Privacy Policy

This privacy policy applies to the processing of personal data by elephant communications, a company incorporated in England and Wales, trading from The Old Barn, Apsley Farm, Wilderwick Road, West Sussex RH19 3NT

elephant communications is a business to business consultancy. We do not sell services directly to consumers and as a rule we do not seek to collect or store information on members of the public. The information we store includes personal data of individual contacts for our business clients and industry contacts, business suppliers, and the media.

Our core commitments from our privacy policy include:

  • We will keep the personal data we hold safe and private.
  • We will not sell your personal data.
  • We will use your personal data for the purpose we collected it for.
  • We will not pass on your personal data unless required by law or with your permission.
  • We will give you ways to manage, review and delete your personal data.

Types of information we collect, source and purpose for collection

We have set out below, in a table format, a description of the types of personal data we collect, the sources we collect it from, what we use it for and our legal basis for doing so.

We will process the categories of personal data listed below one or more of the following legal basis:

  • Contract: where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal Obligations: where we need to comply with a legal or regulatory obligations.

Type of personal data Source Use Legal basis

Business contact information, including name, surname, email address and telephone number.

Representatives from businesses or client organisations that express interest in our services, brief us on an assignment or with whom we have a live or ongoing dialogue.

  • email contact initiated with us
  • registration of our website or newsroom to receive information
  • Sharing of business contact information (e.g. through a business card)
  • Us following up on a verbal request for information or services.
  • Us following up on a business referral introduced to us.

To manage our relationship with your business.

Contract:

To communicate with you about our products and services.

Legitimate interests:
Identifying opportunities for prospective clients and business partners for relevant new products or services

Keeping our records up to date, working out which of our products and services may interest you and telling you about them

Contract:

Legitimate interests:
Identifying appropriate opportunities to existing and potential clients.

To share ideas on appropriate opportunities for your organisation

Contract:

Legitimate interests:
Advising on industry developments that are relevant to your business.

Media contact information, including the contact details, details of relevant journalists, reporters, newsdesks and producers for media that are relevant to our client assignments.

These business contact lists are obtained and regularly updated through the process of speaking to news desks each week.

We also subscribe to media intelligence companies, who legitimately hold journalist contact information and update details regularly.

To distribute news releases and corporate announcements for clients to the media in line with the media services they have paid for.

Legitimate interests:
Providing business advisory services to our clients

To offer journalists exclusives and relevant news information relevant to their business role.

Legitimate interests:
Fulfilling our obligations to clients to provide a business advisory service that clients have asked for and have paid for

To respond promptly to media enquiries for information

Legitimate interests:
Fulfilling our obligations to clients to provide a business advisory service that clients have asked for and have paid for

To invite reporters to relevant industry events and arrange business briefings.

Legitimate interests:

Providing business advisory services to our clients

Business supplier information, including name, surname, email address, invoice details and telephone number.

Businesses or professionals that supply us services.

To help us engage their business services as we provide a fast efficient service to our clients.

legitimate interests in running our business effectively and efficiently

To pay suppliers when we receive their invoices

Contract

To advocate their services, when appropriate to other clients and to make a business introduction for them

Legitimate interests:
Providing business advisory services to our clients

To give feedback to suppliers on work they have done for us or for our clients

Legitimate interests:
Ensuring our partners are best able to meet our clients business needs efficiently and effectively

Business partners and associates including name, surname, email address and telephone number

Contact information on business professionals, thought leaders, academics, trainers, photographers and agencies specialists we may occasionally work with together on a project or client related assignment.

We will only store basic contact information on people we know and do or have worked with.

To contact existing or potential partners of a piece of work that that can input to

Contract

To get advice from known industry contacts on a business issue

Legitimate interests
providing business advisory services to our clients

To support another business on an issue or project they have asked for help with

Contract

To involve these parties in events or campaigns we might be running

Contract

Legitimate interests
In providing business advisory services to our clients in line with their brief

To present an offer of work

Contract


Please note that depending on the purpose for which we use your personal data, we may rely on more than one legal basis for processing.

We may use your personal data for purposes other than the ones listed above. Should this be the case, we will inform you of the purpose in accordance with applicable laws and regulations.

General Public

We do not sell services direct to the public, nor ourselves store data lists on members of the general public. The only instances in which we may handle such data is if a client asks us to source a case study (customer) for a news story or if we handle a media complaint for a client. In these instances we act as data processors to our clients and act in line with our contractual and confidentiality obligations. For case studies and complaints, we handle the data that is necessary for dealing with the task in hand for a client based on our legitimate interests in protecting our clients’ reputations as and when required. Thereafter the data of a member of the general public is not stored by us.

Enquries from our website

This website, specifically the ‘contact us’ page and our ‘newsroom’ page allows you to provide personal data so that we may fulfil your requests for information such as insight reports, details of our services, business opportunities or career-related enquiries. For enquiries relating to our legitimate interests as a business consultancy, personal data is stored safely and privately. Personal data from the general public on enquiries not relating to our business activity will not be stored.

Our Cookies Policy

We may use cookies for our website. Cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the
site.

Our cookies policy can be viewed here

How we share your personal data

In order to conduct our business we may share your personal data with the following categories of recipients:

  • IT and cloud service providers
  • Payroll managers (for staff)
  • HR advisors/trainers (for staff)
  • Journalists (for client assignments)
  • Business partners (for client assignments)
  • Service providers (for relevant business assignments)

We take steps to safeguard your personal data and we have contractual provisions requiring all third party service providers to respect the security of your personal data and to treat it in accordance with our data protection policies and all applicable laws. We will not allow third party service providers to use your personal data for their own purposes and they will only be allowed to process your personal data in accordance with our instructions

Automated Decision Making

We do not carry out any automated decision making including profiling.

Security

We have put in place appropriate security measures to protect your personal data from being accidentally lost, misused or accessed in an unauthorised way, altered or disclosed. These include technical, administrative and physical security measures to ensure that any data we collect is stored and processed securely.

For example, we limit the data we hold to the extent necessary to conduct our business, we minimise the amount of archive data we hold, and we have an annual reviews of our privacy and security arrangements. Staff members are only allowed access to data we hold on work devices, work emails are not permitted on any personal device and we have restrictions on staff access to some data based on seniority and
relevance to their client role.

International transfer

We do not process or transfer your personal data outside the EEA.

How long we keep your personal data

We keep your personal data as long as it is needed to achieve our purposes listed above, as well as for the amount of time necessary to meet any legal obligations.

We do not keep your personal data for longer than necessary and usually up to 7 years. We may keep your personal data for longer than 7 years if we cannot delete it for legal or technical reasons. However, if we do, we will ensure that your privacy continues to be protected.

Your Rights

You have the following rights in relation to your personal data we hold:

Accessing personal data

You can request details of your personal data we hold. We will confirm whether we are processing your personal data and provide additional details including what kind of data we have about you, where we collected it from, how we use it (including the legal basis for our processing), how long we expect to keep it, details of any automated decision making or profiling and the safeguards regarding data transfers to non-EEA countries subject to the limitations set out in applicable laws and regulations.

If you ask us, we will provide you with a copy of your personal data free of charge. We may charge you a fee to cover our administrative costs if you request multiple copies of the same data or if the requests are manifestly unfounded or excessive.

Editing and updating personal data

At your request, we will correct incomplete or inaccurate parts of your personal data, although we may need to verify the accuracy of the new information you provide us.

Deletion of personal data

At your request, we will delete your personal data if:

  • it’s no longer necessary to retain your personal data;
  • you withdraw the consent which formed the basis of your personal data processing;
  • you have successfully objected to the processing of your personal data (see below);
  • your personal data was processed unlawfully; or
  • we are required to delete your personal data to comply with our legal obligations.

We will review requests on a case by case basis and we may not be able to comply with your request if we need to process your personal data:

  • for exercising the right of freedom of expression and
  • to comply with our legal obligations;
  • to establish, exercise or defend a legal claim; or
  • to perform a task in the public interest.

Should this be the case, we will notify you of the reasons why your request was rejected.

Restriction of processing of personal data

You have the right to request us to limit the processing of your personal data if:

  • you dispute the accuracy of your personal data;
  • your personal data was processed unlawfully and you request a limitation on processing, rather than a deletion of your personal data;
  • we no longer need to process your personal data, but you need your personal data in connection with a legal claim; or
  • you object to the processing of your personal data based on our legitimate interests pending verification as to whether we have an overriding legitimate ground for such processing.

To the extent needed, we may still keep some of your personal data to ensure we comply with your request to limit processing, or for other legal purposes.

Objecting to processing of personal data

Where we process your personal data based upon our legitimate interest (or that of a third party), you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims.

Right not to be subject to decisions based solely on automated decision making.

You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your personal data, unless you have given us your explicit consent or where they are necessary for a contract with us.

Portability of personal data

You can ask us to send you your personal data in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:

  • you provided us with the personal data;
  • the processing of your personal data is based on your consent or required for the performance of a contract; or
  • the processing is carried out by automated means.

Withdrawing consent.

To the extent we rely on your consent to process your personal data, you have the right to withdraw any consent you may have given us at any time. We will comply with your request promptly.

Filing a complaint with a data protection authority

We will try to resolve any complaints you may have but if you are not satisfied with our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.

Updates

This Privacy Policy may be updated to reflect changes in the law or to our data handling policies. Should there be a material change to this Privacy Policy, we will inform you by placing a prominent notice on our website.

Contact Us

If you have any queries in relation to this Privacy Policy or on how we process your personal data, please contact us at info@elephantcommunications.co.uk

Lasted updated 23 May 2018