computer to the internet, browser you use to access the internet, operating system and device you viewed our website on; and
• Information about your website or social media visit such as length of visits to certain pages, services you viewed or searched for.
For the avoidance of doubt, we do not intend for any of our sites or services to be used by children, and we therefore do not intend to collect data from children. Similarly, we do not intend to collect (and we ask you not to disclose) any particularly sensitive data, such as data relating to your health, religion or ethnic background. Where our clients provide services for children or collect particularly sensitive data, conditions will be stipulated in our data processing contract as necessary.
B. How do we collect personal data?
We may collect personal data in a variety of ways including directly from you:
Information such as name, address and telephone number, as well as other information, such as your website details and preferred means of communication, may be collected when you voluntarily provide this information to us. For example when we exchange business cards, you register on the site, visit one of our events or call us.
We recognise that for some of our clients there is a high crossover between their business and personal lives and that data provided for the former also impacts on the latter. For example in a start-up company the email address and phone numbers may well initially be personal rather than business addresses.
C. How do we use personal data, and why?
It is our policy to limit the information collected to only the minimum information required to complete a user’s request. We use personal data in a limited range of ways to:
• Improve our products and services.
• Provide systematic analysis of the effectiveness of business strategies through commonly available tools like Google Analytics, Adwords and social media advertising platforms
• Provide you with updates of general relevant information and news through newsletters or phone calls. When we use automated processes such as email marketing for this, we seek prior consent.
• Invite you to relevant business events
• Inform individuals of competition successes
• For internal and business record keeping where such data is legally required such as the purchase any of our services (eg: billing information, including name, address, payment details).
D. How do we share your personal data?
Aimed Business will never sell, rent or swap your personal data or give it to anyone else for them to use for their own purposes without your prior consent.
We often undertake customer relationship management services on behalf of clients as a data processor or in some cases as a sub-contracted data controller. In these instances we may share your personal data only as far as it is necessary for any third party (or Aimed Business where it uses a sub-processor) to provide the services as requested or as needed on our behalf.
These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from using, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
If you make use of a service that allows the importation of contacts (eg. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested service. Such services are subject to separate contracts.
E. Transfer of personal data abroad and global compliance.
Aimed Business uses its best endeavours as far as practicable to ensure that any company it uses to provide its services participates in and complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from the EU or Switzerland, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles.
3. Security and retention of your personal data
A Security of your personal data:
We take the security of your data very seriously. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We keep these measures under close review. We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate.
We recognise that unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of personal data transmitted to our website and social media and any transmission is at the user’s own risk. Similarly we do not guarantee that our website, email and social media will be secure or free from bugs or viruses and you are responsible for using your own virus software protection.
B Retention of your personal data:
After a retention period has elapsed, the data is securely deleted. The longest retention period is for 6 years on the basis of legitimate interest eg HMRC.
C Accuracy of your personal data:
You can help us keep our records up to date by telling us when your contact details and other personal information changes. If you tell us of any changes (either to your personal information or how you wish us to contact you from time to time) it may take a short while for such changes to take effect but rest assured that we respect your rights and will endeavour to carry out such changes as soon as possible.
4. Your rights and how to contact us
The law gives you a number of rights in relation to your personal data and our use of it. You have the right to:
a) ask us not to use your personal data for direct marketing purposes;
b) ask to see what personal data we hold about you and to find out about the way that we process the data
c) ask us to correct or update any personal data which is inaccurate;
d) ask for personal data to be deleted
e) ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it.
You also have the right to complain about our use of your personal data. You can contact the Information Commissioner’s Office via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.