Last Updated 8 April 2020
By using our website you are deemed to have read, understood and accepted the terms of this policy. If you do not agree to be bound by these terms, please do not use the website.
This website may contain links to the websites of third parties. If you follow a link to any of these websites, please note that these websites are subject to their own privacy policies and we do not accept any responsibility or liability for these policies or their use of your personal information. Please check these policies before you submit any personal data to these websites.
Please be aware that this policy may change from time to time and that such modifications are effective immediately, from the time they are included on our website.
Data Protection Privacy Notice
This privacy notice provides you with details of how we collect and process your personal data.
Fairhead Creative UK Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Fairhead Creative UK Ltd is a limited liability company registered in England and Wales with number 11944529. Our registered office address is: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.
We can be emailed at: firstname.lastname@example.org
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
What personal data we collect about you:
We collect personal information concerning a person or organisation for the purposes of assessing whether we may enter into a professional relationship with that person/organisation, and subsequently in the course of that professional relationship.
We cannot list all types of information we may gather in the course of our professional relationship with you, but generally the data we collect will include:
- Your name
- Your company name
- Your company postal address
- Your company email address
- Your phone number
- Your financial details
- Any personal data you post on our website
- Any personal data you directly provide to us,or generated in the course of us providing services to you; by
- email, over the phone or otherwise.
- Your marketing and communication preferences
How we may use your data:
We use the information you provide primarily for the provision of digital marketing services.
In addition we use personal data for the following purposes:
- Process financial transactions to enable you to purchase our services.
- Send client communications about services you have bought.
- Where we need to fulfil a contract between us, process orders, respond to enquiries related to those orders
- and deal with complaints.
- Reply to any enquiries you make about our services.
- Send you marketing communications when we are allowed by law to do so.
- Keep records of orders placed and communications around those orders.
- Keep records of communications.
- Comply with legal obligations we’re subject to or as required by a government authority.
- Operational reasons, to manage our business.
- To obtain professional advice.
- To keep your information and marketing preferences accurate
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (eg. to bring a legal claims forward if there was a breach of contract)
Our lawful grounds of processing
In line with General Data Protection Regulations, we will only process your personal data if we have a lawful ground for doing so.
The basis of processing to supply you with business services is so that we can fulfil our obligations under our contract with you (or to take steps at your request to enter into a contract with you). The basis of processing for additional purposes is our legitimate interests, which are the improvement of our ability to provide business services, compliance with our regulatory obligations, and where appropriate, marketing our products and services.
Most commonly we will use your personal data in the following circumstances:
- In relation to Client Data held for the purposes of fulfilling that contract, the processing is necessary for performance of a contract to which you are subject to, and for our legitimate interests in informing you about updates to the services, record keeping, and to protect our business from fraud and other illegal activities.
- In relation to Prospect Data gathered when you enquired about our products or services (whether that be through our website or otherwise), we process your data to handle your enquiry and keep records of this. The processing is necessary so that we can effectively respond to your query and provide you with the best service possible, and for our legitimate interest to grow our business.
- In relation to Prospect Data gathered when you signed up for free services or information, we process your data to deliver the service or information you’ve requested, reply to your queries and keep relevant records. You have given us consent to process your information for this purpose – and at any time you can withdraw your consent – and it is our legitimate interest to develop our products and services and our marketing strategy.
- In relation to your data that we process to comply with legal requirements or as required by a government authority, the processing is necessary for any legal obligations to which we are subject.
- In relation to Technical Data (including data about your use of our website and online services such as your IP address and your login data); we process this data to administer our business and websites, and our legitimate interests enable us to properly deliver the contracted services and protect our business and websites.
We do not collect any sensitive information about you.
We do not carry out automated decision making or any type of automated profiling.
How we collect your data
We may collect data about you when you provide the data directly to us (eg. by completing a form on the website or sending us emails).
We may source data from publicly available resources like Companies House.
We want to make sure that our sales and marketing practices are helpful for our prospects and clients, as well as being lawful practice. We may process your personal data to send you marketing communications because we have your express consent and/or because of our legitimate interests (namely to support cause-driven companies grow their impact and to develop our own business).
In line with the Privacy and Electronic Communications Regulations, we will only send you text or email marketing communication if you have either made a purchase, asked for information about our products and services, or you have agreed to receive marketing communications and in each case, you have not opted out of receiving that marketing. Under these regulations, if you are trading as a company, we may send you marketing emails without your prior consent. You can still opt out of marketing communications at any time.
You can ask us to stop sending you marketing messages at any time by emailing us at privacyfairhead.net. We also have unsubscribe buttons at the end of all of our emails.
Where you opt out of receiving our marketing communications, this opt out will not apply to personal data provided to us as a result of other transactions, for example a product/service purchase.
Who we share your information with
We may have to share your personal data with:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
This Privacy Notice applies to all Fairhead Group companies and any reference to our Group means our subsidiaries or ultimate holding company as defined by the UK Companies Act 2006. Your data may be accessible and shared with other organisations within our Group, for any of the purposes set out in this Privacy Notice, including where we have shared administration and staff.
In the event of a sale, merger, liquidation, receivership or the transfer of all or part of our assets to a third party, we may need to transfer your information to a third party. Any transfer will be subject to the agreement of the third party to this Privacy Notice and any processing being only in accordance with this Privacy Notice.
We do share your information with specific third-party service providers who fulfil specific functions such as processing payments and managing address information. When we work with a third-party partner, we only provide them with the information that they need to perform their specific function.
We share your personal information with ActiveCampaign in order to respond to your queries, deliver information you have requested, fulfil orders for services and deliver on contracts. You can read more about how ActiveCampaign uses your Personal Information on their website.
We share your personal information with Basecamp LLC in order to respond to your queries, set up meetings, fulfil orders for services and deliver on contracts. You can read more about how Basecamp LLC uses your Personal Information on their website.
We share your personal information with WPEngine, Inc. in order to host this website for you to use. You can read more about how WPEngine, Inc. uses your Personal Information on their website.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We will not disclose any of your personal information to a third party without your consent, unless we believe in good faith that the law requires it or that our rights or property need to be protected.
We do not collect your credit card information; this information bypasses us and is submitted directly to Stripe Inc. or Transferwise Ltd., our PCI compliant payment gateways which processes your card and remit the funds to us.
How we manage and store your data
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to.
In some circumstances, the data that we control may be transferred to, and stored at a destination outside of, the European Economic Area (“EEA”). For example, we use a number of suppliers for the purpose of supporting our business processes that are based in a different jurisdiction. We take appropriate steps to ensure that your information is treated securely in accordance with applicable laws.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How long we store your information for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding on the correct time to keep personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they stop being clients for tax purposes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to request access, correction, erasure, transfer, to object to processing of your personal data, to portability of data and to withdraw consent.
You can see more about these on the ICO website.
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We’re very careful with data – you may have noticed that we don’t store cookies on your device for our website. We don’t use any technology to identify you or track your behaviour. We don’t host advertisements on our website.
While we don’t use Google Analytics, Facebook Pixels or anything else that would track visitors to our site, we do not take responsibility for the information collected by these platforms that you already have relationships with.
The internet is not a secure medium and we do not accept any responsibility for any harm or damage incurred as a result of sending personal information to us over the internet or if we send such information the same way at your request.
If you have any questions or concerns relating to this policy, please contact us at: firstname.lastname@example.org