Introduction
Hello, thanks for reading our Data Policy.
We want you to know that we take your privacy and the security of the data we hold about you and your customers very seriously and we are committed to doing everything we can in order to protect it. Also, to let you know what we are doing with it, how we manage it and why.
Our Data Policy aims to ensure we have complete transparency across the Jacob Bailey Group and the companies and brands which fall within it. Our policy covers:
- The collection of data
- Usage of data including processing and what we believe to be both Operational purposes and Legitimate Interest
- Management of our Data Policy, who is accountable and how often we review and update our processes, and how we will keep you informed about updates
- How we will store your data, for how long and how we will protect it
- How you can access your data, update it and request to be removed or restricted from any data processing
- How we transfer data within the UK, EU and Overseas. Including working with our US based office
- And finally, what the procedure is if there has been a potential data security breach.
Our Data Policy has been written to ensure compliance with all applicable laws including the Data Protection Act 1998, ePrivacy 2002, superseded by the General Data Protection Act 2018 (these are collectively referred to as “data protection laws”).
Our Policy covers all and any information we collect, data provided by you or provided by one of our clients about their customers which may also include you. We do not accept any responsibility for data which you have provided to us that has been processed by a third party outside of our agreed contracted supplier list. Nor do we accept any responsibility for data you provide to another company (outside of the Jacob Bailey Group) which we may link to through our website, white papers, reports or other collateral and documentation.
Jacob Bailey Inc specifically complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Jacob Bailey Inc has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ .
Who are the Jacob Bailey Group
The Jacob Bailey Group is a group of fully integrated and specialist creative business services agencies and consultancies who deliver Data, Technology and Creative projects for companies and brands. We carry out marketing communications, including data processing and management services for a range of clients across all sectors globally. The Jacob Bailey Group comprises:
- Jacob Bailey Ltd
- Jacob Bailey Inc
- 032 Ltd
As well as the trading names/brands:
- White Space Design
- Technical Studio
- Galaxy
- Halo
- Pulsar
When we refer to “we’’ or “our’’ “Jacob Bailey” or “the Jacob Bailey Group” we are referring to all and any company or brand listed as a part of the Jacob Bailey Group.
1. What Data Will Jacob Bailey Collect?
When you or a company you have signed up to chooses to work with Jacob Bailey, we will typically collect data on you both directly, through forms, and indirectly through platforms such as, but not limited to, Facebook, Twitter, LinkedIn as well as through third parties such as, but not limited to, CACI, Experian and approved data warehouses.
The data we are likely to collect will include, but is not limited to:
- First and Surname
- Date of birth
- Email address
- Address, including postcode
- Phone and mobile number
- Job title and seniority
- Company information including firmographics
- Sector information
- Social identifiers
- Preference data – provided by you at the point of sign up
- Cookie and behavioural data – based on web and email activity
- Sales data – including order details and value, transaction date and method Marketing Opt-in data
- Email communications responses
- History – full audit trail of data usage for compliance requirements
If we hold data, or are asked to process data for a child under 13, we will hold additional data including but not limited to:
- Parent or Guardian name and contact information
- Parental or Guardian consent for marketing communications
Jacob Bailey also collects information about how you use our website, as well as how you use any website or mobile app we have built for a client, or when a client is using our SEO, PPC, Online Advertising, Email Marketing, Web Analytics or other Data Services.
We are committed to the principles of the data regulations and therefore we will only collect and process data which is collected in a lawful and transparent way, and where the company who collected the data can provide sufficient evidence of the method of collection.
2. How will Jacob Bailey use the information it collects or is provided by clients?
In line with the data regulations we will only use the data we collect or are provided by our clients in a lawful way for legitimate and specific purposes.
We will use your personal information for a number of purposes including the following:
Provision of consultancy and marketing services:
- To provide our services to our clients in line with our contract or Master Services Agreement we have in place
- To provide you with the most user-friendly online navigation experience for our website or those we are building for our clients
- Where we, or our client, are providing personalised services, we may analyse the information you supply, as well as your activity on our (and other) services, so that we can offer a more relevant, tailored service
- We will use your data to target relevant advertising on third party sites and platforms
- We will use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries, and to determine whether you are accessing the services from the UK or not
- For analysis and research purposes so that we may improve the services offered by Jacob Bailey or our client. This can include using geo-demographic information from external sources
- We may also use and disclose information in anonymised format (so that no individuals are identified) for marketing and strategic development purposes as well as data analysis and reporting purposes
- For direct marketing purposes including (but not limited to), email, mobile, web, post and telemarketing. We may also share your data with email service providers, internet service providers, call centres, printers and mailing houses in order to provide this service to you and our client
We will only use third parties who we have audited to ensure they are fully compliant with the data protection regulations and have sufficient processes and policies in place to protect your data and personal information.
We will also only use data for marketing purposes where there is evidence of a valid opt-in consent to say that you have freely given and indicated you wish to receive such communications.
Operational purposes
In order for our business to operate we will use data we collect for Jacob Bailey clients and supplier companies in the following ways:
- For Financial and Accounting purposes, including but not limited to, quoting, raising purchase orders, sending statements, discussing payments and invoicing
- For credit checking purposes
- For contractual purposes
- For Human Resource purposes
- For potential Mergers and Acquisition purchases
As a past, current or prospective client
We consider the following use of your data to be considered “Legitimate Interest” and illustrates ways in which we will use data to provide and enhance our services to you as a client of Jacob Bailey.
- Contacting you by telephone, mobile, email or post in order to discuss past, current or future projects and opportunities for you to utilise our services
- Sending to you via email or post, invitations to events, company and services updates, seasonal communications and access to reports and white papers we have produced
- Connecting with you via LinkedIn and Inmail
- Connecting with you via social and sharing platforms, with your acceptance
- Sending files to you via email and file sharing platforms
- Access to your web analytics
- Tracking your IP address for web and email analytics
- Logging your online behaviour via cookies and web analytics
- Lead scoring information based on data provided by you and behavioural data
3. How Jacob Bailey manages its Data Policy
Management of data processes and policies
In line with the data regulations we have set out who is both responsible and accountable for privacy and data security within Jacob Bailey.
Our appointed Data Protection Officer, the individual who ensures our policies and processes are followed and enforced is:
- Neil Prentice – Managing Partner - Marketing
The final point of escalation if any issue is not resolved by the above individuals is:
- Shaun Bailey – CEO
Operational procedures to protect data
To ensure our employees are aware and comply with data policies we:
- Have presented and communicated our policies to all employees
- Have updated the company handbook
- Have developed an induction procedure for all new employees
- Have updated employee contracts so any action leading to a breach of data policy will be considered “Gross Misconduct”
Reviewing our policies
We want to keep your data as secure as we can so we will regularly review our processes and policies. We will review and update our policy at least every 12 months and when data regulations are updated.
Keeping you informed and up to date
We want you to know your data is in safe hands, so we will email you to let you know that we are currently storing data and personal information about you if we collect it indirectly.
We will also email you when we update our policy, providing you with a link to view the updated policy on our website.
4. How Jacob Bailey stores and accesses data
Data we store on employees
As an employer, we hold personal data on employees including personal information around employment history, contacts and remuneration.
Data will be stored electronically within Microsoft Online and in paper format in locked filing cabinets.
Our CEO, Managing Partners and Operational Team have access to this information along with our approved HR and PAYE suppliers. All access is centrally managed.
Data we store on our clients
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Jacob Bailey. This is typically at least seven years in order to comply with tax and insurance regulations.
Data will be stored in a number of secure environments and details of all suppliers used can be found in Appendix Table A.
Data is only accessible by Jacob Bailey employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any data ceases instantly.
Data we store on behalf of our clients
We will hold data provided to us by clients for processing for as long as required to complete the service, or as long as is set out in our contract or Master Service Agreement. Unless specifically requested by our client we will hold data for a maximum of 12 months after the service we provided is complete.
Data will be stored in a number of secure environments and can be found in Appendix Table B.
All environments are tested and audited to ensure compliance and high levels of security and protection.
Data is only accessible by authorised employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any client data ceases instantly.
5. How can you access or update your data, request to be removed or object to or restrict processing?
We want to make it easy for you to be in control of your data.
You have the right to:
- Access the data we hold on you
- Ensure the data we have is accurate and up to date
- Object to us using your data within automated processing or profiling.
- Restrict how we process/use your data
- Request the erasure or deletion of the data we hold on you.
Accessing your data
To access the data we hold on you please contact us with the subject “Data Access Request”. Please provide two forms of identification (copies are sufficient) from the following list to prove you are the individual requesting the data:
- Passport
- Driving licence
- Birth certificate
- Utility bill (from last 3 months)
- Current vehicle registration document
- Bank statement (from last 3 months)
We will then contact you with details of how you can access the data we store on you within one month of receiving your request. Details can be found in section 9.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Your initial request will be processed free of charge. However, we will charge a reasonable fee, based on the administrative cost of providing the information, should a request be considered unfounded or excessive, particularly if it is repetitive.
We will also charge a reasonable fee based on the administration time involved to provide further copies of the same information.
Updating your data
If you notice an error in the data we hold on you, or would like us to update our records in any way then please contact us with the subject “Data update request”. We will respond within 1 month. Details can be found in section 9.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Objection to or request to restrict processing
You have the choice to object to us using your data. If you would like to object to us or our third party processor processing your data or restrict how we process your data in anyway then please contact us with the subject “Objection/Restriction of processing”. Please outline which processes (which can be found in section 2) that you wish to be removed from in the body of the email. We will respond within one month. Our contact details can found in section 10.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Deletion of data
If you would like us to delete all data and information we hold on you please contact us with the subject “Delete record”. Our contact details can found in section 10.
Please note that although we fully respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. On receiving your request we will review your request and respond to outline what data we can remove. We will endeavour to respond within 1 month.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Tracking and auditing your requests
All requests will be tracked and audited and stored in our CRM system.
6. How we transfer your data
In order to provide our services we may need to transfer data between:
- Internally amongst authorised employees
- Our Group of companies and brands, including our US office
- With UK clients and suppliers
- With EU clients and suppliers
- With International clients and suppliers
All Jacob Bailey employees use OneDrive. All data files are saved in our secure OneDrive and an “internal only” link is sent via email – this ensures that data is not accessible outside of the Jacob Bailey network.
Our US company, Jacob Bailey Inc, is registered with Privacy Shield. The Privacy Shield program certifies that our US company complies with UK and EU data protection laws and therefore we can transfer data between offices in the same way as with our UK locations.
For UK and EU clients and suppliers we provide a secure environment for data to be uploaded. On upload we require a number of questions to be answered to prove the client and supplier has the correct levels of consent and compliance.
For International clients and suppliers, we will audit the companies Data Policy and processes to ensure compliance before we accept or share data.
Non-data file transfer
We often need to transfer large files which are over 10mb, and over most email limits. To ensure we are able to track all communications we will send:
- OneDrive link – this is our first preference for file transfer
- WeTransfer – if we are unable to use OneDrive.
7. U.S. Privacy Shield Principles
Jacob Bailey Inc adheres fully to the U.S. Privacy Shield Principles.
Jacob Bailey Inc. further commits to resolve complaints about our collection or use of your personal information in compliance with the U.S. Privacy Shield Principles. EU individuals with enquiries regarding our Privacy Shield policy should first contact Jacob Bailey at: dpo@jacobbaileygroup.com
Jacob Bailey Inc has also committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Jacob Bailey remains liable under the Privacy Shield Principles if the company’s third-party Processor onward transfer recipients process relevant Personal Data in a manner inconsistent with the Privacy Shield Principles, unless Jacob Bailey proves that it is not responsible for the event giving rise to the damage.
In addition, Jacob Bailey Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and would also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, there is the possibility for individuals to invoke binding arbitration.
8. Reporting a potential data breach
If we suspect a data breach of any kind we will report it to the Information Commissioner’s Office immediately.
If you suspect a data breach, which you believe may have involved Jacob Bailey and the data we hold on you, please email breach@jacobbaileygroup.com with the subject “Data Breach” and we will respond within 72 hours.
9. Privacy Policy Implementation
This policy was last updated on: 28thSeptember 2018
10. How to Contact Us
Any questions around our privacy or Data Subject Access Request
Email: dpo@jacobbaileygroup.com
By Post: Attention: Data Protection Officer, Jacob Bailey, One Woodbridge Road, Ipswich, Suffolk, IP4 2EA. UK.
The Supervisory Authority for the UK is the Information Commissioner’s Office. They can be contacted here: https://ico.org.uk/
Appendix Table A - Third party suppliers who store data on our clients
| Supplier | Data Collector | Data Processor |
|---|---|---|
| Adobe Inc | ||
| Amazon Inc | ||
| Apple | ||
| Atlassian PTY Ltd | ||
| Bing | ||
| Facebook Inc | ||
| Freshdesk | ||
| GitLab | ||
| Google Inc | ||
| Hotjar Ltd | ||
| JotForm | ||
| Laravel | ||
| Logmein Inc (Lastpass) | ||
| Mailchimp | ||
| MailGun | ||
| Melbek Technology | ||
| Microsoft Inc | ||
| Paypal | ||
| Pixel & Tonic Inc (Craft) | ||
| SharpSpring Inc | ||
| Shopify | ||
| Sophos Group Plc | ||
| Stripe | ||
| Trustico | ||
| WeTransfer |
Appendix Table B - Third party suppliers who store data on behalf of our clients
| Supplier | Data Collector | Data Processor |
|---|---|---|
| Adobe Inc | ||
| Amazon Inc | ||
| Apple | ||
| Atlassian PTY Ltd | ||
| Facebook Inc | ||
| Freshdesk | ||
| GitLab | ||
| Google Inc | ||
| Hotjar Ltd | ||
| JotForm | ||
| Laravel | ||
| Logmein Inc (Lastpass) | ||
| Mailchimp | ||
| MailGun | ||
| Melbek Technology | ||
| Microsoft Inc | ||
| Paypal | ||
| Pixel & Tonic Inc (Craft) | ||
| SharpSpring Inc | ||
| Shopify | ||
| Sophos Group Plc | ||
| Stripe | ||
| Trustico | ||
| WeTransfer |