Hello, thanks for reading our Data Policy.
We want you to know that we take your privacy and the security of the data we hold about you and your customers very seriously and we are committed to doing everything we can in order to protect it. Also, to let you know what we are doing with it, how we manage it and why.
Our Data Policy aims to ensure we have complete transparency across the Jacob Bailey Group and the companies and brands which fall within it. Our policy covers:
Our Data Policy has been written to ensure compliance with all applicable laws including the Data Protection Act 1998, ePrivacy 2002, superseded by the General Data Protection Act 2018 (these are collectively referred to as “data protection laws”).
Our Policy covers all and any information we collect, data provided by you or provided by one of our clients about their customers which may also include you. We do not accept any responsibility for data which you have provided to us that has been processed by a third party outside of our agreed contracted supplier list. Nor do we accept any responsibility for data you provide to another company (outside of the Jacob Bailey Group) which we may link to through our website, white papers, reports or other collateral and documentation.
The Jacob Bailey Group is a group of fully integrated and specialist creative business services agencies and consultancies who deliver Data, Technology and Creative projects for companies and brands. We carry out marketing communications, including data processing and management services for a range of clients across all sectors globally. The Jacob Bailey Group comprises:
As well as the trading name/brand:
When we refer to “we’’ or “our’’ “Jacob Bailey” or “the Jacob Bailey Group” we are referring to all and any company or brand listed as a part of the Jacob Bailey Group.
When you or a company you have signed up to chooses to work with Jacob Bailey, we will typically collect data on you both directly, through forms, and indirectly through platforms such as, but not limited to, Facebook, Twitter, LinkedIn as well as through third parties such as, but not limited to, CACI, Experian and approved data warehouses.
The data we are likely to collect will include, but is not limited to:
If we hold data, or are asked to process data for a child under 13, we will hold additional data including but not limited to:
Jacob Bailey also collects information about how you use our website, as well as how you use any website or mobile app we have built for a client, or when a client is using our SEO, PPC, Online Advertising, Email Marketing, Web Analytics or other Data Services.
We are committed to the principles of the data regulations and therefore we will only collect and process data which is collected in a lawful and transparent way, and where the company who collected the data can provide sufficient evidence of the method of collection.
In line with the data regulations we will only use the data we collect or are provided by our clients in a lawful way for legitimate and specific purposes.
We will use your personal information for a number of purposes including the following:
Provision of consultancy and marketing services:
We will only use third parties who we have audited to ensure they are fully compliant with the data protection regulations and have sufficient processes and policies in place to protect your data and personal information.
We will also only use data for marketing purposes where there is evidence of a valid opt-in consent to say that you have freely given and indicated you wish to receive such communications.
Operational purposes
In order for our business to operate we will use data we collect for Jacob Bailey clients and supplier companies in the following ways:
As a past, current or prospective client
We consider the following use of your data to be considered “Legitimate Interest” and illustrates ways in which we will use data to provide and enhance our services to you as a client of Jacob Bailey.
Management of data processes and policies
In line with the data regulations we have set out who is both responsible and accountable for privacy and data security within Jacob Bailey.
Our appointed Data Protection Officer, the individual who ensures our policies and processes are followed and enforced is:
The final point of escalation if any issue is not resolved by the above individuals is:
Operational procedures to protect data
To ensure our employees are aware and comply with data policies we:
Reviewing our policies
We want to keep your data as secure as we can so we will regularly review our processes and policies. We will review and update our policy at least every 12 months and when data regulations are updated.
Keeping you informed and up to date
We want you to know your data is in safe hands, so we will email you to let you know that we are currently storing data and personal information about you if we collect it indirectly.
We will also email you when we update our policy, providing you with a link to view the updated policy on our website.
Data we store on employees
As an employer, we hold personal data on employees including personal information around employment history, contacts and remuneration.
Data will be stored electronically within Microsoft Online and in paper format in locked filing cabinets.
Our CEO, Managing Partners and Operational Team have access to this information along with our approved HR and PAYE suppliers. All access is centrally managed.
Data we store on our clients
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Jacob Bailey. This is typically at least seven years in order to comply with tax and insurance regulations.
Data will be stored in a number of secure environments and details of all suppliers used can be found in Appendix Table A.
Data is only accessible by Jacob Bailey employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any data ceases instantly.
Data we store on behalf of our clients
We will hold data provided to us by clients for processing for as long as required to complete the service, or as long as is set out in our contract or Master Service Agreement. Unless specifically requested by our client we will hold data for a maximum of 12 months after the service we provided is complete.
Data will be stored in a number of secure environments and can be found in Appendix Table B.
All environments are tested and audited to ensure compliance and high levels of security and protection.
Data is only accessible by authorised employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any client data ceases instantly.
We want to make it easy for you to be in control of your data.
You have the right to:
Accessing your data
To access the data we hold on you please contact us with the subject “Data Access Request”. Please provide two forms of identification (copies are sufficient) from the following list to prove you are the individual requesting the data:
We will then contact you with details of how you can access the data we store on you within one month of receiving your request. Details can be found in section 9.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Your initial request will be processed free of charge. However, we will charge a reasonable fee, based on the administrative cost of providing the information, should a request be considered unfounded or excessive, particularly if it is repetitive.
We will also charge a reasonable fee based on the administration time involved to provide further copies of the same information.
Updating your data
If you notice an error in the data we hold on you, or would like us to update our records in any way then please contact us with the subject “Data update request”. We will respond within 1 month. Details can be found in section 9.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Objection to or request to restrict processing
You have the choice to object to us using your data. If you would like to object to us or our third party processor processing your data or restrict how we process your data in anyway then please contact us with the subject “Objection/Restriction of processing”. Please outline which processes (which can be found in section 2) that you wish to be removed from in the body of the email. We will respond within one month. Our contact details can found in section 10.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Deletion of data
If you would like us to delete all data and information we hold on you please contact us with the subject “Delete record”. Our contact details can found in section 10.
Please note that although we fully respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. On receiving your request we will review your request and respond to outline what data we can remove. We will endeavour to respond within 1 month.
If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.
Tracking and auditing your requests
All requests will be tracked and audited and stored in our CRM system.
In order to provide our services we may need to transfer data between:
All Jacob Bailey employees use OneDrive. All data files are saved in our secure OneDrive and an “internal only” link is sent via email – this ensures that data is not accessible outside of the Jacob Bailey network.
For UK and EU clients and suppliers we provide a secure environment for data to be uploaded. On upload we require a number of questions to be answered to prove the client and supplier has the correct levels of consent and compliance.
For International clients and suppliers, we will audit the companies Data Policy and processes to ensure compliance before we accept or share data.
Non-data file transfer
We often need to transfer large files which are over 10mb, and over most email limits. To ensure we are able to track all communications we will send:
If we suspect a data breach of any kind we will report it to the Information Commissioner’s Office immediately.
If you suspect a data breach, which you believe may have involved Jacob Bailey and the data we hold on you, please email breach@jacobbaileygroup.com with the subject “Data Breach” and we will respond within 72 hours.
This policy was last updated on: 14th September 2022
This policy will be reviewed on: 14th September 2024
Any questions around our privacy or Data Subject Access Request
Email: dpo@jacobbaileygroup.com
By Post: Attention: Data Protection Officer, Jacob Bailey, One Woodbridge Road, Ipswich, Suffolk, IP4 2EA. UK.
The Supervisory Authority for the UK is the Information Commissioner’s Office. They can be contacted here: https://ico.org.uk/
Supplier | Data Collector | Data Processor |
---|---|---|
Adobe Inc | ||
Amazon Inc | ||
Apple | ||
Atlassian PTY Ltd | ||
Bing | ||
Email Octopus | ||
Facebook Inc | ||
Freshdesk | ||
GitLab | ||
Google Inc | ||
Hotjar Ltd | ||
Infotex | ||
JotForm | ||
Laravel | ||
Logmein Inc (Lastpass) | ||
Mailchimp | ||
MailGun |
||
Microsoft Inc | ||
Paypal | ||
Pixel & Tonic Inc (Craft) | ||
SharpSpring Inc | ||
Shopify | ||
Sophos Group Plc | ||
Stripe | ||
Trustico | ||
WeTransfer |
Supplier | Data Collector | Data Processor |
---|---|---|
Adobe Inc | ||
Amazon Inc | ||
Apple | ||
Atlassian PTY Ltd | ||
Facebook Inc | ||
Freshdesk | ||
GitLab | ||
Google Inc | ||
Hotjar Ltd | ||
JotForm | ||
Laravel | ||
Logmein Inc (Lastpass) | ||
Mailchimp | ||
MailGun | ||
Melbek Technology | ||
Microsoft Inc | ||
Paypal | ||
Pixel & Tonic Inc (Craft) | ||
SharpSpring Inc | ||
Shopify | ||
Sophos Group Plc | ||
Stripe | ||
Trustico | ||
WeTransfer |