All Response Media Privacy Statement
ALL RESPONSE MEDIA (“ARM”) is committed to protecting the privacy of all information we process. We will always process your personal information in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR), the Data Protection Act, and the Privacy and Electronic Communication Regulations.
This privacy statement discloses the privacy practices for all products and services owned and provided by ARM.
ARM collects information from our website users, subscribers, customers and prospects. The information below describes what information we collect and how it is used. Additional information about cookies collected and their functions can be noted in our Cookie Policy.
INFORMATION COLLECTION AND USE
UK Data Protection within All Response Media is regulated by the Information Commissioner’s Office (ICO) which is the supervisory authority for the UK and can be contacted at ico.org.uk/concerns. The Company’s registration number is Z7221184 and further details of the Data Protection register entry can be found on the Information Commissioner’s public register.
Dutch Data Protection within All Response Media is regulated by the Dutch Data Protection Authority, which is the supervisory authority for the Netherlands, and can be contacted at info@autoriteitpersoonsgegevens.nl.
The Company has appointed a Data Protection Officer, who can be contacted at armdpo@datacompliant.co.uk.
INFORMATION COLLECTION AND USE
We collect and process personal data provided by users of our websites, registrants for our events, recipients of our email newsletters and all of our customers. We also collect personal data from third parties, only when we have satisfied ourselves that they comply with all relevant data protection legislation.
ARMalytics®
Our bespoke market-leading media analytics system, ARMalytics®, is used by our clients and staff to gather insights about media performance across all media channels. When users log into this system, we utilise email addresses of our client users for authentication and to share system news and updates. We also use the IP address and mobile device IDs (from our iOS app) to combat security threats. This data is only used internally. Only necessary ARM staff and system developers have access to this information. ARM acts as data controller for these personal data assets used with ARMalytics®. More on formation about the privacy and cookies of this application can be noted at https://armalytics.com/StaticPages/Privacy .
Our legal basis for processing this data is Contractual Obligation.
Email Newsletters
If users wish to subscribe to our email newsletters, we ask for contact information (email address). We use this information to send out newsletters and we use aggregate demographic information about our audience to improve our service, for marketing purposes and/or industry reporting purposes.
We also use third party sources to provide relevant, targeted business email addresses to whom we send email newsletters. We check to ensure that those third parties comply with all relevant data protection legislation before taking personal data from them.
Our legal basis for processing this data is Legitimate Interests. We have conducted a balancing test within our documented Legitimate Interest Assessment. Recipients are given the opportunity to unsubscribe on every email we send.
Surveys and Contests
From time-to-time, we invite users to provide information via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether to disclose requested contact information (such as name and email address) and demographic information (such as postcode or job title). In addition to other uses set forth in this policy, contact information collected in connection with surveys and contests is used to notify the winners and award prizes, to monitor or improve the use and satisfaction of the site, and may be shared with sponsors of such surveys or contests.
Our legal basis for processing contact data is fulfilment of a contract.
Website Blogs and Contact Forms
When viewing certain areas of this website (for example the contact forms and blog comments) users are asked to give their contact information (such as name, email address, and company name) if they wish to sign up to our communications or make an enquiry. For internal purposes, we use this information to communicate with users and provide requested services, and, for our website visitors, to provide a more personalised experience on our sites. We use aggregate demographic information about our audience to improve our service, for marketing purposes and/or industry reporting purposes.
Our legal basis for processing this information is Legitimate Interests and we have conducted a Legitimate Interest Assessment.
Client Data
We collect and process IP addresses, postcodes and other personal data indicators provided to us by our clients in order to analyse and provide media analytics for them. Wherever possible the data is anonymised before we receive it. ARM acts as data processor and has robust Data Processor Agreements with all its clients.
We process this data under the legal basis of Contractual Obligation.
Applications to Work for Us
We collect and process name, contact details, work experience and interview notes when you apply to work for us. When you provide this information directly to us, our legal basis for processing this information is contractual obligation.
Your personal information may also be passed to us by a third party such as a recruitment agency to whom you have provided this information, and where you have given your consent for them to share your personal data with us.
Suppliers
We collect and process name, contact details, work experience and interview notes when you apply to work for us. When you provide this information directly to us, our legal basis for processing this information is contractual obligation.
We collect and process the personal data provided to us by our suppliers, including name, address, contact details, company name, trading address, registration number, website, VAT number and so on, for the purposes of meeting our contractual obligations into which we have entered.
Website Tracking Data Collection
Our websites have features that use cookies to collect information from user devices, to deliver content specific to users’ interests and to honour their preferences. This information assists us in creating sites that will serve the needs of our users.
For our internal purposes, we gather date, time, browser type, navigation history and IP address of all visitors to our site. We use this information for our internal security audit log, trend analysis and system administration, and to gather broad demographic information about our user base for aggregate use.
We also use a third party, Lead Forensics, to collect IP addresses from visitors to our website, which they then match to a business profile, which they pass to us. The data provided to us does not include contact data – simply the business profile associated with the IP address. ARM will then use that data to identify and contact businesses with a demonstrable interest in its services.
We may combine demographic information supplied by a subscriber at registration with site usage data to provide general profiles, in aggregate non-personally identifiable form, about our users and their preferences in the content of the site and advertising. We may share this aggregated information with our advertisers and business affiliates to help them better understand our services.
Some of our business affiliates use cookies on our sites in ads or promotions. However, we have no access to or control over these business affiliates’ cookies; we urge users to read their privacy policies for information.
Please see our Cookie Policy page for more information about the cookies we use.
COMMUNICATION
Communication with Us
We have features where users can submit information to us (such as our contact forms). To best respond to specific enquiries and provide support, contact information may be forwarded as needed to other internal business functions. We may retain emails and other information sent to us for our internal administrative purposes, and to help us to serve customers better.
Our legal basis for processing this information is Legitimate Interests and we have conducted a Legitimate Interest Assessment.
Communication from Us
In order to best serve our customers, we may send updates that contain important information about our sites and services. For example, we send new members a welcoming message, and verify passwords and usernames for our password-protected sites. We offer our users the option to receive information about our company, related products, services and special deals.
Our legal basis for processing this information is Contractual Obligation.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
All personal data will be held in accordance with our company retention and deletion policy. We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely.
The actual period for which we store your personal information will vary depending on the type of personal information and how it is used. Where necessary, we shall keep your personal data for as long as required to do so by law, and where required to establish, exercise or defend our legal right.
SHARING YOUR INFORMATION
We do not share your personal data with other companies, apart from those acting as our agents in providing our product(s)/service(s), and which agree to use it only for that purpose and to keep the information secure and confidential. In all such cases, we have a robust data processor agreement in place.
Also, our parent, subsidiary and affiliate companies, entities into which our company may be merged, or entities to which any of our assets, products, sites or operations may be transferred, will be able to use personal information. In all such cases, we have a robust data sharing agreement in place.
We will also disclose information we maintain when required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to a law enforcement agency’s request, or in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property. We may share aggregate information, which is not personally identifiable, with others. This information may include usage and demographic data, but it will not include personal information.
Security
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, technical, electronic, organisational and managerial procedures to safeguard and secure the information we collect online. We use state of the art technology for processing and storing data, and data transfers , including encryption, and access control. Your personal data is processed with confidentiality and integrity.
In addition, access to all of our users’ information, not just the sensitive information mentioned above, is restricted. Only employees who need the information to perform a specific job (for example, members of the finance department or a client account teams) are granted access to personally identifiable information. Finally, the servers on which we store personally identifiable information are kept in a secure environment.
Data Transfers
Your personal data may be stored, processed, and transferred outside the EEA so that we can use your personal data as described in this policy.
We will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. European data protection laws include specific rules on transferring personal information outside the EEA.
When transferring personal information outside the EEA, we will:
- Include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the General Data Protection Regulation (GDPR)); or
- Ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the GDPR.
YOUR RIGHTS AND CONTROL OVER YOUR PERSONAL DATA
Under the General Data Protection Regulation, you have the following rights:
Subject access request: you have the right at any time to ask us what personal information we hold about you and to be provided with a copy. If you make more than one such request, we will be entitled to charge a reasonable fee for the second and subsequent requests.
Withdraw consent: where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.
Right to object: the right to ask us not to process your personal data for marketing purposes; from the very first communication from us and every marketing communication we send after you will have the right to object to marketing.
Accuracy: you have the right to ask us to correct or complete any information we hold that you consider to be inaccurate or incomplete. If you believe this is necessary, please tell us as soon as possible. The accuracy of your personal data is important to us. If you find any inaccuracy in your data at any time, we will delete or correct it promptly at your request. Proof of identity may be required in some circumstances.
Right to erasure: You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that we hold about you if, for example, you consider that this information is no longer necessary for the purpose for which we collected it. This is sometimes referred to as “the right to be forgotten”; that the restriction is respected in the future.
Suspend processing: The right to ask us to suspend processing of your data if: (i) you consider that it is inaccurate; or (ii) its processing is unlawful but you do not wish us to delete it; or (iii) we no longer require the data but you need us to keep it for a legal claim; or (iv) you object to the processing and we are verifying whether we have a legitimate reason to continue processing it.
Portability: The right to be provided with a copy of the data that we hold about you in a commonly used electronic format. This is sometimes referred to as “data portability”.
Access your personal data by making a subject access request
You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. As data controller, we will be as clear and transparent as possible and uphold any requests for data disclosure or amendment as soon as possible.
To protect your privacy and security we may need to verify your identity before disclosing or deleting your data.
How to contact us
The Company has appointed a Data Protection Officer. To exercise any of your rights above, please contact us on armdpo@datacompliant.co.uk. Or write to us at Data Protection Officer, All Response Media Limited, Sutton Yard, 65 Goswell Road, London, EC1V 7EN.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to make a complaint to data protection regulator. To do so, please contact:
UK: The Information Commissioner’s Office (ICO)
The ICO is the UK’s independent body set up to uphold your rights to data privacy. The ICO can be contacted at the following address:
The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF.
Tel: +44 (0) 01625 545 745
Website: www.ico.org.uk
Netherlands: Dutch Data Protection Authority
Authoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG
Tel: +31 (0) 70 888 85 00
Website: www.autoriteitpersoonsgegevens.nl
Links
Our website contains links to and details of other websites that are outside our control and are not covered by this Privacy Policy. All Response Media Limited is not responsible for the privacy practices or content of such other sites. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. We encourage our users to be aware when they leave our site and to read the privacy statements of each web site to which we may link, before providing them with your personal data.
Notifications and changes
If we change our privacy policy, we will post those changes on this page so our users are aware of what information we collect, how we use it and under which circumstances, if any, we disclose it. Users should check this policy frequently to keep abreast of any changes.
For questions about this privacy statement, the practices of this site or any dealings with All Response Media, contact our head office at:
All Response Media
Sutton Yard
65 Goswell Road
London
EC1V 7EN
Email: armdpo@datacompliant.co.uk
2021 © All Response Media
