Loading

Data Protection Notice Addendum for Clients

Clockwise Marketing is a Data Processor to its business-to-business and business-to-consumer clients – because we work with personably identifiable data in the implementation of your marketing campaigns.

Clockwise Marketing wants to process the Subject Data that you pass to us fairly and transparently.  We will only use that data for the purposes of your marketing objectives in order to optimise campaign success for your business.

To us, fairness is:

  • using information in a way that people would reasonably expect
  • thinking about the impact of our processing and if it will have unjustified adverse effects on 1) Data Subjects, 2) you as Controller, or 3) your business
  • ensuring that you are fully aware of the Sub-Processors we use
  • fully understanding the security measures in place with our sub-processors and communicating this with you
  • giving you the freedom and opportunity to instruct us on how we use your Subject Data
  • abiding by your preferences and instructions
Where and how is data held?

Clockwise makes use of a number of third party organisations and software applications to store and sychronise data. This is for the purposes of maintaining and recording our direct communication with new business prospects, sending out marketing communications and delivery of marketing services to our clients.  Whilst the following list is not intended to be exhaustive, Clockwise typically only transfers the personal data relating to our clients where required, for the activities set out below, to the following third parties or Data Processors:

Service Used Data Type Sub-Processor Servers Security
Website Hosting IP Addresses Memset Wholly maintained and managed in UK and subject to all UK Legal Jurisdiction Memset guarantee not to store, transmit or access customer hosted data outside of the UK data centres.

Memset Data Security

Website & Campaign Metrics

 

IP Addresses Google (Analytics)

 

Google own and operate data centres around the world Certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.

Google Data Security

Implementing Email Marketing Names, Company names, job titles, telephone numbers, email addresses Mailchimp Amazon Web Servers Mailchimp have certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.

Mailchimp Data Security

Running PPC Campaigns IP Addresses Google (Adwords) Google own and operate data centres around the world Certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.

Google Data Security

Managing Social Media IP Addresses, Social profiles and publicly available data Facebook, Twitter, LinkedIn, Instagram Custom-built servers around the world Built-in privacy notices and settings are accepted by individual users.  GDPR requires the Social Media organisations to have an accountable EU representative that can be held to account for GDPR compliance of the organisation, within Europe.

Facebook Data Privacy

Twitter Data Privacy

LinkedIn Data Privacy

Instagram Data Privacy

Working with your prospects and Leads for other Marketing Purposes Names, Company names, job titles, telephone numbers, email addresses, social data OnePage CRM Amazon Web Servers Certified compliance with EU-US Privacy Shield

Comodo SSL certificate

OnePage Data Security

Project Management Client names, emails, passwords, and any files uploaded and shared within Project File Teamwork Amazon Web Servers Certified compliance with EU-US Privacy Shield.

Secure access over HTTPS (SSL) is provided with all “Teamwork.com” domains.  Data-centers have passed the SSAE16 audit.

Teamwork Data Security

Accounting Names, email addresses, business telephone number, business postal addresses,business bank account details, employee payroll numbers Xero Top-Tier, Third party services located in US to host online and mobile data – with agreements in place to use European Commission model contract clauses. Two-step authentication for account access.  Data is encrypted using industry-standard data encryption, multiple layers of firewalls are in place, all access to data centres and servers is controlled and monitored 24/7, and regular security audits are performed.

Xero Data Security

Clockwise will update this list as our systems and operations evolve – and inform you accordingly.

 

How can I ensure that my website visitor’s data is secure?

WordPress is our most used web platform and CMS.  Some usual ways in which a standard WordPress site might collect user data:

  • user registrations
  • comments
  • contact form entries
  • analytics and traffic log solutions
  • any other logging tools and plugins
  • security tools and plugins

All data is stored with Memset on EU Servers, but if you are collecting visitor data and your website does not have a security certificate – you are not GDPR compliant. Clockwise recommends purchasing an SSL certificate.

 

How does Clockwise ensure data is secure?

To maintain data accuracy and ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your Subject Data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub-Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with GDPR and other EU legislation. Data is stored on servers within the UK, EU, or on Amazon Web Servers that are certified under the EU-US Privacy Shield.

 

How do we notify you if there is a security breach?

In the event of a security breach that may affect you, we’ll notify you of the breach without undue delay after becoming aware of it.  We will provide a description of what happened and later report the action we took in response.

 

What is our policy on holding and deleting your data?

When we are working on marketing campaigns or one-off projects for clients – we only use the data that you supply, for the purposes of the campaign or project – and the data remains the property of the client.  We do not share, sell or pass any data on to third parties for any other purpose than that of your campaign.  We will either delete your data immediately after the campaign or hold it for your next campaign – as per your instructions.

 

Your Consent

By providing personally identifiable information to Clockwise, or by entering into a contract with Clockwise that requires such processing, you, the Client are agreeing that you accept this Data Protection Notice and that Clockwise is authorised to process the data supplied.

No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event the security provisions will be compliant with the applicable Data Protection Laws.

Data Controllers, Processors or any other concerned parties wishing to discuss matters relating to data protection, such as concern over processing of data or enquiries regarding a possible data breach or security incident, please email enquiries@clockwise.co.uk or write to:

Data Protection Officer
Clockwise Marketing
Reigate Hill House
28 Reigate Hill
Reigate
Surrey
RH2 9NG

The email address is monitored within working hours and you should receive a reply within 2 working days.