PRIVACY POLICY

INTRODUCTION

Hello, thanks for reading our Data Policy.

We want you to know that we take your privacy and the security of the data we hold about you and your customers very seriously and we are committed to doing everything we can in order to protect it. Also, to let you know what we are doing with it, how we manage it and why.

Our Data Policy aims to ensure we have complete transparency across the Jacob Bailey Group and the companies and brands which fall within it. Our policy covers:

  1. The collection of data
  2. Usage of data including processing and what we believe to be both Operational purposes and Legitimate Interest
  3. Management of our Data Policy, who is accountable and how often we review and update our processes, and how we will keep you informed about updates
  4. How we will store your data, for how long and how we will protect it
  5. How you can access your data, update it and request to be removed or restricted from any data processing
  6. How we transfer data within the UK, EU and Overseas. Including working with our US based office
  7. And finally, what the procedure is if there has been a potential data security breach.

Our Data Policy has been written to ensure compliance with all applicable laws including the Data Protection Act 1998, ePrivacy 2002, superseded by the General Data Protection Act 2018 (these are collectively referred to as “data protection laws”).

Our Policy covers all and any information we collect, data provided by you or provided by one of our clients about their customers which may also include you. We do not accept any responsibility for data which you have provided to us that has been processed by a third party outside of our agreed contracted supplier list. Nor do we accept any responsibility for data you provide to another company (outside of the Jacob Bailey Group) which we may link to through our website, white papers, reports or other collateral and documentation.

WHO ARE THE JACOB BAILEY GROUP?

The Jacob Bailey Group is a group of fully integrated and specialist creative business services agencies and consultancies who deliver Data, Technology and Creative projects for companies and brands. We carry out marketing communications, including data processing and management services for a range of clients across all sectors globally. The Jacob Bailey Group comprises:

As well as the trading name/brand:

When we refer to “we’’ or “our’’ “Jacob Bailey” or “the Jacob Bailey Group” we are referring to all and any company or brand listed as a part of the Jacob Bailey Group.

1. WHAT DATA WILL JACOB BAILEY COLLECT?

When you or a company you have signed up to chooses to work with Jacob Bailey, we will typically collect data on you both directly, through forms, and indirectly through platforms such as, but not limited to, Facebook, Twitter, LinkedIn as well as through third parties such as, but not limited to, CACI, Experian and approved data warehouses.

The data we are likely to collect will include, but is not limited to:

If we hold data, or are asked to process data for a child under 13, we will hold additional data including but not limited to:

Jacob Bailey also collects information about how you use our website, as well as how you use any website or mobile app we have built for a client, or when a client is using our SEO, PPC, Online Advertising, Email Marketing, Web Analytics or other Data Services.

We are committed to the principles of the data regulations and therefore we will only collect and process data which is collected in a lawful and transparent way, and where the company who collected the data can provide sufficient evidence of the method of collection.

2. HOW WILL JACOB BAILEY USE THE INFORMATION IT COLLECTS OR IS PROVIDED BY CLIENTS?

In line with the data regulations we will only use the data we collect or are provided by our clients in a lawful way for legitimate and specific purposes.

We will use your personal information for a number of purposes including the following:

Provision of consultancy and marketing services:

We will only use third parties who we have audited to ensure they are fully compliant with the data protection regulations and have sufficient processes and policies in place to protect your data and personal information.

We will also only use data for marketing purposes where there is evidence of a valid opt-in consent to say that you have freely given and indicated you wish to receive such communications.

Operational purposes

In order for our business to operate we will use data we collect for Jacob Bailey clients and supplier companies in the following ways:

As a past, current or prospective client

We consider the following use of your data to be considered “Legitimate Interest” and illustrates ways in which we will use data to provide and enhance our services to you as a client of Jacob Bailey.

3. HOW JACOB BAILEY MANAGES ITS DATA POLICY

Management of data processes and policies

In line with the data regulations we have set out who is both responsible and accountable for privacy and data security within Jacob Bailey.

Our appointed Data Protection Officer, the individual who ensures our policies and processes are followed and enforced is:

The final point of escalation if any issue is not resolved by the above individuals is:

Operational procedures to protect data

Reviewing our policies

We want to keep your data as secure as we can so we will regularly review our processes and policies. We will review and update our policy at least every 12 months and when data regulations are updated.

Keeping you informed and up to date

We want you to know your data is in safe hands, so we will email you to let you know that we are currently storing data and personal information about you if we collect it indirectly.

We will also email you when we update our policy, providing you with a link to view the updated policy on our website.

4. HOW JACOB BAILEY STORES AND ACCESSES DATA

Data we store on employees

As an employer, we hold personal data on employees including personal information around employment history, contacts and remuneration.

Data will be stored electronically within Microsoft Online and in paper format in locked filing cabinets.

Our CEO, Managing Partners and Operational Team have access to this information along with our approved HR and PAYE suppliers. All access is centrally managed.

Data we store on our clients

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Jacob Bailey. This is typically at least seven years in order to comply with tax and insurance regulations.

Data will be stored in a number of secure environments and details of all suppliers used can be found in Appendix Table A.

Data is only accessible by Jacob Bailey employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any data ceases instantly.

Data we store on behalf of our clients

We will hold data provided to us by clients for processing for as long as required to complete the service, or as long as is set out in our contract or Master Service Agreement. Unless specifically requested by our client we will hold data for a maximum of 12 months after the service we provided is complete.

Data will be stored in a number of secure environments and can be found in Appendix Table B.

All environments are tested and audited to ensure compliance and high levels of security and protection.

Data is only accessible by authorised employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any client data ceases instantly.

5. HOW CAN YOU ACCESS OR UPDATE YOUR DATA, REQUEST TO BE REMOVED OR OBJECT TO OR RESTRICT PROCESSING?

We want to make it easy for you to be in control of your data.

You have the right to:

Accessing your data

To access the data we hold on you please contact us with the subject “Data Access Request”. Please provide two forms of identification (copies are sufficient) from the following list to prove you are the individual requesting the data:

We will then contact you with details of how you can access the data we store on you within one month of receiving your request. Details can be found in section 9.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Your initial request will be processed free of charge. However, we will charge a reasonable fee, based on the administrative cost of providing the information, should a request be considered unfounded or excessive, particularly if it is repetitive.

We will also charge a reasonable fee based on the administration time involved to provide further copies of the same information.

Updating your data

If you notice an error in the data we hold on you, or would like us to update our records in any way then please contact us with the subject “Data update request”. We will respond within 1 month. Details can be found in section 9.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Objection to or request to restrict processing

You have the choice to object to us using your data. If you would like to object to us or our third party processor processing your data or restrict how we process your data in anyway then please contact us with the subject “Objection/Restriction of processing”. Please outline which processes (which can be found in section 2) that you wish to be removed from in the body of the email. We will respond within one month. Our contact details can found in section 10.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Deletion of data

If you would like us to delete all data and information we hold on you please contact us with the subject “Delete record”. Our contact details can found in section 10.

Please note that although we fully respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. On receiving your request we will review your request and respond to outline what data we can remove. We will endeavour to respond within 1 month.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Tracking and auditing your requests

All requests will be tracked and audited and stored in our CRM system.

6. HOW WE TRANSFER YOUR DATA

In order to provide our services we may need to transfer data between:

All Jacob Bailey employees use OneDrive. All data files are saved in our secure OneDrive and an “internal only” link is sent via email – this ensures that data is not accessible outside of the Jacob Bailey network.

For UK and EU clients and suppliers we provide a secure environment for data to be uploaded. On upload we require a number of questions to be answered to prove the client and supplier has the correct levels of consent and compliance.

For International clients and suppliers, we will audit the companies Data Policy and processes to ensure compliance before we accept or share data.

Non-data file transfer

We often need to transfer large files which are over 10mb, and over most email limits. To ensure we are able to track all communications we will send:

  1. OneDrive link – this is our first preference for file transfer
  2. WeTransfer – if we are unable to use OneDrive.

7. REPORTING A POTENTIAL DATA BREACH

If we suspect a data breach of any kind we will report it to the Information Commissioner’s Office immediately.

If you suspect a data breach, which you believe may have involved Jacob Bailey and the data we hold on you, please email breach@jacobbaileygroup.com with the subject “Data Breach” and we will respond within 72 hours.

8. PRIVACY POLICY IMPLEMENTATION

This policy was last updated on: 14th September 2022

This policy will be reviewed on: 14th September 2024

9. HOW TO CONTACT US

Any questions around our privacy or Data Subject Access Request

Email: dpo@jacobbaileygroup.com

By Post: Attention: Data Protection Officer, Jacob Bailey, One Woodbridge Road, Ipswich, Suffolk, IP4 2EA. UK.

The Supervisory Authority for the UK is the Information Commissioner’s Office. They can be contacted here: https://ico.org.uk/

APPENDIX TABLE A – THIRD PARTY SUPPLIERS WHO STORE DATA ON OUR CLIENTS

SupplierData CollectorData Processor
Adobe Inc
Amazon Inc
Apple
Atlassian PTY Ltd
Bing
Facebook Inc
Freshdesk
GitLab
Google Inc
Hotjar Ltd
Infotex
JotForm
Laravel
LinkedIn
Logmein Inc (Lastpass)
Mailchimp
MailGun
Microsoft Inc
Paypal
Pixel & Tonic Inc (Craft)
SharpSpring Inc
Shopify
Sophos Group Plc
Stripe
Trustico
Twitter
WeTransfer

APPENDIX TABLE B – THIRD PARTY SUPPLIERS WHO STORE DATA ON BEHALF OF OUR CLIENTS

SupplierData CollectorData Processor
Adobe Inc
Amazon Inc
Apple
Atlassian PTY Ltd
Facebook Inc
Freshdesk
GitLab
Google Inc
Hotjar Ltd
Infotex
JotForm
Laravel
LinkedIn
Logmein Inc (Lastpass)
Mailchimp
MailGun
Microsoft Inc
Paypal
Pixel & Tonic Inc (Craft)
SharpSpring Inc
Shopify
Sophos Group Plc
Stripe
Trustico
Twitter
WeTransfer