A national PR agency that loves and lives in the North

Privacy Policy

Privacy Policy

 Down at the Social Privacy Policy

Introduction and pledge

This policy applies to all personal information Down at the Social receives either via a Down at the Social website (Down at the Social Ltd), or information supplied to Down at the Social by an

individual or client.

Down at the Social is both a data controller (our websites) and data processor (information given to us by our clients). In all cases we are committed to protecting the privacy of personal data.

This policy explains how our business, www.downatthesocial.co.uk and www.socialite.co.uk use any information you provide and the ways in which we protect your privacy. We ask you to read it carefully.

We treat any personal information (which means data from which you can be identified, including your name, address, e-mail address) that you give us, or that we obtain from you/our clients, in accordance with the provisions of the General Data Protection Regulations . Under these regulations we have a legal duty to protect any information we collect from you. Any amendments to this policy will continue to be in accordance with the provisions of the General Data Protection Regulations. We ask you to check it occasionally to make sure you are aware of the latest version.

Nine Data Protection Principles

Down at the Social shall comply with the following 9 Data Protection Principles when processing personal data:

  1. Fairness and Transparency: Down at the Social will process personal data fairly and provide individuals with information about how and why their personal data is processed.

    the purposes for which their personal data is processed;

    the legal basis for processing;

    any legitimate interests pursued by Down at the Social or a third party, if applicable;

    the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

    the existence of the right to request from Down at the Social access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

    the existence of the right to withdraw consent at any time, if applicable;

    whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;

    This privacy notice is included in each client engagement letter or service agreement.

    Where a client provides personal data of third party data subjects to Down at the Social, no notice will have to be provided to those third party data subjects by Down at the Social if such information must remain confidential subject to an obligation of professional secrecy. Down at the Social will never pass on this data.

  2. Lawful Processing: Down at the Social will only process personal data, including sensitive personal data, lawfully where it has a valid basis for the processing.

    Generally, personal data must not be processed without a legal ground. In the context of Down at the Social, personal data are typically processed on the basis of:

    processing is necessary for the performance of a contract to which the data subject (e.g. the client) is party or in order to take steps at the request of the data subject prior to entering into a contract;

    processing necessary for the legitimate interests pursued by a client or Down at the Social, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This ground may apply to the processing of the personal data of any third party data subjects whose personal data are provided by the client;

    a legal obligation to which Down at the Social is subject and where compliance with such obligation necessitates the processing of personal data by Down at the Social;

    data subject’s consent, where such consent is procured from the client.

  3. Purpose Limitation: Down at the Social will only collect personal data for a specific, explicit and legitimate purpose. Any subsequent processing should be compatible with that purpose, unless Down at the Social has obtained the individual’s consent or the processing is otherwise permitted by law.

    Down at the Social will typically process:

    the personal data of its clients as required for the purposes of providing its professional services and the administration of its client relationships;

    the personal data of its personnel as required for the administration of personnel;

    the personal data of its suppliers as required for the administration of its supplier relationships, if applicable; and

    the personal data of its clients, personnel and suppliers as is necessary in order to comply with its legal obligations.

    Down at the Social will generally not carry out any unsolicited electronic marketing, but to the extent it does, it will have to comply with the law.

  4. Data Minimisation: Down at the Social will only process personal data that is adequate, relevant and limited to what is necessary for the purpose for which it was collected.

    Down at the Social asks that each client ensures that only the minimum necessary personal data is provided in connection with the professional services sought.

  5. Data Accuracy: Down at the Social takes reasonable steps to ensure personal data is accurate, complete, and kept up-to-date.

    Down at the Social asks that each client ensures that any personal data provided in connection with the professional services sought is accurate, complete and up to date.

    Down at the Social will endeavour to keep an accurate record of personal data in relation to its clients and personnel.

  6. Individual Rights: Down at the Social allows individuals to exercise their rights in relation to their personal data, including their rights of access, erasure, rectification, portability and objection.

    Down at the Social will ensure that all Individual Rights Requests are correctly identified and appropriately responded to, subject to any applicable exemptions.

  7. Storage Limitation: Down at the Social only keeps personal data for as long as it is needed for the purpose for which it was collected or for a further permitted purpose.

    Down at the Social will keep all records as long as required by applicable law or as may be necessary having regard to custom, practice or the nature of the documents concerned.

    Down at the Social will annually clear out and dispose of personal information received from data controllers which is no longer required.

    Save for personal data included in records which must kept for a prescribed period or preserved permanently in compliance with any legal obligations to which Down at the Social is subject, personal data shall be kept for no longer than necessary for the relevant purpose. For example, all personnel records will be kept for no longer than 12 months following the termination of employment or contract, unless a longer retention is required under applicable law.

  8. Data Security: Down at the Social uses appropriate security measures to protect personal data.

    1. Down at the Social has the following security measures:

      1. Physical security measures

        physical security of premises, e.g. locked office;

        confidential documents kept in locked cabinets;

        reduced access privileges to only those needed;

        access granted to only such personnel who need to have access in connection with their duties;

        Down at the Social disposes of confidential documents using a cross cut shredder;

      2. Organisational security measures

        Down at the Social vet personnel and suppliers on a continuing basis;

        Down at the Social implement non-disclosure agreements – if requested - prior to entering into formalised agreements;

        Down at the Social provides training to personnel where appropriate;

      3. Technical security measures

        firewalls which are properly configured and using the latest software;

        real-time protection anti-virus, anti-malware and anti-spyware software;

        unique passwords of sufficient complexity and regular (but not too frequent) expiry;

        encryption of all portable devices ensuring appropriate protection of the key;

      4. data backup;

        We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. However, the Internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal information for improper purposes.

  9. Accountability: Down at the Social must take steps to comply with, and be able to demonstrate compliance, with the Data Protection Principles.

    Down at the Social has implemented appropriate governance processes as set out in this policy.

    Personal information: we collect on our websites. You do not have to give us any personal information in order to use most of the website. However, if you wish to contact us about a product or service or employment via our enquiry form, subscribe to receive content, request more information or volunteer feedback we may collect the following personal information from you:

    • name, address, phone number and email address; and

    • employment details, employer details

    When we request information from you, a statement will appear near or next to that part of the website, where the capture of data occurs, explaining what we need your data for and with a reference to this privacy statement.

    In addition, we may automatically collect information about the website that you came from or are going to. We also collect information about the pages of this website that you visit, IP addresses, the type of browser you use and the times you access this website. However, this information is not used to identify you.

    When someone visits our websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

    No user-specific data is collected by either Down at the Social or any third party.

    How we will use your personal information

    The personal information we collect via our website allows us to

    • respond to your enquiry;

    • provide the products and services you have ordered;

    • administer our website and provide customer services;

    • meet legal, regulatory and compliance requirements;

    • gather management information to form statistical and trend analysis;

    • communicate with you;

    • contact you about our products and services which we think might be of interest to you (where we have the appropriate permissions to do so);

    • contact you regarding employment opportunities.

    Marketing communications

    Where you have given us the appropriate permissions during the registration process to the website/ website services (as applicable), we may from time to time contact you by email or telephone or post about our products and services that may be of interest to you.

    If at any point, you would like to opt-out of receiving marketing communications from us please email us, stating your preferences, at hello@downatthesocial.co.uk. If requested all your personal data stored will be deleted entirely from our system.

    Where your personal data is held

    Any information obtained via our website, is held electronically at Down at the Social, Stone Fold Farm, Stump Hall Road, Higham, BB12 9BT and via a third party which provides a secure and fully encrypted CRM solution. If requested, all the personal data we hold can be disclosed to you.

    Should we discover that our data has been breached you will be notified within 72 hours.

    Third parties

    We do not sell, trade or rent your information to other parties.

    We may employ the services of third party service providers to help us in certain areas, such as website hosting, maintenance and print. In some cases, the third party may receive your information.

    However, at all times, we will control and be responsible for the use of your information.

    We may disclose your information if required to do so by law for information such as a court order, witness summons, or complaint from governmental authorities

    Cookie use

    Cookies are pieces of data that are often created when you visit a website and are stored in the cookie directory of your computer either temporarily or permanently. We only use cookies to measure how you interact with our site; this does not include any personal information and remains anonymous.

    Data Processing Assurance

    Down at the Social will ensure, by way of training or otherwise, that staff carry out their tasks in a way that will ensure compliance with data protection laws (including GDPR). Each member of staff shall have access to this policy and shall have an obligation to comply with it.

    Down at the Social will comply with data protection obligations in accordance with its service agreement including, where appropriate, a data processing agreement.

    Down at the Social shall periodically review this Policy and other policies to ensure that they continue to comply with the relevant legal requirements.

    Links

    Our website may contain links to other websites. We are not responsible for privacy policies or practices of other websites to which you choose to link from this site. We encourage you to review the privacy policies of those other websites so you can understand how they collect, use and share your personal information.

    How to contact us

    If you have any questions about this policy or your personal information, please contact us at hello@downatthesocial.co.uk

    APPENDIX: GLOSSARY

    Controller - A party which determines the purposes and means of the data processing

    Data - Any information which is recorded electronically or, where recorded in a manual format (e.g. on paper), is organised by reference to an individual.

    Data subject - The individual to whom the personal data relates.

    Individual Rights Request - A request from a data subject in respect of their personal data, e.g. to access, erase, or rectify their personal data, or object to its processing.

    Personal data - Any data relating to an identified or identifiable natural person. This can include (but is not limited to) names, addresses, email addresses, positions held, photographs, job applications, personnel files and correspondence to and from an individual.

    Personnel - All employees of Down at the Social at all levels.

    Processing - Any opera6on performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.

    Processor - A party processing personal data on behalf of a controller, under the controller’s instructions.

    Supplier - Any external vendor, supplier, consultant or similar third party engaged to provide services to Down at the Social.