Join the Dots Agency Ltd, also known as Join the Dots, is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold on you. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to:
Data controller details
Join the Dots Agency Ltd is a Data Controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:
Data protection principles
In relation to your personal data, we will:
process it fairly, lawfully and in a clear, transparent way
collect your data only for reasons that we find proper for the course of business
only use it in the way that we have told you about
ensure it is correct and up to date
keep your data for only as long as we need it
process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
Types of data we process
We hold limited data about you, including;
your personal details including your name, job title, business and home addresses, business email address and contact phone numbers
your personal details including your name, job title, business address, business email and contact phone numbers
your personal details including your name, job title, business address, business email address and contact phone numbers
your email address
How we collect your data
We collect data about you usually;
when you express an interest in becoming a client, we ask you for your contact details
when we take you on as a client we collect your information for the purposes of contracts and initial set up/implementation from you directly
when you provide data via our partner prioritisation tool
when we engage you as a supplier to carry out services for Join the Dots Agency Ltd
when you sign up for our newsletter via our website
Personal data is kept securely within;
Outlook email contacts
a secured access-controlled cloud drive (Teams)
HubSpot for storage and distribution
Tide, our accounting software for invoicing
Why we process your data
Under GDPR, where we are the Data Controller we must have a lawful basis for processing all personal data. GDPR sets out the where processing of personal data can be undertaken legally;
As a current customer or supplier, the law on data protection allows us to process your data in order to perform the contract that we are party, in that;
we can communicate with you with regards to the services
we can issue invoicing
we can send you information relating to our services, changes in our organisation and events as part of the contract services
Communicate with you as a Vendor in your supply and performance of services to us
As a prospective customer or website user, the law on data protection allows us to process your data for legitimate interests, in that;
We can communicate with you regard future contracts
We can issue the newsletter you registered for on our website
Sharing your data
Your data is not shared outside Join the Dots Agency Ltd or its contracted Associates.
Contract Associates are employed by Join the Dots Agency Ltd to deliver contract services to our clients.
Your data is only shared where it is necessary for them to undertake their duties. This includes;
Delivery of contract services
We do not share your data with bodies outside of the European Economic Area.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Data is predominantly secured by password and access control
Data held is minimal and relates predominantly to contact information only and where possible limited to business information.
How long we keep your data for
We value data protection, and as such, we only retain your information for as long as necessary. Typically, we keep your data for the duration of your contract, but in some cases we keep it for a little longer to ensure a seamless transition.
Join the Dots Agency Ltd will retain your personal data where we have an ongoing legitimate need to do so, for example to engage in long term relationships with our customers and prospective customers.
Where there is no legitimate basis or there has been no engagement with you for a period of seven years, we will either delete or anonymise your personal data.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
the right to portability. You may transfer the data that we hold on you for your own purposes.
the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact the Data Controller as detailed above.
Making a complaint
If you think your data protection rights have been breached in any way by us, please make a complaint direct to Join the Dots by emailing firstname.lastname@example.org. If you’re not happy with our response you can of course report your complaint to the supervisory authority in the UK for data protection matters which is the Information Commissioner (ICO).
APPENDIX 1 – Website Privacy Notice
The DPA & GDPR May 2018
We and this website comply to the DPA (Data Protection Act 1998) and already comply to the GDPR (General Data Protection Regulation) which comes into effect from May 2018. We will update this policy accordingly after the completion of the UK’s exit from the European Union.
What are cookies?
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
Website visitor tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Downloads & media files
Any downloadable documents, files or media made available on this website are provided to users at their own risk.
While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
Contact & communication with us
Users contacting us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in ‘The policy’ above.
Email mailing list & marketing messages
Our email mailing list program keeps subscribers up to date on our products, services, and news. We use a secure online process that requires explicit permission to join. Rest assured, all personal information is collected, managed, and stored in compliance with our policy and regulations.
Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from all our lists). The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
Social media policy & usage
Our Social Media Policy guarantees that our business and employees uphold proper conduct online. Although we maintain official social media profiles, we suggest double checking their authenticity before sharing any sensitive information. Understand that we will never request any personal information or passwords on social media. As a result, we expect all users to behave appropriately when interacting with us on those platforms.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
External website links & third parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; LinkedIn, LinkedIn or www.LinkedIn.com.)
Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Resources & further information
Overview of the GDPR – General Data Protection Regulation
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003
The Guide to the PECR 2003