We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
WHO WE ARE
Über Agency Limited collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
THE PERSONAL INFORMATION WE COLLECT AND USE
INFORMATION COLLECTED BY US
In the course of offering and providing our advertising, branding, design, digital marketing and social media management services, we collect the following personal information when you provide it to us, which we have grouped together as follows:
- Identity Data includes the first name, last name and title of persons making enquiries or instructing us.
- Contact Data includes email address, telephone numbers and delivery addresses of persons making enquiries or instructing us.
- Financial Data includes bank account details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
- Sensitive Personal Data includes dietary requirements and information about disabilities, only to the extent that this is necessary to provide accessible services on behalf of our corporate clients.
INFORMATION COLLECTED FROM OTHER SOURCES
We may also obtain personal information from other sources as follows:
- Sensitive Personal Data limited to Dietary Information (which includes your preferences for foods and drinks that meets your personal, philosophical and health requirements) and Disability Information (where relevant to ensure accessibility to services) from certain of our corporate clients where they provide us with that information to fulfil part of the services we offer to them.
With the exception of Dietary information and disability information as mentioned above, we do not routinely collect any special category data, nor do we knowingly collect personal data relating to children. See below for more information on our use of Sensitive Personal Data (limited to Dietary and Disability information).
HOW WE USE YOUR PERSONAL INFORMATION AND OUR REASONS FOR USING YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest To respond to an enquiry you make via our website (a) Identity
Necessary for our legitimate interests (to respond to your request/enquiry as a potential client of ours and/or in anticipation of entering into a contract with you, to grow our business and to inform our marketing strategy) To process and deliver your chosen services including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(c) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how clients use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the content and advertising we serve to you (a) Identity
Necessary for our legitimate interests (to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy) To use data analytics to improve our website, products/services, marketing, client relationships and experiences (a) Technical
Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(c) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business) To conduct market research to improve our products/services, marketing, client relationships and experiences (a) Identity
(c) Marketing and communications
Necessary for our legitimate interests (to develop our products and services, grow our business, inform our business development strategy and assess client satisfaction) To ensure that anybody attending an event run by us (such as advertising shoots where hospitality is organised by us) is provided with food that meet your religious, philosophical and health needs.
Sensitive personal data is limited strictly to dietary and disability information where it is provided to us by our corporate clients who instruct us to provide services to them that might include for example, hotel stays. This information is necessary to eliminate any barriers to accessing those services provided on behalf of our corporate clients.
(c) Sensitive Personal Data (limited to Dietary and Disability Information)
Necessary for our legitimate interests (to provide services to our clients), except where overridden by your data protection rights and freedoms. We and you have a legitimate interest in ensuring that you receive an appropriate service from us.
Special category grounds: your explicit consent.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may share your name and delivery address with our third-party suppliers. This data sharing enables to fulfil our services to you them to despatch goods you ordered directly to you.
We routinely share all personal data with Sage, who provide us with cloud-based accounting system. This data sharing enables us to ensure we store your data safely and securely.
We routinely share all personal data with Synergist, who provide us with cloud-based accounting system. This data sharing enables us to ensure we store your data safely and securely.
We routinely share all personal data with Nimbus IT Solutions, who provide us with cloud-based storage and computer backup services. This data sharing enables us to ensure we store your data safely and securely.
We routinely share all personal data with Backblaze, who provide us with a secondary computer back-up service. This data sharing enables us to ensure we store your data safely and securely.
We routinely share name and emails addresses with Campaign Monitor, who provide us with online campaign management services. This data sharing enables us to track and record our campaign strategy and provide relevant website and advertisement content to our clients.
Some of these third-party recipients may be based outside the European Economic Area. For further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, and Usage data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product or service purchase.
WHETHER INFORMATION HAS TO BE PROVIDED BY YOU, AND IF SO WHY
The provision of your name, address, email address and telephone number is required from you to enable us to enter into a contract to provide you with our services and to provide our invoice for work we do for you. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will hold Identity, Contact, Financial and Transaction data for our clients for 6 years after you cease to be a client, in accordance with applicable UK tax law.
TRANSFER OF YOUR INFORMATION OUT OF THE EEA
We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:
- all personal data is provided to Backblaze, our computer back-up and cloud storage provider, so that we can ensure that we store your data securely. You can read Backblaze’s privacy notice here
- names and email addresses are provided to Campaign Monitor, who provide our online campaign management services, so that we can to track and record our campaign strategy and provide relevant website and advertisement content to you. You can read Campaign Monitor’s privacy notice here.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, as permitted under Article 45 of the General Data Protection Regulation;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection that it has in Europe; or
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US
We will not otherwise transfer your personal data outside of the United Kingdom.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email us at email@example.com or telephone us on 0114 278 7100
- let us have enough information to identify you (e.g. your name)
- let us know the information to which your request relates.
We may ask you to provide proof of your identity (e.g. a copy of your driving licence or passport) before we share with you any personal data that we hold.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 30/04/2018 and last updated on 24/08/2021.
We may change this privacy notice from time to time, when we do we will inform you via email.
HOW TO CONTACT US
Please contact us at firstname.lastname@example.org, if you have any questions about this privacy notice or the information we hold about you.