GDPR (General Data Protection Regulation) & PECR (Privacy and Electronic Communications Regulation) Compliance for data held by Bang Anderson for our own marketing.
Updated 6th March 2018
Bang Anderson is committed to protecting and respecting your privacy. Please read this GDPR & PECR policy carefully, so that you can see why and how we collect data from you, and how it is used by us.
We hold our EU clients’ and suppliers’ data and the data of personnel within companies that have expressed an interest in, or used Bang Anderson’s services. We collect this data through business contact in quoting for, or completing a marketing project, if a subject subscribes to our email newsletter, or we have met in person and exchanged business contact details for mutually agreed marketing purposes.
We endeavor to hold only the data we require to contact our clients, potential clients or suppliers: name, company name & address, company email, main company telephone number and work mobile.
Contact data is stored on our in-house server which is not connected to the internet, professional ISP web and email servers (Heart and SiteGround), Mac email address books and on a secure server for email marketing purposes with Campaign Monitor.
We are committed to complying with the current data protection laws including GDPR & PECR only processing that data for the purposes made clear below:
- We will NEVER share or sell your data to any 3rd parties
- We do NOT buy, or use lists from 3rd parties, regardless of the opt in consents
- We will do our best to ensure your personal information is accurate and kept up-to-date. Please do contact us if you want to update your details
- We will never disclose your details unless required to do so legitimately by law. For example, a request from the ICO
- We will not send you marketing messages via cold calls, automated calls, texts or fax
- We will contact you regarding current or potential projects as necessitated by the project or campaign
- Under PECR we might contact you in your professional capacity by HTML email, or post with marketing / design news, offers and updates. We have identified as the most unobtrusive way to contact you. We will never contact you with marketing communications more than once a calendar month and only if:
- we have a pre-existing professional, or personal relationship with you
- we have a financial or contractural agreement with you
- that we believe the information is of genuine and legitimate interest
- we believe that the information is useful, or relevant to your job role.
- If you do not find our marketing communications of use or interest, you can easily choose to unsubscribe from our HTML emails at any time. We will NEVER contact you again using this method (or any other form of marketing communication) and will delete your data from our active email marketing lists. The Unsubscribe link can be found in the header, footer and body areas of our marketing emails
- If you require access, or wish to update the data stored by Bang Anderson please email DPO@banganderson.co.uk and we will supply this free of charge, if requested, within one calendar month
- If you wish to delete your record from our marketing list, simply send an email request to DPO@banganderson.co.uk
- The internet isn’t always an inherently safe environment, but we will always work to ensure that all reasonable technical and organisational measures are in place to protect your personal data against accidental or unlawful loss, alteration, unauthorised use, disclosure or access
- If there is a breach of the data we hold, which risks your rights or freedoms, we commit to reporting to the ICO and our contacts on the compromised lists within 72 hours of the breach
- We undertake regular data and process audits
GDPR and Bang Anderson as your data processor
As a marketing company Bang Anderson will use the customer data that you supply for marketing campaigns and projects as specifically instructed by you, in writing, ‘the controller’. If you are another marketing company, sub-contracting a data processing task to Bang Anderson you become our ‘data controller’ and the obligations and responsibilities below apply.
It is your responsibility to / or make sure that your end client does:
- Ensure that positive marketing consent and/or legitimate interest/ professional relevance is clearly documented in your records before Bang Anderson receives the data
- Consent – freely given and informed (what, how long, how often)
- Legitimate interest
- Professional relevance
- Vital interest (to protect life)
- All data should be sent or returned via a secure server and NOT as an email attachment
- We will discuss, agree and regularly review how we process the data on your behalf to meet your marketing objectives, whilst ensuring GDPR & PECR compliance
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Decide whether you need to pay the Data Protection Charges to the ICO, or if you are exempt. Click here to read the ICO document.
Our responsibilities to you:
- If there is a breach of the data we hold which risks your data subjects’ rights or freedoms, we commit to reporting to the ICO and our contacts on the compromised lists within 72hours of the breach
- Contact and personnel data is stored on our in-house server, which is not connected to the internet, professional ISP web and email servers (Heart and SiteGround), Mac email address books and on a secure server for email marketing purposes with Campaign Monitor.
- Any payment transactions will be encrypted using SSL technology.
- Bang Anderson’s staff are contracted to keep your data confidential whilst being processed
- Bang Anderson will return your data at the end of the project or working relationship and delete all records from our systems
- Appoint your own DPO just to be on the safe side (data protection officer)
- Conduct a data audit and written appraisal / report
- potential, current and past customers, suppliers & employees
- where is the data stored
- why is it retained
- how is the data used
- how long for if applicable
- Check and note on your data lists how consent for each individual was collected
- Delete any old lists or data
- Delete any fields in your database that aren’t really necessary
- Conduct regular database cleanses of current data
- If you have children on your database, consider how you verify their ages
- Ensure that you have direct access to data lists stored in email marketing systems or on your website
- Create a dedicated Privacy and GDPR area / page on your website clearly setting out your procedures and DPO contacts
- Create a clear infographic to visually explain your data collection, protection and processes (including who processes & stores your data)
- Ensure that this page is clearly visible on your website within the main and footer navigation, the contact us page and that the page is linked to wherever possible
- Email marketing templates, where we recommend a clear footer is created explaining why the email is being sent and a VERY prominent ‘unsubscribe’ button.
- Your staff’s email signatures
- Any standard document footers
- Included in proposal or tender templates
- Ensure that all sign up forms either within your website or into an email marketing system include a OPT IN box, clearly state what the visitor is signing up for, for how long and how often. Plus, a link to your privacy / GDPR page
- Ensure that any offline application forms include the same information with an opt in box.
- Where you can try to keep the data as segmented as possible, so that subjects ONLY receive marketing communications about the specific product or service they are interested in. For example on the web page for XX product have a sign up form and opt in box which populates a list for JUST product XX.
- Dedicate a member of staff (or commission Bang Anderson) to update your WordPress site every month or at the very, very least every month – a site scan, delete comments, update plugins, patches, themes and core to ensure that your site is as secure as possible.
- Get an SSL on your website for added security and confidence. Also becoming a part of Google ranking.
- Do keep and safely store any paper forms showing the subjects opt in choices