At the Turner Agency Limited (“TTA”) we treat the privacy of any personal data we hold from people such as our clients, customers, potential customers, employees, suppliers and website users very seriously and we take appropriate security measures to safeguard your privacy. This policy explains how we protect and manage any personal data you share with us and that we hold about you, including how we collect, process, protect and share that data.
“Personal data” means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, and an email address or other contact information, whether at home or at work.
Information provided by you
This is information about you that you give us by entering information via our websites or our social media pages or by corresponding with us by ‘phone, mail, email or otherwise and is provided entirely voluntarily. The information you give us may include your name, contact details, job description and may also include such other personal data as is necessary to enable us to transact our business with you. If the information relates to a meeting or event we are managing it may also include such personal data as is necessary to enable us to fulfil your requirements for attendance.
Information we collect about you
We may automatically collect personal data that our web servers store as standard details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit and the internet protocol address assigned to you by your internal service. We collect some of this information using cookies (please see “Cookies” below)
We may also collect any personal data which you allow to be shared that is part of your public profile on a third party social network.
Information we get from other sources
We only obtain information from third parties if this is permitted by law and if they are reputable third parties that operate in accordance with the General Data Protection Regulation (“GDPR”) principles. You will already have submitted your personal data to these companies to allow them to pass this information to companies such as TTA.
The personal data about you we source from outside our business is used for the purposes set out in the section below headed “How we use your personal data”.
Where there is a LEGITIMATE INTEREST.
We may use and process your personal data where it is necessary for us to pursue a legitimate interest as a business. In addition, we may also believe that in so doing we serve your own legitimate interest, for example, for the following purposes:
Where required to comply with a LEGAL OBLIGATION
We may use and process your personal data to comply with our legal obligations; For example, to report to and assist HMRC etc.
Our suppliers and service providers
We may disclose your information to our third-party service providers, agents, sub-contractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management), administrative services or other third-parties who provide services to us in connection with meetings and event management or related to our role as an employer.
When we use third-party service providers, we only disclose to them any personal data that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Other ways we may share your personal information
We may also transfer your personal data if we’re under a duty to disclose or share it to comply with any legal obligation (for example with HMRC), or to detect or report a crime.
All data that you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example this may happen if any of our servers or those of our third-party service providers are from time to time located in a country outside of the EEA. A further example would be where we are managing a meeting or event outside of the EEA. These countries may not have similar data protection laws to the GDPR.
If we transfer your personal data outside of the EEA, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your personal data continues to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal data or ensuring that the recipients are subscribed to “international frameworks” that aim to ensure adequate protection.
The length of time we keep your personal data is determined by various factors including the purpose for which we use that information and our legal obligations, but we will not retain for longer than is necessary.
We may need your personal data to establish, bring or defend legal claims, in which case we will retain your personal data for seven years after the last occasion on which we have used it.
The only exceptions to this are where:
We operate an Information Security Management System and use technical and organisational security measures to protect the personal data supplied by you and managed by us against manipulation, loss, destruction and unauthorised access by third-parties. Our security measures are externally audited, by BSI, and are continually improved in line with technological developments.
Use of “cookies”.
We use the following cookies:
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies are set to expire at the end of a user’s session.
Links to other websites.
If you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website
We use “social plugins” (“buttons”) of social networks such as Twitter and LinkedIn. When you visit our website, these buttons are deactivated by default. This means that without your intervention they will not send any personal data to the respective social networks. Before you can use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies (please see “Cookies” above)
After their activation a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account.
If you are a member of a social network, and do not wish it to combine data retrieved from your visit to our website with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
Subject access requests
The General Data Protection Regulation (GDPR) grants you (the “data subject”) the right to access personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to object
You, the data subject, shall have the right to object, on grounds relating to you particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which overrides the interests, rights and freedoms of you, the data subject, or for the establishment, exercise, or defence of legal claims.
Right not to be subject to decisions based solely on automatic processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the Chief Data Officer, The Turner Agency Limited, Resource House, 20 Denmark Street, Wokingham, Berkshire RG40 2BB.
Accuracy of information
To provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have a complaint
If you have a complaint about the use of your personal data or sensitive information then please contact us by writing to the Chief Data Officer, The Turner Agency Limited, Resource House, 20 Denmark Street, Wokingham, Berkshire RG40 2BB.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO)you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed due to the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.