Privacy and
Cookie Policy

1. Introduction

In order to provide services to you, Rich Clicks Ltd (“the Company") collects and processes personal data about you.

When it comes to capturing and using data relating to individuals there are some key legal requirements with which the Company needs to comply.  The purpose of this statement is to set out how the Company meets these requirements and to ensure that every individual who provides data to the Company understands the legal basis on which that data is held, what the data is used for, how it is stored and who has access to it.

This policy should be viewed alongside the:

• Record Retention and Protection Policy
• Data Breach Notification Procedure

The legislation which details the legal requirements that the Company must follow in relation to data is the General Data Protection Regulation 2016 (“GDPR”).

2. Key Terms

GDPR is an extensive piece of legislation that seeks to protect the right to privacy of individuals.  There are some key terms with which you need to be familiar so as to understand the approach that the Company takes in relation to GDPR.  These are:

• Data Subject – the individual to whom the data relates.
• Personal data – any information relating to an identified or identifiable person.
• Processing – any action performed with the personal data (collection, recording, sharing, storing etc.)
• Controller – the person or entity who determines what data to collect and the use of that data.
• Processor – the person/people who collects and processes the data as per instructions from the Controller.

3. Key Roles Within The Company

Within the Company the following roles fulfil duties under this Privacy Statement

• Controller – Office Manager and Directors
• Processors – Office Manager, Directors and employees of the Company

4. The Six Privacy Principles

GDPR sets out six privacy principles with which the Company must comply.  These principles are:

4.1 Purpose Of Limitation

The Company must clearly state the reason that data is being held and can then only process data for that reason.  If the Company wants to use the data for a different reason to that for which the data was collected, then the Company must inform the data subject.

4.2 Data Minimisation

The Company must only collect the data that is needed.

4.3 Accuracy

The Company must take all reasonable steps to ensure that the data held is accurate.

4.4 Storage Limitation

The Company must only keep the data for as long as it is necessary.

4.5 Integrity and Confidentiality

The Company must take all reasonable steps to ensure that the data held is kept securely and is only shared with people who have a legitimate need to have access to it.

4.6 Lawfulness, fairness and transparency

The Company must have a legal basis for processing data and must be transparent about the data held, why it is held, how it is held, who has access to it and for how long it is retained.

5. Our Legal Bases For Processing Data

GDPR states that data can only be processed for one of six reasons – consent, contract, legal obligation, vital interests, public task and legitimate interests.

Of these, the reason that the Company holds data relating to the employees and directors of our clients is “contract” and “vital interests”, where contract is defined as “a lawful basis for processing data if a company is required to hold the data to fulfil their contractual obligations”. For those who have engaged with us on social media, through document downloads or have subscribed to our news and updates as potential leads or interested parties in what we do and the information we publish is “consent” and “legitimate interest”.

6. The Rights Of Data Subjects

You, as a data subject, have particular rights under GDPR.

These are:

6.1 The right to be informed

You have the right to know what data the Company holds about you, how it is held, what it is used for, who has access to it, how long it is held for, how you can see the data and the legal basis on which the data is held.  The Company will meet the obligations under this right through this Privacy Statement and through the additional policies named in the introduction.

6.2 The right of access

You have the right to see the data that the Company holds about you.  the Company will meet the obligations under this right through the Subject Access Request Procedure.

6.3 The right to rectification

You have the right to have any errors in the personal data held about you corrected.

6.4 The right to erasure

You have a right to request that personal data is deleted or destroyed where there is no compelling reason for the Company to continue to hold this data.  It is important to note that if the Company is required to keep the data to fulfil a legal obligation, then the right to erasure does not exist.

6.5 The right to restrict processing

You have a right to ‘block’ the processing of personal data.  This means that the Company can continue to store it but can no long process it.  This applies in very specific circumstances and cannot be applied if the restriction would prevent the Company from meeting any obligations under your contract of employment or from meeting a legal obligation.

6.6 The right to data portability

You have a right to move, copy or transfer data from one IT environment to another.  This is unlikely to be relevant to the data held by the Company.

6.7 The right to object

You have the right to object to data being processed where the legal basis for that processing is either one of legitimate interest or the performance of a task in the public interest.  You can also object if the processing of that data is for direct marketing.

6.8 Rights in relation to automated decision making and profiling

You have a right to request that a human be involved in automated decision making.  This is unlikely to be applicable in relation to the Company as no automated decision making processes are used.

7. Privacy By Design

The Company has adopted the principle of privacy by design and will ensure that the definition and implementation of all new or significantly changed systems (that collect or process personal data) will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.

The data protection impact assessment will include:

• Consideration of how personal data will be processed and for what purposes
• Assessment of whether the proposed processing of personal data is both necessary and proportionate to the purpose(s)
• Assessment of the risks to individuals in processing the personal data
• What controls are necessary to address the identified risks and demonstrate compliance with legislation

8. Data Protection Officer

A defined role of Data Protection Officer (DPO) is required under the GDPR if an organization is a public authority, if it performs large scale monitoring or if it processes particularly sensitive types of data on a large scale. The DPO is required to have an appropriate level of knowledge and can either be an in-house resource or outsourced to an appropriate service provider.

Based on these criteria, the Company does not require a Data Protection Officer to be appointed.

9. Breach Notification

It is the Company’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours. This will be managed in accordance with the Data Breach Notification Procedure which sets out the overall process of handling information security incidents.

10. Addressing Compliance To The GDPR

The following actions are undertaken to ensure that the Company complies at all times with the accountability principle of the GDPR:

• The legal basis for processing personal data is clear and unambiguous
• the Company communicates with all individuals regarding the data held and the rights that individuals have in relation to that data
• All staff involved in handling personal data understand their responsibilities for following good data protection practice
• Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
• Regular reviews of procedures involving personal data are carried out
• Privacy by design is adopted for all new or changed systems and processes

11. Disclosure

We will not pass on your personal data to third parties, with the exception of services that we use to carry out regular business activities, which include:

• Marketing automation, lead and client management through forms and cookies.
• Analytical information through cookies.
• Project management systems to provide requested support or perform our service to you the client

In these instances data protection agreements are in place with the service providers and information is secured through access control where a username and password is required.

Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

12. Concerns And Questions

GDPR is new legislation and how the rules are interpreted will continue to evolve.  The Company will continue to adopt best endeavors to ensure on-going compliance but any individual who has concerns regarding any of the actions that are taken or feels that they are unclear as to how the Company is complying with elements of the legislation should raise their concerns with the Office Manager.  Your concerns will be investigated and responded to within 28 days.

13. Requests For Data Held And Erasure

You can request the information we hold on you at any time. To do this you will need to email info@twmaconnect.com with the subject line “Personal Data Request”. We will then send you a form to complete and return to us along with proof of identity (passport, driving license, utility bill, etc.). Once we have received your form and proof of identity we will provide you with the data we hold.

Following us providing you with the information you requested you can should you wish request that we amend information, delete some information or delete you completely.

14. Our Data Controller

The data controller and processor for Rich Clicks Ltd is currently:

Name: Simone Luciani
Email: simone@richclicks.co.uk
Contact Number: +44 (0)20 70973852
Address:
The Biscuit Factory
Unit J312,
100 Clements Rd, Bermondsey,
London SE16 4DG

Cookies

Cookies are small pieces of data that are sent to and retrieved from your browser by a website. These cookies can be used to store and retrieve information about you or your computer, tablet or mobile device. This information can then be used to present you with a more personalised web experience, both on this site and others you visit.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. We will not use cookies to collect personally identifiable information about you.

Almost all modern websites use cookies, and European privacy regulations require that your consent is obtained for the use of all cookies except those that are necessary for the site to provide you with information and services you request.

Information about our use of cookies

Our website uses cookies to better understand how people make use of our website, as well as to allow for 3rd party integrations such as social networks. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose

Withdrawing Cookie Consent

If you wish to restrict or block the cookies which are set by our website, you can do this by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. The Help function within your browser should tell you how.

We know you don’t have time to read all this…

But if you did and you didn’t understand something, please don’t hesitate to contact us. Our amazing team will be able to help with any queries.

We are Digital Marketers, so we know very well how frustrating these policies can be!