Privacy statement – Website visitors, Supply Partners and Clients
Thank you for taking the time to stop by and read our Privacy Statement. We aim to be as open and transparent as possible with the people we deal with, so that you are fully informed about how we use the information you give us, and the information we gather from other places so that you can feel confident in our processes and the way we handle your information.
WHO ARE WE?
Hi, we’re Emberson Group Ltd. We’re an independent group of creative, marketing, presentation and lead generation agencies.
Our company registration number is 09576108.
Our VAT registration number is 223 8355 14.
Our ICO registration number is ZA297834.
Our registered office and postal address is 37 Great Pulteney Street, Bath, BA2 4DA, UK
This Privacy Statement applies to the personal data processed by Emberson Group Ltd and service providers appointed by us, when you do business with us, or if you use our website.
Where we are the organisation making the decisions about how to use the data, how long to keep it, who to share it with and more, we are the Controller.
We also act as a Processor for some of our clients who contract us to run B2B marketing campaigns on their behalf. Those clients are the Controllers of that data.
HOW TO CONTACT US
If you have any questions about this Privacy Statement, if you think we’ve missed something out, or would like to contact us about any other matter, please use the following contact information and we’ll be very happy to assist:
Registered Office Address: 37 Great Pulteney Street, Bath, BA2 4DA, UK
Telephone: +44 (0)1225 686266
HOW WE COLLECT PERSONAL DATA THROUGH OUR WEBSITE
We do this in two main ways:
The first is if you complete a contact form or registration form on the website. In this instance, we will use the information you’ve provided to respond to your query. We don’t re-use this information by adding you to marketing lists unless you have specifically opted in to receive marketing communications.
The second method of obtaining information is very common but may not be fully expected. When you provide your consent to tracking cookies, we have a legitimate interest to use the data gathered by the code to research your organisation, and from there, who works there that may be interested in our services. We will then use that information to collate contact information about you so that we’re able to make contact and build the relationship. Where we use our legitimate interest in this way to grow our business you will be able to opt out from any of our emails using the unsubscribe link in the footer.
Lead Forensics uses a small piece of code which tracks IP addresses visiting a website. Those IP addresses are then matched against data held by Lead Forensics, providing information about unknown website visitors from organisations. We use that information internally to work out who may have contacted us from your organisation, and cross reference to sites such as LinkedIn to match the people to the IP address.
We use the information we’ve obtained to make an initial introduction and to explore how we may be able to support you and your business.
Lead Forensics uses Java Script and not Cookies. We do use other Cookies and our full cookie notice can be found in the footer of our website.
HOW WE COLLECT PERSONAL DATA IN OTHER WAYS
We also collect data in the following ways:
- Face to face, for example at an event
- Over the telephone or via Teams, Zoom, webinars
- Via desk research looking at publicly available information (for example as provided on your own company website or LinkedIn, and other social platforms).
- From you or your company in relation to invoicing and Business As Usual operations.
- From information on the internet such as Companies House (Director checks).
WHAT PERSONAL DATA DO WE COLLECT?
We only collect data which is necessary to provide our services, respond to business queries, and send marketing communications: name, business email address, job title, company name, telephone number, business address, bank details (only if we need them), and sometimes a photograph of you if we’re writing an article to highlight you and your business – but only if you want it included!
WHAT DO WE DO WITH YOUR PERSONAL INFORMATION?
If you are a sole trader, and provide your data, and give us permission, we will use your data to maintain email, social media, telephone and offline contact with you using the legal basis of Consent under PECR and UKGDPR. We will always offer you an opt-out on every communication we subsequently send, so that withdrawing your consent is as easy as giving it.
If you are a Limited Company, we will contact you through the legal basis of Legitimate Interest, where we believe our marketing communications to be of interest to you in your role at your business contact details. We always give you the option to not be added to marketing lists, as well as an easy option to opt out of our communications, should you wish to do so. Alternatively, please email us at email@example.com to change your preferences or unsubscribe from our mailings.
If you are either a client or supply partner, we’ll use your data to pay you, or the company, send you invoices for money owed, send purchase orders, or estimates for work to be undertaken. If you are an individual, the use of your personal data for paying you is because we have a Contract with you.
As we’re a marketing and branding agency, we have a legitimate interest in adding your photograph to content we write about our relationship with you as a supplier or customer, along with personal stories about you where appropriate. Obviously, you don’t need to provide photographs and anecdotes, and we will always respect your wishes if you don’t want to supply them for inclusion.
As a supplier we also have a legitimate interest to display your photograph on our internal supplier directory (accessible on our intranet for Emberson employees only), you will be specifically asked if you are happy for your photograph to be used in this way and it can be removed at any time you request.
HOW LONG DO WE KEEP YOUR DATA FOR?
There are statutory retention periods for some of the data we process, such as financial information, but other personal data will only be retained for the shortest period necessary for the purposes we are using it for. How long we retain data will vary depending on the specific purposes it is used for. We update our email newsletter lists on a very regular basis, to ensure those who are not engaged are removed, and if you’ve unsubscribed, or asked to be removed, this is done within 7 days. If you have a query about a specific retention period, we’d be happy to let you know.
IF YOU WON’T PROVIDE YOUR DATA
If you are unwilling to provide us with the data we need to engage with you, we won’t be able to supply our services, or use you as a supply partner in our business. If there are specific concerns about a particular piece of data, please call us to discuss, as we’d rather understand your concerns and work through them, so that we’re all comfortable and able to work together.
WHO DO WE SHARE YOUR DATA WITH?
As a general rule, we will not transfer your personal data to third parties without your permission.
There are some exceptions to this:
If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We’ve never done this, but we have a legitimate interest to pursue money owed to us and we want to keep this option open to us.
It is possible, though unlikely, that we might be forced via a legal obligation to disclose your information in response to a court order or other binding mandate.
We do use an external chartered accountancy service and they have limited visibility of your personal business data for the administration of company financial affairs. We have a legitimate interest to allow this accountancy practice to have limited access to our client personal data in order to assist us in the management of our accounts.
Like most organisations, Emberson Group have a legitimate interest in the use a CRM to manage their data and record interactions. We have selected Zoho as our CRM provider. Zoho are used for our marketing information and have robust measures in place to ensure the privacy and security of the data entrusted with them, including ensuring the data stays within the EU where necessary. Their Privacy FAQ is here https://www.zoho.com/privacy/privacy-faq.html Zoho have very limited access to this information, and only on the very rare occasion we need support from them.
Our accounting system is Xero, and if you are either a supply partner or client, we will use our legitimate interests to add your business personal data to the system so that we can invoice you, pay your invoices and keep track of our business finances. Xero have very limited access to this information, and only on the very rare occasion we need support from them. We also use WorkflowMax from Xero to manage our projects.
We also have a legitimate interest to use standard cloud SaaS providers (Box and Microsoft SharePoint) to store documents that we need to work on together.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You have a number of rights under data protection law: these are:
Access: You have the right to access the personal data we may hold about you and the purposes for which we are using it. We may need to ask for proof of your identity and clarify the scope of the request.
Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.
Object: The Right to Object to marketing is absolute. We will always unsubscribe you when asked. Otherwise, this Right is applicable under certain circumstances. If you exercise this Right, we will deal with your request based on the lawful basis we’re using to process your data, and the individual circumstances surrounding the processing.
Erasure: The Right to Erasure is limited. We will assess any deletion request on a case-by-case basis. Please note when you unsubscribe from communications we will not normally completely erase all of your details, but suppress them, to ensure you are not contacted again in future. If you prefer to be erased completely from our files, please do let us know.
In all cases, we will endeavour to respond to you as soon as possible, at most within one calendar month. There are exceptions that would allow us to extend the legal response timeframe to three months (Right of Access) – but that will be rare, and we will always keep you informed.
If you would like to exercise any of these rights, please use the following contact details:
Address: 37 Great Pulteney Street, Bath, BA2 4DA, UK.
Alternatively, you can indicate your wishes using the unsubscribe link in our emails or call + 44 (0)1225 686266.
THIRD COUNTRY TRANSFERS
A number of the SaaS providers we have engaged are based outside of the UK/EU.
Where this is the case, we ensure that they have a lawful transfer mechanism to transfer the data in the 3rd country, along with supplementary measures where necessary.
In all cases, the lawful transfer mechanism used are the EU Standard Contractual Clauses, with the UK Addendum (if necessary) or the UK IDTA. Data processing Agreements are in place with all of our overseas suppliers.
Emberson Group will ensure that the continued use of 3rd country providers is monitored to ensure that a suitable lawful transfer mechanism is maintained in the future if the legal requirements change.
If you follow links to other sites from our website your data will be subject to the privacy policies of those sites. You should refer to these policies before providing your data.
UPDATES TO THIS STATEMENT
We review and update this Statement regularly to take account of changes to our processing and regulatory changes. We encourage you to review it from time to time. If we make any significant changes to this Statement, we will endeavour to communicate this to you where possible.
IF YOU WISH TO COMPLAIN
If you have a complaint about how we have processed your data, we would ask you to please contact us in the first instance so that we may take steps to remedy the issue.
You are of course also entitled to refer your complaint to the Information Commissioner’s Office by visiting their website at ico.org.uk
HOW YOU CAN REACH US
Emberson Group Ltd, 37 Great Pulteney Street, Bath, BA2 4DA.
Tel + 44 (0)1225 686266
Last updated December 2022.