Addendum for Clients

Clockwise Marketing is a Data Processor to its business-to-business and business-to-consumer clients – because we work with personably identifiable data in the implementation of your marketing campaigns

Clockwise Marketing wants to process the Subject Data that you pass to us fairly and transparently.  We will only use that data for the purposes of your marketing objectives in order to optimise campaign success for your business.

To us, fairness is:

  • using information in a way that people would reasonably expect
  • thinking about the impact of our processing and if it will have unjustified adverse effects on you or your business
  • ensuring that you understand how we intend to use your data
  • giving you the freedom and opportunity to express your data preferences to us
  • abiding by your preferences

 

Where and how is data held?

Clockwise makes use of a number of third party organisations and software applications to store and sychronise data. This is for the purposes of maintaining and recording our direct communication with new business prospects, sending out marketing communications and delivery of marketing services to our clients.  Whilst the following list is not intended to be exhaustive, Clockwise typically only transfers the personal data relating to our clients where required, for the activities set out below, to the following third parties or Data Processors:

Service UsedData TypeSub-ProcessorServersSecurity
Website HostingIP AddressesMemsetWholly maintained and managed in UK and subject to all UK Legal JurisdictionMemset guarantee not to store, transmit or access customer hosted data outside of the UK data centres.
Memset Data Security
Website & Campaign MetricsIP AddressesGoogle (Analytics)Google own and operate data centres around the worldCertified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.
Google Data Security
Implementing Email MarketingNames, Company names, job titles, telephone numbers, email addressesMailchimpAmazon Web ServersMailchimp have certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.
Mailchimp Data Security
Running PPC CampaignsIP AddressesGoogle (Adwords)Google own and operate data centres around the worldCertified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.
Google Data Security
Managing Social MediaIP Addresses, Social profiles and publicly available dataFacebook, Twitter, LinkedIn, InstagramCustom-built servers around the worldBuilt-in privacy notices and settings are accepted by individual users. GDPR requires the Social Media organisations to have an accountable EU representative that can be held to account for GDPR compliance of the organisation, within Europe.
Facebook Data Privacy
Twitter Data Privacy
LinkedIn Data Privacy
Instagram Data Privacy
Working with your prospects and Leads for other Marketing PurposesNames, Company names, job titles, telephone numbers, email addresses, social dataOnePage CRMAmazon Web ServersCertified compliance with EU-US Privacy Shield. Comodo SSL certificate
OnePage Data Security
Project ManagementClient names, emails, passwords, and any files uploaded and shared within Project FileTeamworkAmazon Web ServersCertified compliance with EU-US Privacy Shield.
Secure access over HTTPS (SSL) is provided with all “Teamwork.com” domains. Data-centers have passed the SSAE16 audit.
Teamwork Data Security
AccountingNames, email addresses, business telephone number, business postal addresses, business bank account details, employee payroll numbersXeroTop-Tier, Third party services located in US to host online and mobile data – with agreements in place to use European Commission model contract clauses.Two-step authentication for account access. Data is encrypted using industry-standard data encryption, multiple layers of firewalls are in place, all access to data centres and servers is controlled.
Xero Data Security

Clockwise will update this list as our systems and operations evolve – and inform you accordingly.

 

How can I ensure that my website visitor’s data is secure?

WordPress is our most used web platform and CMS.  Some usual ways in which a standard WordPress site might collect user data:

  • user registrations
  • comments
  • contact form entries
  • analytics and traffic log solutions
  • any other logging tools and plugins
  • security tools and plugins

All data is stored with Memset on EU Servers, but if you are collecting visitor data and your website does not have a security certificate – you are not GDPR compliant. Clockwise recommends purchasing an SSL certificate.

 

How does Clockwise ensure data is secure?

To maintain data accuracy and ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your Subject Data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub-Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with GDPR and other EU legislation. Data is stored on servers within the UK, EU, or on Amazon Web Servers that are certified under the EU-US Privacy Shield.

 

How do we notify you if there is a security breach? 

In the event of a security breach that may affect you, we’ll notify you of the breach without undue delay after becoming aware of it. We will provide a description of what happened and later report the action we took in response.

 

What is our policy on holding and deleting your data?

When we are working on marketing campaigns or one-off projects for clients – we only use the data that you supply, for the purposes of the campaign or project – and the data remains the property of the client. We do not share, sell or pass any data on to third parties for any other purpose than that of your campaign. We will either delete your data immediately after the campaign or hold it for your next campaign – as per your instructions.

 

Your Consent

By providing personally identifiable information to Clockwise, or by entering into a contract with Clockwise that requires such processing, you, the Client are agreeing that you accept this Data Protection Notice and that Clockwise is authorised to process the data supplied.

No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event the security provisions will be compliant with the applicable Data Protection Laws.

Data Controllers, Processors or any other concerned parties wishing to discuss matters relating to data protection, such as concern over processing of data or enquiries regarding a possible data breach or security incident, please email enquiries@clockwise.co.uk or write to:

Data Protection Officer
Clockwise Marketing
Reigate Hill House
28 Reigate Hill
Reigate
Surrey
RH2 9NG

The email address is monitored within working hours and you should receive a reply within 2 working days.