Date of Last Update: January 2021
1. Definitions and Interpretation
Collectively all information that you submit to ANDigital via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;
Data Protection Laws;
Any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/ec (Data Protection Directive) or the GDPR, and Data Protection Act 2018 (UK).
The General Data Protection Regulation (EU);
We or us, ANDigital Ltd,
User or you, Any third party that accesses the Website and is not either (i) employed by ANDigital and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to ANDigital and accessing the Website in connection with the provision of such services; and
The Website that you are currently using, https://www.and.digital or known as AND Digital, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
- the singular includes the plural and vice versa;
- a reference to a person includes firms, companies, government entities, trusts and partnerships;
- "including" is understood to mean "including without limitation";
- reference to any statutory provision includes any modification or amendment of it;
We are committed to protecting and respecting the privacy of our clients, prospective clients and the users of the Website. This Privacy Notice sets out the basis on which your personal data, as a client, prospective client or visitor of our Website, will be processed by us as a controller. If you are applying for an open job role at AND Digital, please visit our Recruitment Privacy Notice on Workable. If you visit our Website, we may use your personal data in connection with your request for or use of our Services. Our Services and the Website is not intended for children and we do not knowingly collect data relating to children under the age of 13.
The responsible data controller in the meaning of Art. 4 No. 7 GDPR is:
ANDigital Ltd.,1 Bell Street, Maidenhead, SL6 1 BU; Company Registration Number: 08761455; Email: firstname.lastname@example.org; Website: www.and.digital
In accordance with UK and European Economic Area (“EEA”) data protection laws, we are the controller of the personal data that you provide to us or that we collect from you. We are responsible for safeguarding your personal data which will be processed in accordance with this Privacy Notice.
You can contact the data protection officer via email at: email@example.com.
3. Data Collection
We collect Data in the following ways:
- Data is given to us by you (completing a form); and
- Data is collected automatically (from Data providers and cookies)
3.1: Data that is given to us by you
This type of Data is considered personal Data. This refers to any information about an individual from which that person can be identified. ANDigital will collect your Data in a number of ways, for example:
- When you contact us through the Website by filling out an enquiry form, post, email, or through any other means, and
- any other information you chose to share with us.
Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.
3.1.1 What personal data do we process?
- Identity Data: this may include your full name, company name, current job title, historic job roles and employers, geographical location and other personal identifiers. Any additional data that you provide to us during any conversations you have with us for the purposes of contractual or relationship management (such as the nature of your relationship with us).
- Professional Contact Data: this may include your email address and any other contact details you may choose to provide to us.
- Feedback and Enquiry Data: Additional data may be collected about you from the correspondence that you send to us, any client testimonials that you provide us with, any conversations you have with us and any feedback you give us.
- Special Requirements Data: you may choose to provide us with optional information such as your dietary and mobility requirements for the purposes of making reasonable adjustments for our events, however, this data is not retained in our database after the event you have attended has ended.
3.1.2 Why do we process personal data given to us by you?
Provide our Services to you as a client
- Including, registering you as a client on our customer relationship management system and sharing your information with our third-party service providers which facilitate the provision of our Services.
Relationship Management & Business Development
- To provide our customer service to you;
- To send you service communications about matters relevant to your use of our Service such as changes to our terms and conditions;
- To communicate with you if you have asked us a question or made a complaint with us;
- To send you marketing and promotional material about our products or Services in accordance with direct marketing laws; and
- To contact you for feedback on our Services
- To use references and testimonials as provided by our client’s employees as business development materials (with that employee’s express permission); and
- To use third party data sources such as Companies House to verify company director/shareholder details.
- To respond to your enquiry if you contact our customer service team on our Website
- To register you for one of our events on our Website
- To enable you to download content from our Website
- To contact you with details of our services if you request them on our Website
Complying with legal and regulatory requirements
- To comply with certain legal and regulatory requirements to which we or regulators or law enforcement agencies are subject.
- To establish, exercise or defend legal claims
3.1.3 What is our lawful basis for processing data given to us by you?
- To perform our contract with you or to take necessary steps at your request prior to entering into a contract with you;
- To satisfy our legitimate interests (to run and operate our Services and the Website, understanding you better to provide a better service to you, run our business and maintain our records);
- To comply with our legal duties;
- Your express consent (where legally required to do so).
- Your explicit consent when processing any special category data.
If you are:
- a business customer (including, a director, officer or employee of the organisation); or
- have previously purchased products and/or services from us;
we will assume you are happy to receive relevant marketing communications unless you have previously opted out of such communications. This is based on our legitimate interests in promoting our business and to provide you with offers for relevant products/services.
If you change your mind about this, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email or by emailing firstname.lastname@example.org.
If you choose to withdraw your consent to receiving these marketing emails, we will still be able to send you service emails that are necessary for our relationship with you.
The law treats some types of personal data about you as “special” and such data requires more protection because of its sensitive nature. This includes information about your race, religion, health, sex life, sexual orientation or criminal offences. We will only collect or use this type of personal data (a) with your explicit consent or (b) if the law requires us to do so. For example, if we collect information about your dietary preferences or mobility requirements for the purpose of making reasonable adjustments at our events, we will only collect such information with your explicit consent.
We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
3.2 Data collected automatically (from Data providers and cookies)
What personal data do we process?
- Technical Data: we may automatically collect data regarding general technical use of the Website, such as your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also receive technical data about you if you visit other websites through the Website using our cookies. For more information about cookies, please see section 8, below.
- Usage Data: we may generate information about how you navigate and engage with our Website and download materials and online activity data such as clickstream data, page interaction information, your preferences (including country and language) and methods used to browse away from our content or Website.
- Location: we can identify the country that you are located in based on your IP address.
3.2.1 Why do we process this personal data?
- To use data analytics to improve our Services, Website, marketing, user and customer relationships and experiences
- To identify any problems, defects or issues with the Website
- To optimise the performance of the Website
- To improve future versions of the Website
- To monitor operations, user activity and networks for fraud prevention and crime detection
3.2.2 What is our lawful basis for processing data collected automatically?
To satisfy our legitimate interest (to detect and prevent fraud and illegal conduct, understand you better to provide a better service to you, enable you to use the Website most effectively, improve the usability of the Website and make any necessary modifications and updates to the Website).
Necessary for compliance with a legal obligation to which we are subject.
4. Sharing your personal data
By using our Services and the Website, we may need to disclose your personal data to the following categories of third parties in limited circumstances so that we can provide our Services to you, operate our Website and comply with our legal duties.
- With our third-party service providers: your personal data may be held and processed securely by us on the dedicated systems supplied, monitored and maintained by our third-party infrastructure providers, and by any other third-party service providers we may use, such as our Website hosting provider, customer relationship management provider, email marketing provider, analytics, security operations and other third-party service providers.
- In corporate transactions: we may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
- Regulators or law enforcement agencies: we may disclose your personal information if reasonably necessary with regulators, law enforcement agencies or where mandatory under a court order: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.
- To enforce our legal rights: we may also share your personal data: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We may also need to share your personal data to comply with the law; to enforce our Terms and Conditions; to protect the rights, property or safety of us, other individuals/organisations; or where you have given us your consent to do so.
You can ask us for more information about these organisations by contacting us using the details at the top of this policy.
5. Keeping data secure
We use technical and organisational measures to safeguard your Data to make sure it is not lost, used or accessed in any unauthorised way. However, we cannot guarantee your personal data will be free from every security risk that may be possible when your information is sent to and from the Website. We have certain measures in place to keep your data secure:
- We store your Data on secure servers; and
- We will not sell, rent, or lease mailing lists or other customer Data to others and we will not make your personal information available to any unaffiliated third parties; and
- We limit access to your Personal Data to employees and partner third parties. They will only process your Data on our instructions and they are also bound by security and confidentiality.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The Website may include links to third-party websites which may collect your personal data. We have no control over what these websites do with your personal data. Please check the policies on these websites which will tell you what they do with your personal data.
5.1 Storing your personal data
We will not transfer or store your personal data outside of the European Economic Area (EEA) (or the UK to the extent the UK is no longer part of the EU), except to selected third parties that we have instructed to help us provide the services to you.
If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.
We will only share your personal data with countries and organisations that:
The European Commission has deemed as having equivalent data protection laws as in the EEA; or
We have entered into a contract with and which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK – please click here for a link to the standard contractual/data protection clauses.
If there are any other circumstances that would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA.
You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 2 of this Notice.
6. Retention of Data
Generally, we will keep your personal data for as long as you are a client of our Services. After this, we may keep your personal data for up to 6 years (or longer where the law requires) so that we can communicate with you about any questions you may have after you have stopped being a client of our Services or to comply with the rules on accounting, reporting or any other law. If you are a prospective client, we will keep your personal data for as long as you continue interacting with us. In all other scenarios, we store your personal data in line with legal, regulatory, financial and good-practice requirements.
7. Third-party applications
ANDigital Ltd shares your personal data with third parties, in particular non-ANDigital parties, only with your express consent or under another lawful basis for processing under the applicable law.
Categories of non-ANDigital parties with which we share your personal data include vendors such as host and cloud service providers, marketing and mailing agencies, and sub-contractors involved in the fulfilment of our contractual obligations towards our clients. The legal basis for this processing is Art. 6(1)(f) GDPR.
7.1: Google Analytics
We use Google Analytics to analyse the use of this Website, including information about your computer and about your visits to and use of this Website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and Website navigation). Google Analytics generates statistical and other information about Website use by means of cookies, which are stored on users' computers. The information generated relating to our Website is used to create reports about the use of the Website. The information generated by these cookies is transmitted to Google’s location in the US and stored there.
Google may also transfer this information to third parties where required to do so by law or where such third parties process this data on Google’s behalf. Google states that it will never associate your IP address with other data held by Google. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.
7.2 Google Tag Manager
- Google Analytics
- Google Ads Conversion Tracking
- LinkedIn Insights
We use third-party marketing software provided by HubSpot, Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA (“HubSpot”), to store marketing information data, send emails and analyse website performance further.
HubSpot stores all marketing contact information that you provide to us, so that we can integrate its email and automation features to send you communications about our services where you have directly consented or we believe serves our legitimate interests. HubSpot also collects website data similar to Google Analytics such as referrer, pages you’ve viewed on our site and the actions you have taken. All browsing data is anonymous unless you directly submit your personal details to one of our contact forms on the website.
HubSpot also collects anonymised data on the actions users take in any email they receive from us, including which links in the email they have clicked, time spent viewing the email, and email client they use to open the email.
7.4: LinkedIn Insights Tags
We use the “LinkedIn Insight Tag” of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (“LinkedIn”) on our website. It helps us with in-depth campaign reporting and insights about our website visitors. It can also be used to track conversions, retarget website visitors, and unlock additional insights about members interacting with our ads on LinkedIn.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. This data is encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days.
LinkedIn does not share personal data with us, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling us to show personalized ads off our website by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
All this is in accordance with LinkedIn terms and cookie policies.
7.5 Twitter Tailored Audience
Tailored audiences is the tool of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, www.twitter.com (“Twitter”), used to target existing users and customers to create remarketing campaigns. Targeting activity can include directly reaching out to users or visitors to the Thoughtworks website and campaign pages and/or retargeting previous customer lists. Twitter sets a minimum size limit for a tailored audience to 500 users. If the tailored audience does not match 500 Twitter users, it will display as "audience too small" and will not be available for targeting. Details about Twitter’s policies for conversion tracking and tailored audiences can be found here.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
We use Eventbrite, Inc., 535 Mission Street, 8th Floor, San Francisco, CA 94105, (“Eventbrite”), to advertise events we host online and in-person.
When you register for an event, sign up for communications, enter a contest, or otherwise input your Personal Data (such as through a web form) to communicate with us or participate in an event hosted by us, we will receive that information. We may then send you marketing or other communications based on the event and other services we believe serve our legitimate interests.
‘Cookies’ are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website and your overall user experience may be affected.
To learn how to manage cookies and how they affect your online activities, please visit www.aboutcookies.org
You can also learn how to manage and delete cookies at https://www.aboutcookies.org/how-to-manage-and-delete-cookies
8.1 DoubleClick Cookie
You may opt-out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings (http://www.google.com/ads/preferences/) web page.
8.2 Workable Cookie
We use Workable Software Ltd., 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom (“Workable”), to provide all recruitment applications on our website. This allows us to view analytics relating to our current vacancies in order to better optimise the way in which applications are made.
8.3 Behavioural Remarketing
9. Your rights
As a result of us collecting and processing your personal data, you may have the following legal rights:
- To access the personal data we hold about you and request a copy of it;
- To ask us to correct your personal data if it inaccurate or incomplete;
- To ask us to delete your personal data where we do not have a compelling reason to continue to process your personal data in such circumstances;
- To ask us to stop using your personal data in certain circumstances where there is no need for us to continue processing it in certain circumstances;
- To ask us to only use your personal data for certain things if: it is not accurate; it has been used unlawfully; or it is not relevant for the purposes it was initially collected for; and/or
- To ask us to stop using your personal data to send you marketing emails.
If you want to exercise any of the rights listed above at any time, please contact us using the details in section 2 of this policy.
We will respond to all requests that we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful).
10. Making a complaint
You also have the right to make a complaint about how we have used your personal data to:
- Us - by contacting us by email using the details in section 2 of this policy and we will always try to help you with your problem in the first instance.
If you’re still not happy with how we have dealt with your complaint, you can contact:
- A data protection regulator; or
- The national courts – to seek a remedy if you think that your rights in relation to your personal data have been breached.
We may need to change this Privacy Notice as our Services or Website is developed or if the law changes. We will let you know if any important changes are made, otherwise, we will always display the latest version on our Website.