Privacy Policy
Introduction
The privacy and security of your information is extremely important to us. This policy is intended to give you a clear view of what data we collect, how we use it, how long we keep it for and how we get rid of it, so you can be confident in submitting data when dealing with us.
We’ll keep this page updated to show you what we do with your personal data. This policy applies to you if you visit our website, use any of our services, email us, contact us or visit our premises.
We will never sell your personal data and we will only share it with other organisations we work with to deliver the services we provide where they have shown they’ll respect your privacy and security.
Who are We?
Throughout this document when you see the words ‘us’, ‘we’ and ‘our’ this is referring to Indigo (PR) Ltd, trading as Indigo.
We are a limited company, registered in Scotland, our registration number is SC179499 and our registered office is 27 Maritime Street, Edinburgh, Scotland, EH3 6AJ. Our place of business is 27 Maritime Street, Edinburgh, Scotland, EH6 6SE.
Our ICO Data Controller registration number is Z7890156
We are a communications company offering media and public relations, public affairs support, event management and other communication services. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.
If you have any questions regarding this privacy policy you should contact The Data Protection Officer, Indigo, 27 Maritime Street, Edinburgh, EH6 6SE.
What Personal Data do we collect?
Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address. We will sometimes need to collect this information. We will only collect the personal data we need.
We collect data in connection with projects we might be working on, services you have hired us to deliver or projects we are working on with others.
You can give us personal data in various ways. You can submit personal data through forms on our website, in person, by phone, by email or you can visit our premises.
This personal data may include name, title, address, date of birth, age, gender, employment status, email address, phone numbers, personal description, photographs, usernames, passwords, databases.
Personal Data that is provided by you
This data includes information you give us when interacting with us, for example, you filling out a contact form, a Needs Analysis form, registering as a client with us, placing an order or communicating with us. For example :
- Personal details – name, address, phone number, email address and so on
- Financial details – bank name, bank address, bank account number and SORT code
- Technical information used in projects – usernames, passwords, databases, concepts, logos, documents, spreadsheets and so on
- Personal Data created by your involvement with us
Your activities and involvement with us will generate personal data being created. This could include project details, documentation and so on.
During the course of delivering our communications services, we will generate a great deal of personal data. Depending on the project, we may be generating company branding, personas, designs, websites, login systems, membership platforms, e-commerce systems, database systems and content management systems.
How we use your Personal Data
We will only use your personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulation/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purposes of carrying out our business a communications company, in a transparent manner, in accordance with any preferences you express.
Below we have listed the main uses of the data we collect from you:
- Projects – We deliver communication services. If you have hired us to provide these services, we will need to collect personal data from you to carry out these services. This may include name, address and phone number, but also more technical data like databases, usernames and passwords.
- Accounting – We are required by law to keep accurate and up to date accounts of our business transactions. When you interact with us you may be added to our accounting system.
- Marketing – We occasionally run marketing campaigns. We will always ask for your consent before sending you any marketing material.
- Recruitment and Employment – If you become employed by us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include but is not limited to health information or information relating to criminal convictions. As employers we have sets of responsibilities to your data. We have contractual responsibilities which arise from our contract of employment with you, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring. Internally, we also have management responsibilities, which are necessary for the functioning of the business. This includes data relating to employment, training, absence, disciplinary matters, email and phone number.
Disclosure of Personal Data to other bodies
In order to carry out the day-to-day running of our business and fulfil the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers.
These other bodies may be sub-contractors, systems we use including web designers, photographers, event management partners and Xero our accounts package.
How can I change my preferences?
You can contact us at any time to change or discuss your privacy preferences. Contact us using the details below:
Call us: 0131 554 1230 (hours are 9.00am to 5.30pm Monday to Friday)
Write to us:
Data Protection Officer
Indigo
27 Maritme Street
Edinburgh
EH6 6SE
Email us: admin@indigopr.com
Your Rights under GDPR
Under the GDPR, where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes. Please contact us using the details above if you would like to do this.
Subject Access Requests
If you would like to make a Subject Access Request, further information is available at https://ico.org.uk Please note, there is no charge for making this request, although you will be asked to verify your identity. We will respond within 30 days of receiving your request and verifying your identity.
What to do if you’re not happy
Please contact us in the first instance if you feel unhappy regarding any issues around the use of your personal data. We would welcome the opportunity to resolve any problem or query you have. You also have the right to contact the Information Commissioners Office (ICO). You can contact them via their website here: https://ico.org.uk
Keeping your information
If you have submitted any information through our website form, we will keep this data for 30 days, then automatically delete it from our website and website database. We keep email data and project files for 7 years, keeping us in line with any potential audit by HMRC where we may need to produce evidence of work carried out. You can read more about how we store and delete your personal data by viewing our data retention policy and data deletion policy below.
How we secure your data
Information systems and data security is imperative to us to ensure that we are keeping your data safe. We operate and implement robust procedures for managing your data, the hardware it is present on. We only host your personal data with suppliers who have confirmed that they take your personal data security as a priority and we regularly assess these suppliers as the threat landscape changes.
Staff are given mandatory annual, information security training.
Internally we utilise password managers so your passwords can be shared securely, we use and enforce strong passwords and where we store your data we encrypt it if possible and make sure that the suppliers we use have robust attitudes to privacy and data security.
Disclosure of Information
Sometimes, when working on projects, we have to share your data with sub-contractors or other people working on the project. When we are sharing the data, we will always do so in such a way that access can be revoked again.
Who will see your data?
When you submit your data to us, we might disclose it to parties as part of our normal project workflow. These parties may include:
- Our employees
- Contractors we work with
- Service providers providing services to us
- Advisors
- Agents
We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.
Storage of Information
Indigo is based in the UK and as such, the majority of our hosting services are also based in the UK. Some of the other data storage services we use are located in the European Union region. We do not collect or store payment information and we do not transmit your data outside the European Union.
Changes to this policy
We will amend this privacy policy from time to time, ensuring that it stays up to date. Please visit our website to keep up with any changes we make. The most up to date version will always be posted on our website.
This privacy policy was last updated on 25th May 2018.