Clockwise Marketing wants to process the Subject Data that you pass to us fairly and transparently. We will only use that data for the purposes of your marketing objectives in order to optimise campaign success for your business.
To us, fairness is:
Clockwise makes use of a number of third party organisations and software applications to store and sychronise data. This is for the purposes of maintaining and recording our direct communication with new business prospects, sending out marketing communications and delivery of marketing services to our clients. Whilst the following list is not intended to be exhaustive, Clockwise typically only transfers the personal data relating to our clients where required, for the activities set out below, to the following third parties or Data Processors:
|Service Used||Data Type||Sub-Processor||Servers||Security|
|Website Hosting||IP Addresses||Memset||Wholly maintained and managed in UK and subject to all UK Legal Jurisdiction||Memset guarantee not to store, transmit or access customer hosted data outside of the UK data centres.|
|Website & Campaign Metrics
|IP Addresses||Google (Analytics)
|Google own and operate data centres around the world||Certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.|
|Implementing Email Marketing||Names, Company names, job titles, telephone numbers, email addresses||Mailchimp||Amazon Web Servers||Mailchimp have certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.|
|Running PPC Campaigns||IP Addresses||Google (Adwords)||Google own and operate data centres around the world||Certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.|
|Managing Social Media||IP Addresses, Social profiles and publicly available data||Facebook, Twitter, LinkedIn, Instagram||Custom-built servers around the world||Built-in privacy notices and settings are accepted by individual users. GDPR requires the Social Media organisations to have an accountable EU representative that can be held to account for GDPR compliance of the organisation, within Europe.|
|Working with your prospects and Leads for other Marketing Purposes||Names, Company names, job titles, telephone numbers, email addresses, social data||OnePage CRM||Amazon Web Servers||Certified compliance with EU-US Privacy Shield
Comodo SSL certificate
|Project Management||Client names, emails, passwords, and any files uploaded and shared within Project File||Teamwork||Amazon Web Servers||Certified compliance with EU-US Privacy Shield.
Secure access over HTTPS (SSL) is provided with all “Teamwork.com” domains. Data-centers have passed the SSAE16 audit.
|Accounting||Names, email addresses, business telephone number, business postal addresses,business bank account details, employee payroll numbers||Xero||Top-Tier, Third party services located in US to host online and mobile data – with agreements in place to use European Commission model contract clauses.||Two-step authentication for account access. Data is encrypted using industry-standard data encryption, multiple layers of firewalls are in place, all access to data centres and servers is controlled and monitored 24/7, and regular security audits are performed.|
Clockwise will update this list as our systems and operations evolve – and inform you accordingly.
WordPress is our most used web platform and CMS. Some usual ways in which a standard WordPress site might collect user data:
All data is stored with Memset on EU Servers, but if you are collecting visitor data and your website does not have a security certificate – you are not GDPR compliant. Clockwise recommends purchasing an SSL certificate.
To maintain data accuracy and ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your Subject Data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub-Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with GDPR and other EU legislation. Data is stored on servers within the UK, EU, or on Amazon Web Servers that are certified under the EU-US Privacy Shield.
In the event of a security breach that may affect you, we’ll notify you of the breach without undue delay after becoming aware of it. We will provide a description of what happened and later report the action we took in response.
When we are working on marketing campaigns or one-off projects for clients – we only use the data that you supply, for the purposes of the campaign or project – and the data remains the property of the client. We do not share, sell or pass any data on to third parties for any other purpose than that of your campaign. We will either delete your data immediately after the campaign or hold it for your next campaign – as per your instructions.
By providing personally identifiable information to Clockwise, or by entering into a contract with Clockwise that requires such processing, you, the Client are agreeing that you accept this Data Protection Notice and that Clockwise is authorised to process the data supplied.
No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event the security provisions will be compliant with the applicable Data Protection Laws.
Data Controllers, Processors or any other concerned parties wishing to discuss matters relating to data protection, such as concern over processing of data or enquiries regarding a possible data breach or security incident, please email firstname.lastname@example.org or write to:
Data Protection Officer
Reigate Hill House
28 Reigate Hill
The email address is monitored within working hours and you should receive a reply within 2 working days.