Hello Data Subject.
In addition, data subjects may contact Lorna Fimia, Data Privacy Manager, by emailing firstname.lastname@example.org.
activereach is a UK-based business-to-business supplier of networks, collaboration, and security solutions. We have been in business and growing since 2009. We solve business problems for customers using services which involve handling all sorts of data – including personal information.
For most people reading this policy, activereach is a data controller. We collect and process personal information from you for various reasons. This policy explains what we collect, how we use it, who we share it with and your rights and the choices you can make about your data.
We have our own products and services, but also act as a value-added reseller (VAR) for selected partners, “Technology Partners”. When we supply a solution, we act as a data processor for those customers (who are typically the data controller). Our partners are our sub-processors.
In order to grow as a business, the biggest difficulty we face is getting time with a decision-maker to prove our expertise and demonstrate how we can help solve problems cost-effectively. We do several things to try and contact business decision-makers to sell our services; we run a website, we engage on social media platforms, e-mail, and telephone business people.
We rely on Legitimate Interest as a legal basis for the processing of personal data. This includes the processing of
i) employee, partner, supplier and B2B client data
ii) B2B direct marketing
Growing our business by providing the right solutions to meet a customer’s requirements is our main purpose in collecting and processing business contact information. We believe we have a Legitimate Interest in collecting business contact information and contacting people directly. We thought about how this might affect people’s privacy rights and balanced them against our interests as a business.
We believe that the limited and non-domestic nature of our use of personal information (business-to-business, public records), the lack of special categories of data, the lengths we go to to secure that data, and the tools we provide data subjects to exercise their rights over the data, is sufficient to meet a Legitimate Interest Assessment.
We follow the PECR with regards to electronic communication and ensure any phone numbers we use are pre-screened against domestic and business TPS lists.
You have the right
Also you have rights in relation to automated decision making and profiling.
You can exercise your rights to your personal information under EU GDPR and UK Data Protection by emailing email@example.com. E-mails to this address are logged on a ticketing system and tracked to closure. activereach aims to resolve any requests within 30 days, but sometimes may seek additional information to verify data subject identity prior to fulfilling requests to disclose, alter or delete information we would otherwise consider confidential.
activereach makes sure that your personal information is collected lawfully and fairly. We try hard to make sure it remains accurate, relevant and is not excessive for the purpose it is collected for. We do not re-purpose personal information we collect. We retain personal information for no longer than is necessary (although the duration varies depending on the nature of the data – CCTV images are not kept as long as e-mail contact details, for example).
Your personal information is held in systems where we employ procedural and technical controls to minimise risks to the security (Confidentiality, Integrity or Availability) of the data. If we are ever breached, we will inform the UK Information Commissioners Office (ICO) within 72 hours of being made aware of the breach – and data subjects that are at risk will also be informed. We use a process of continual security improvement – protection and testing – to minimise risk and ensure that our information systems are resistant to modern cyber threats.
We will comply with all subject access requests to have personal information deleted from our information systems. If we do delete your data following such a request, there is a chance that your personal information may reappear in our information systems during the normal course of our business activities (e.g. in data we purchase from third parties from time to time).
You have the right to lodge a complaint with the supervisory authority, UK ICO, if you are not happy with the processing of your personal data. Please visit the ICO Complaints page for details.
Before it gets to that situation, please make sure you contact our Data Privacy Manager, Lorna Fimia, at firstname.lastname@example.org. if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.
We have set internal policies on retention duration which is different for each information flow based on the principle of storage limitation and secure disposal/deletion. Specific personal data records are kept in line with the following retention policies:
Data subjects may request more specific details via a subject access request to email@example.com.
We make use of third-party processors for some of our business-critical applications (e.g. CRM application, e-mail services, web/email hosting) handling personal information flows. These store and process data in servers/data centres located in the UK. One of our sub-processors processes your personal data in the US. Standard contractual clauses are in place to ensure that any transfers to the US are made in accordance with data protection legislation.
We have mapped our information flows and activereach is satisfied that our processors meet the standards for security that we expect for ourselves and our data subjects.
Other recipients of data are:
i) Event sponsors. activereach “Technology Partners” may sponsor and co-host an event organised by activereach. activereach and the Event Sponsor(s) may provide you marketing information before, during and following the event. You can withdraw your consent for this marketing by activereach Ltd by emailing firstname.lastname@example.org. For the purposes of applicable data protection regulations, Event Sponsors will become controllers of your personal information following the event.
ii) Third party service providers/suppliers engaged by us to assist in the administration of a marketing event or marketing campaign.
iii) Third party processors that handle business-critical and marketing applications (e.g. CRM System, Email Marketing Platform, Email/Web Hosting)
iv) Suppliers handling employee data
When you land on our site, we start collecting information about who you are (IP address, browser type, language), when you came to the site, where you came from (URL of the website that referred you), what you are looking for (search terms entered, links and adverts clicked on our site), and where you go when you’re done (URL of the site you go to if you click on an outbound link on our site).
We do this to judge how good our website is, judge the effectiveness of our marketing campaigns, and try to understand, without bothering you, what information you may be looking for and whether you found it OK.
We may share non-personal aggregate statistics (group) data about our site visitors’ traffic patterns with partners or other parties. However, we do not sell or share any information about individuals to third parties.
Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer in your browser settings.
The Help portion of your web browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
If you allow them in your browser settings, the activereach site will store a persistent ‘cookie’ on your computer. This allows the site to notice when you come back to the site and improve your experience by remembering preferences and options you have selected.
We get these e-mail addresses from trade shows we attend, direct submission from our web-site or signing up to obtain a white paper. We buy in lists of e-mail addresses for people in particular roles in particular businesses and combine them with information made public through LinkedIn. We use these suppliers and take pains to only work with information providers that collect data lawfully. We also combine contact data with information collected from people browsing our website to try and build a single view of someone’s interactions across a variety of communication methods.
As such, some marketing you receive, including email marketing, may also be personalised based on your visits to activereach.net and your browsing history. In addition, when you click on some links in email marketing you receive, our email service provider may place a cookie on your browser. This type of cookie would be linked to your email address or IP address and used to gather information about the products and services you view on activereach.net. Information gathered may be used to personalize and customize future email marketing messages you receive.
Every marketing e-mail we send has an unsubscribe link that gives you the option to opt out of all future communications and marks a CRM record to not e-mail you. We also have a link to this policy, which describes more about where we got the information, what we do with it, and point data subjects to their rights under EU GDPR or UK Data Protection legislation. We are registered with, and regulated by the Information Commissioner’s Office.
These telephone calls are unsolicited, but as well as making sure all data is screened, we maintain a register of contacts that have told us ‘do not call’ and we make sure we do not call them.
Telephone calls are not automated and we make no efforts to hide our number or our identity. This approach is in line with ICO guidance on compliance with the PECR.
The company is registered with the Data Protection Registrar under reference: Z1684067.
This notice was last updated on 13/07/21