We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it.
2 Visitors to our Website
Where we collect personal data via our website (https://www.crowdcomms.com), we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.
2.1 Hubspot Cookies
You can find out about what cookies Hubspot may place on your device here.
2.2 Online Forms
If you fill out one of our website forms (e.g. our contact form), details of what you submit are stored within in our CRM. No other copy of the data you submit is stored anywhere. However, you should note that as our site uses SSL (https) the data you submit using the contact form will be encrypted once you press the “Submit” button.
Our website is hosted with Squarespace. Whilst Hubspot is a non-EU based provider, we have carried out due diligence to ensure they’re data protection compliant and they are signed up to the EU-US Privacy Shield certification, meaning they apply EU data protection principles and standards. You can read more about Hubspot and their approach to GDPR compliance here.
3 Our Use of Hubspot Inc
We use a range of Hubspot Inc services. The benefit for us is that we are able to engage with visitors to our website and those who interact with our other online services (via the website, via email, via social media, etc.). This means that if you contact us there is a possibility that Hubspot can identify the various interactions you have with us online.
When this happens any interaction you have with us, across these online services, will be recorded in our CRM against a contact record. This means, that via the use of various tracking technologies, including cookies, we maintain a record of your contact and all online interactions with us. Where we have not had any specific contact with you and are unable to identify you, you will remain anonymous and any data collected from visiting our website will not be able to identify you.
Where we do maintain a contact record for you within Hubspot it will relate to our interaction, the pages you have visited on our website, emails exchanged and any specific engagement with our social media channels.
4 People who Receive our Newsletters
If you sign up to our email mailing list via our website form, we will store your name and email address in our mailing list provider (Hubspot). Every time you receive our marketing emails we will include a link to enable you to unsubscribe should you wish to stop receiving them. We honour such requests.
5 People who Email our Office
Any emails we receive are stored via our email provider’s platform (Google G-Suite) and are accessible on our computers via our email client which uses a local copy of the emails (as
well as them being available via the Gmail web application). Access to them is protected via device and email-service passwords.
We also make use of the G-Suite tools for managing junk email and emails containing viruses. We will only keep emails within our email system for as long as it is lawful for us to do so.
6 People who Call our office
If you call our offices, using the numbers available on our website, we will add details of our discussion (as well as any personal data you have provided to us) to our Hubspot CRM. We will only record the minimal amount of information we need to be able to follow up your enquiry. The data stored remains on our system for as long as you remain an active lead for our business or for as long as you are a customer, and as required by any relevant law.
7 Our use of Social Media
We use Hubspot for the purposes of managing our social media. Where the Hubspot service allows we may make use of additional functionality which allows us to collect together certain aspects of your personal data available to us via our connections on social media.
8 People who are our Customers
To provide our services to our customers we need to collect certain pieces of data. We will only ever collect the minimal amount of information needed and it will be clear to you when we collect the data what we will be using it for. We store our customers’ information in our CRM systems to enable us to maintain your customer account.
8.1 Customers of our App Services
Where you provide us with data to set up and configure our apps for you, we will only ask you to send the minimal amount of information needed to set up the app. Once we have used the app, unless it is required for any other lawful purpose, we will delete it from our systems or return it to you (on your request). In some circumstances we may use third-party services to help us process this data for the purposes of setting up the app. When we do this, we will only use third-parties who are data protection compliant.
8.2 Hosting of our Apps
Our apps and any associated data (yours and your delegates) are stored on Amazon Web Services (AWS) servers hosted within the EEA. You can read how our use of AWS services is compliant with UK data protection laws, on the AWS website.
9 Employee Data
When someone joins our team, we will only collect and ask for personal information that is required for being an employee. This will typically be your name, address, phone number, date of birth, National Insurance number, bank details for payroll and next of kin information, etc. We ask you to provide this information for employment purposes and so that we can pay you and meet legal requirements such as providing a pension. We will also collect other data for your employee file throughout your employment with us, such as absence information, holiday requests, disciplinary or grievance information.
We will keep these records during your employment and for up to 6 years after termination of your employment. We will also keep your payroll records up to 7 years. If we record working time records, we retain these for 2 years and any immigration check information for 2 years. All the information will be stored, within our data protection compliant accounting system, securely.
If you send us application forms or your CV, we will keep the information for as long as we’re considering your application. If you become an employee, the information will be added to your personnel file and kept in line with our policy on keeping employee records. If your application is unsuccessful we will delete the information after 6 months unless you consent to us retaining them for any longer (for example for any future opportunities). All the information will be stored, within our systems, securely.
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
12 Third Party Processors
We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. On some occasions, we may also use a number of third-party organisations. In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements. We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.
13 Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website.
If you want to make a complaint about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office.
13.2 How to Withdraw Consent and Object to Processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom of the email. Otherwise, you can contact us, using the contact details below.
If you wish to raise concerns about the way we are processing your data or would like to raise an objection, then please contact Felix Stroud-Allen via email@example.com with your concerns.
13.3 Keeping your Data up to Date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.
13.4 Erasure of your Data (the “Right to be Forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If you wish to exercise your right to be forgotten, please contact us via the contact details below.
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data.
13.6 Access to your Data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request. To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
14 Disclosure of Information
We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.
15 More Information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website.
16 How to Contact Us
If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact:
Data Protection Officer
L3, The Grainstore
17 Changes to our Privacy Notice
We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on this page.