LEGAL AGREEMENT

Welcome to The Indigo Website (the “Site”). Indigo provides this Site as a service to its customers. Please review the following basic rules that govern your use of our Site (the “Agreement”). Please note that your use of our Site constitutes your agreement to follow and be bound by these terms. If you do not agree to these terms, please do not use this Site. Although you may “bookmark” a particular portion of this Site and thereby bypass this Agreement, your use of this Site still binds you to the terms. Indigo may revise this Agreement at any time. You may wish to visit this page periodically for revised terms of use.

SITE CONTENTS
Unless otherwise noted, all materials, including images, illustrations, designs, photographs, streaming and video content and written and other materials that are part of this Site (collectively, the “Contents”) are copyrights, trademarks, trade dress and/or other intellectual property owned, controlled or licensed by Indigo. The Site content is protected by copyright and trade dress, all worldwide rights, titles and interests in and to which are owned by Indigo. This Site and all its Contents are intended solely for personal, non-commercial use. You may download or copy the Contents and other downloadable materials displayed on the Site for personal use only. No right, title or interest in any downloaded/copied materials or software is transferred to you as a result of any such activity. You may not reproduce (except as noted above), publish, transmit, distribute, display, modify, create derived works from, sell or participate in any sale of or exploit in any way,in whole or in part, any of the Contents, the Site or any related software.

USER FEEDBACK POLICY AND OTHER SUBMISSIONS
All comments, suggestions, ideas, and other submissions disclosed, submitted or offered to Indigo on or via this Site or otherwise disclosed, submitted or offered in connection with your use of this Site (collectively, the “Comments”) are property of Indigo. Communication, submission or offering of any Comments shall constitute an assignment to Indigo of all worldwide rights, titles and interests in all copyrights and other intellectual properties in the Comments. Thus Indigo will own exclusively all such rights, titles and interests and shall not be limited in any way in its use, commercial or otherwise, of any Comments. Indigo is and shall be under no obligation (1) to maintain any Comments in confidence; (2) to pay to user any compensation for any Comments; or (3) to respond to any user Comments. You agree that no Comments submitted by you to the Site will violate any right of any third party, including copyright, trademark, privacy or other personal or proprietary right(s). You further agree that no Comments submitted by you to the Site will be or contain libelous or otherwise unlawful, abusive or obscene material. You are and shall remain solely responsible for the content of any Comments you make.

LINKS TO OTHER WEB SITES AND SERVICES
This Site may contain links to other websites not controlled by Indigo. Indigo has no responsibility for the linked websites nor does it necessarily endorse any linked websites. Indigo provides links solely for the convenience and information of its Site users.

DISCLAIMER
Indigo provides the materials on this site “as is” without warranties of any kind, either express or implied, including without limitation, warranties of title, implied warranties of merchantability, fitness for a particular purpose or non-infringement of intellectual property. Indigo disclaims any duty to update or revise the materials on this site, although Indigo may modify the materials at any time without notice. By your use of this site, you acknowledge that your use is at your sole risk and that you assume full responsibility for all costs associated with all necessary servicing or repairs of any equipment you use in connection with your use of this site. You further acknowledge that Indigo shall not be liable for any damages or any kind related to your use of this site.

INDEMNIFICATION
You agree to defend, indemnify and hold Indigo harmless from and against any and all claims, damages, costs and expenses, including legal fees, arising from or related to your use of the Site.

MISCELLANEOUS
Unless otherwise specified, this Site and the Contents thereof are displayed solely for the purpose of promoting Indigo products and services. This Site is controlled and operated by Indigo.

Privacy Policy

Introduction

The privacy and security of your information is extremely important to us. This policy is intended to give you a clear view of what data we collect, how we use it, how long we keep it for and how we get rid of it, so you can be confident in submitting data when dealing with us.

We’ll keep this page updated to show you what we do with your personal data. This policy applies to you if you visit our website, use any of our services, email us, contact us or visit our premises.

We will never sell your personal data and we will only share it with other organisations we work with to deliver the services we provide where they have shown they’ll respect your privacy and security.

Who are We?

Throughout this document when you see the words ‘us’, ‘we’ and ‘our’ this is referring to Indigo (PR) Ltd, trading as Indigo.

We are a limited company, registered in Scotland, our registration number is SC179499 and our registered office is 27 Maritime Street, Edinburgh, Scotland, EH3 6AJ. Our place of business is 27 Maritime Street, Edinburgh, Scotland, EH6 6SE.

Our ICO Data Controller registration number is Z7890156

We are a communications company offering media and public relations, public affairs support, event management and other communication services. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.

If you have any questions regarding this privacy policy you should contact The Data Protection Officer, Indigo, 27 Maritime Street, Edinburgh, EH6 6SE.

What Personal Data do we collect?

Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address. We will sometimes need to collect this information. We will only collect the personal data we need.

We collect data in connection with projects we might be working on, services you have hired us to deliver or projects we are working on with others.

You can give us personal data in various ways. You can submit personal data through forms on our website, in person, by phone, by email or you can visit our premises.

This personal data may include name, title, address, date of birth, age, gender, employment status, email address, phone numbers, personal description, photographs, usernames, passwords, databases.

Personal Data that is provided by you

This data includes information you give us when interacting with us, for example, you filling out a contact form, a Needs Analysis form, registering as a client with us, placing an order or communicating with us. For example :

• Personal details – name, address, phone number, email address and so on
• Financial details – bank name, bank address, bank account number and SORT code
• Technical information used in projects – usernames, passwords, databases, concepts, logos, documents, spreadsheets and so on
• Personal Data created by your involvement with us

Your activities and involvement with us will generate personal data being created. This could include project details, documentation and so on.

During the course of delivering our communications services, we will generate a great deal of personal data. Depending on the project, we may be generating company branding, personas, designs, websites, login systems, membership platforms, e-commerce systems, database systems and content management systems.

How we use your Personal Data

We will only use your personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulation/UK Data Protection Act and Privacy of Electronic Communication Regulation.

Personal data provided to us will be used for the purposes of carrying out our business a communications company, in a transparent manner, in accordance with any preferences you express.

Below we have listed the main uses of the data we collect from you:

• Projects – We deliver communication services. If you have hired us to provide these services, we will need to collect personal data from you to carry out these services. This may include name, address and phone number, but also more technical data like databases, usernames and passwords.
• Accounting – We are required by law to keep accurate and up to date accounts of our business transactions. When you interact with us you may be added to our accounting system.
• Marketing – We occasionally run marketing campaigns. We will always ask for your consent before sending you any marketing material.
• Recruitment and Employment – If you become employed by us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include but is not limited to health information or information relating to criminal convictions. As employers we have sets of responsibilities to your data. We have contractual responsibilities which arise from our contract of employment with you, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring. Internally, we also have management responsibilities, which are necessary for the functioning of the business. This includes data relating to employment, training, absence, disciplinary matters, email and phone number.

Disclosure of Personal Data to other bodies

In order to carry out the day-to-day running of our business and fulfil the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers.

These other bodies may be sub-contractors, systems we use including web designers, photographers, event management partners and Xero our accounts package.

How can I change my preferences?

You can contact us at any time to change or discuss your privacy preferences. Contact us using the details below:

Call us: 0131 554 1230 (hours are 9.00am to 5.30pm Monday to Friday)

Write to us:

Data Protection Officer

Indigo

27 Maritme Street

Edinburgh

EH6 6SE

Email us: admin@indigopr.com

Your Rights under GDPR

Under the GDPR, where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes. Please contact us using the details above if you would like to do this.

Subject Access Requests

If you would like to make a Subject Access Request, further information is available at https://ico.org.uk  Please note, there is no charge for making this request, although you will be asked to verify your identity. We will respond within 30 days of receiving your request and verifying your identity.

What to do if you’re not happy

Please contact us in the first instance if you feel unhappy regarding any issues around the use of your personal data. We would welcome the opportunity to resolve any problem or query you have. You also have the right to contact the Information Commissioners Office (ICO). You can contact them via their website here: https://ico.org.uk

Keeping your information

If you have submitted any information through our website form, we will keep this data for 30 days, then automatically delete it from our website and website database. We keep email data and project files for 7 years, keeping us in line with any potential audit by HMRC where we may need to produce evidence of work carried out. You can read more about how we store and delete your personal data by viewing our data retention policy and data deletion policy below.

How we secure your data

Information systems and data security is imperative to us to ensure that we are keeping your data safe. We operate and implement robust procedures for managing your data, the hardware it is present on. We only host your personal data with suppliers who have confirmed that they take your personal data security as a priority and we regularly assess these suppliers as the threat landscape changes.

Staff are given mandatory annual, information security training.

Internally we utilise password managers so your passwords can be shared securely, we use and enforce strong passwords and where we store your data we encrypt it if possible and make sure that the suppliers we use have robust attitudes to privacy and data security.

Disclosure of Information

Sometimes, when working on projects, we have to share your data with sub-contractors or other people working on the project. When we are sharing the data, we will always do so in such a way that access can be revoked again.

Who will see your data?

When you submit your data to us, we might disclose it to parties as part of our normal project workflow. These parties may include:

• Our employees
• Contractors we work with
• Service providers providing services to us
• Advisors
• Agents

We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.

Storage of Information

Indigo is based in the UK and as such, the majority of our hosting services are also based in the UK. Some of the other data storage services we use are located in the European Union region. We do not collect or store payment information and we do not transmit your data outside the European Union.

Changes to this policy

We will amend this privacy policy from time to time, ensuring that it stays up to date. Please visit our website to keep up with any changes we make. The most up to date version will always be posted on our website.

This privacy policy was last updated on 25^th May 2018.

Data Retention and Deletion Policy

This policy sets out clear information on how long data and documentation is retained for by Indigo.

Throughout this document when you see the words ‘us’, ‘we’ and ‘our’ this is referring to Indigo (PR) Ltd, trading as Indigo.

We are a limited company, registered in Scotland, our registration number is SC179499 and our registered office is 27 Maritime Street, Edinburgh, Scotland, EH3 6AJ. Our place of business is 27 Maritime Street, Edinburgh, Scotland, EH6 6SE.

Our ICO Data Controller registration number is Z7890156

We are a communications company offering media and public relations, public affairs support, event management and other communication services. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.

If you have any questions regarding this privacy policy you should contact The Data Protection Officer, Indigo, 27 Maritime Street, Edinburgh, EH6 6SE.

Administration

Indigo collects Personal Data to carry our business as a communications company. The administration of this data is overseen by the directors of Indigo. Any data collected will only be used for the purpose it was gathered for.

Suspension of Record Disposal

There may be certain occasions where information needs to be preserved beyond the limits set out in this policy. These situations may include, but are not limited to:

• Legal proceedings or a regulatory (or similar) investigation
• A crime is suspected or detected
• Information is relevant to a company in liquidation where a debt is due to Indigo

The administrator will take immediate steps to promptly inform all affected parties if a suspension occurs.

Data Categories and Retention Schedule