Privacy Notice – Marketing & Sales Activities

What is the purpose of this document?

This privacy notice (the Privacy Notice) for SC Contacts sets out the information that must be provided by us to you at the time your Personal Data is obtained.  It is drafted in compliance with Data Protection Law.

The following terms have defined meanings in this Privacy Notice:

Data Controller means the organisation that determines the purposes for which and the manner in which Personal Data are processed;
Data Processor means the organisation that processes Personal Data on behalf of the Data Controller;
Data Protection Law means any laws and regulations in the UK relating to privacy or the use or processing of data relating to natural persons, including: (a) EU Directives 95/46/EC and 2002/58/EC (as amended by 2009/136/EC) and any legislation implementing or made pursuant to such directives, including (in the UK) the Data Protection Act 1998 (the DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003; and (b) from 25 May 2018, EU Regulation 2016/679 (GDPR); and (c) any laws or regulations ratifying, implementing, adopting, supplementing or replacing GDPR or DPA; in each case, to the extent in force, and as such are updated, amended or replaced from time to time;
Data Subject means a living, identifiable individual about whom Personal Data is processed;
Marketing and Sales Activities means the following activities and any combination of these activities:

a)    inviting you (using e-mail, telephone or other media) to: (i) marketing events organised by an SC Entity or by a third party on behalf of an SC Entity; and/or (ii) webinars organised by an SC Entity or by a third party on behalf of an SC Entity;

b)    sending you marketing newsletters;

c)     sending you information in relation to our products and services generally as well as current news and special offers;

d)    arranging personal meetings with you to discuss our products and services;

e)    connecting with you for business purposes on social media (such as LinkedIn); and

f)     any other reasonable marketing and sales activity which is carried out by similar businesses.

Personal Data means data which relate to a living individual who can be identified from those data or from those data and other information which is in the possession of or is likely to come into our possession as Data Controller or Data Processor, as the case may be. Personal Data include opinions and any indications of our intentions towards an individual;
Processing includes obtaining, recording, holding, altering, retrieving, consulting, using, disclosing, blocking, erasing or destroying Personal Data;
SC Contact means an individual whose Personal Data a SmartComms Entity would like to Process for the purpose of Marketing and Sales Activities;
SmartComms Entities means:

a)    SmartComms SC Limited, a limited company incorporated under the laws of England and Wales with registered number 04303041 and its registered address at Catalyst House, 720 Centennial Court, Centennial Park, Elstree, Hertfordshire, England, WD6 3SY (SC UK);

b)    SmartComms, LLC, a limited liability corporation incorporated under the laws of the state of New Hampshire and its registered address at 250 Commercial St STE4006, Manchester NH 03101-1120, United States (SC US); and

c)     SmartComms Pty Ltd, a proprietary limited company incorporated under the laws of Australia with registered number 3110278521 and its registered address at Level 18, 175 Pitt Street, Sydney, NSW 2000, Australia (SC AU),

 

and SmartComms Entity shall be construed accordingly.

Smart Communications, we, our, us means SC UK; and
You, your means each SC Contact in receipt of this Privacy Notice whether by notice, URL link or other form of communication.

The person responsible for overseeing data protection compliance issues at Smart Communications is the Data Protection Officer who can be contacted via privacy@smartcommunications.com.

For the purpose of this Privacy Notice, we are a Data Controller and we Process Personal Data about you.

This Privacy Notice concerns your Personal Data and describes how we collect and use Personal Data about you in respect of Marketing and Sales Activities.

This Privacy Notice applies to current SC Contacts.

It is important that you read this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information. This Privacy Notice should also be read in conjunction with our Privacy Policy.

The Data Protection Principles

We will comply with Data Protection Law which state that the Personal Data we hold about you must be:

  • used lawfully, fairly and in a transparent way;
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • adequate and relevant to the purposes we have told you about and limited only to those purposes
  • accurate and kept up to date;
  • kept only as long as necessary for the purposes we have told you about; and
  • kept securely.

The types of Personal Data we hold about you

We may collect, store, use and Process the following Personal Data or categories of Personal Data about you consists of business contact details such as:

  • full name;
  • title;
  • addresses;
  • telephone numbers; and
  • business email addresses.

Personal Data is collected in the following ways:

  • as a result of and/or in the course of physical marketing events (for example, we may collect your business card at a marketing event);
  • through Linked-In’s Sales Navigator;
  • from third parties, such as marketing agents, content syndicators and telemarketing services providers;
  • from information you submit online:
  • using the “Contact Us” tool on our website;
  • from our newsletter; and
  • on the App Exchange platform;
  • from information you provide to register for webinars (whether organised by an SC Entity or by a third party); and
  • through CRM applications which may collect your Personal Data as a result of your consent to be part of a larger database of Personal Data.

How we will use Personal Data about you – the “Lawful Basis”

Under Data Protection Law, Data Controllers must justify the use of Personal Data by establishing a “Lawful Basis” of Processing. In Smart Communications’ case, this lawful basis is the pursuance of our legitimate interests (see below) as long as your interests and fundamental rights do not override those interests.

Our Legitimate Interests

With regards to our ‘legitimate interests’ referred to above, these would include, but are not limited to:

  • the furtherance of our Marketing and Sales Activities;
  • the pursuit or defence of any claims, rights or litigation or detection of a crime;
  • our accounting or auditing functions and reporting duties;
  • the furtherance of our commercial development, strategy, planning or growth including any business sales or transactions; and
  • monitoring and ensuring compliance with our policies, processes and procedures.

Third Party Recipients of Personal Data

From time to time, we may share your Personal Data with SmartComms Entities as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support or hosting of data.

We will also share your Personal Data with third parties:

  • where required by law;
  • where it is necessary to administer the working relationship with you; or
  • where we have another legitimate interest in doing so.

We may share your Personal Data with other third parties in relation to Marketing and Sales Activities and we may also need to share your Personal Data with a regulator or to otherwise comply with applicable law.

The third-party recipients or categories of recipients of the Personal Data may include:

  • legal representatives;
  • accountants;
  • auditors;
  • regulators and professional bodies;
  • government or statutory bodies;
  • non-government bodies;
  • marketing or PR agencies;
  • organisers of marketing events;
  • cloud service providers;
  • specialist marketing and CRM services providers (such as Marketo, and Salesforce), solely in order or provide elements of the Marketing and Sales Activities;
  • data analysis service providers who help us to assess the best services and pricing structure to offer you;
  • industry regulators; and
  • consultants or contractors working on our behalf.

This list may include an organisation or third-party recipient(s) outside of the UK. This list is non-exhaustive. All our third-party service providers are required to comply with appropriate contractual terms we have in place with them in respect of Data Protection Laws, which are in line with the terms of our Privacy Policy. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

 Transferring Personal Data outside the EU

We may transfer the Personal Data we collect about you to the following countries outside the EU in order to fulfil our responsibilities to you:

  • USA
  • Australia

We will only transfer your Personal Data to these countries under the terms of an International Group Data Transfer Agreement which apply the standard of the EU’s Standard Contractual Clauses and we will only transfer it to SmartComms Entities in the USA and in Australia.

Any questions about the transmission of Personal Data or requests to receive a copy of the Personal Data being transferred should be addressed in writing to the Data Protection Officer.

Data Security and Data Breaches

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer.

Personal Data Retention

The periods for which Personal Data will be stored and the criteria used to determine retention periods or whether Personal Data can be removed will depend on the information in question, its relevance or sensitivity; however, generally, Personal Data will be removed if it has been superseded by other relevant or up to date information, if it is out of date, irrelevant or no longer necessary.  Any removal of Personal Data will be subject to the principles of Data Protection Law, compliance with the Lawful Basis for processing as well as other statutory rights and obligations.

In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such Personal Data without further notice to you. Once you are no longer an individual who we wish to communicate to as part of our Marketing and Sales Activity (or because you have informed us that you do not wish to be contacted) we will retain and securely destroy your personal information in accordance with our Privacy Policy and applicable laws and regulations, noting that we may retain some of your Personal Data to record your preferences for not be contacted for Marketing and Sales Activities.

Details and examples are set out in the Privacy Policy.

Your Rights in Relation to your Personal Data

Under certain circumstances, under Data Protection Law you have the right to:

  • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive information about the Personal Data we hold about you.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (in certain circumstances).
  • Object to processing of your Personal Data where we are relying on a legitimate interest for processing (or a legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party.

If you want to review, verify, correct or request erasure of your Personal Data, object to its Processing, or request that we transfer a copy of your Personal Data to another party, please contact the Data Protection Officer in writing.

Further details relating to Data Subject rights are set out in the Privacy Policy.

You also have the right to lodge a complaint as to our Processing of your Personal Data with the UK’s data protection supervisory authority, the Information Commission’s Office.

Change of Purpose

We will only use your Personal Data for the purpose for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes.  If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  We may also process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.

Changing this Privacy Notice

Smart Communication reserves the right to update this Privacy Notice at any time, and it will provide you with a new Privacy Notice when we make substantial changes.  We may also notify you in other ways from time-to-time about the processing of your Personal Data.

Any questions about this Privacy Notice should be directed to the Data Protection Officer at privacy@smartcommunications.com.