Keeping things transparent.
October 18 2018
Attribute Design Limited (“we”, “our”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use your information in a secure, respective way and provide information about your rights. It applies to personal information provided to us, both by individuals themselves or by others. We may use your information provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
We take great care in handling your personal information we collect because we are committed to securing your privacy. This is done in accordance with data protection laws (including the Data Protection Act (2018), the Privacy and Electronic Communications Act (2003), and other regulatory requirements including The General Data Protection Regulation (GDPR)).
This includes ensuring that personal data we hold is:
- Processed lawfully, fairly and in a transparent way.
- Not processed in a manner that is incompatible with what it was collected for.
- Kept relevant and kept up to date.
- Only retained for as long as it is necessary for the purposes it was collected for.
- Kept securely by ensuring we have appropriate technical and organisational measures to keep data confidential.
About Attribute Design
We are an established UK based marketing and design agency providing services and insights to assist organisations in making smarter decisions in order to engage with customers and prospects.
Our registered office is 12 Chapter House Road, Luton, LU4 0NN and company registered number is 11622073.
We are registered as a data controller with the Information Commissioner Office (ICO) under number ZA704501.
How We Use Information About You
We work with a number of different communities, including:
- Our customers
- Third party/data partners
- HR recruitment
Each community may differ in the way we process your information for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods. However, our policy is to be transparent about how and why we collect and use your information. To find out more about our specific processing activities, please go to the relevant sections of this statement.
This section of our privacy statement describes why and how we collect and use personal data in connection with your account with us.
Collection and Reason for Collection of Personal Data
The exact information we collect may vary based on the service we provide to you. Typically, we need details like:
- Your name so that we know who you are and have a point of contact when required to deal with matters relating to our services
- Your contact details like phone number or email so that we can keep in touch with you about our services and your account
- Your bank account or other financial details so we can manage your payment for our services
- Your marketing preferences to tailor our service to your expectations
- Your account history and notes of previous interactions
We collect your personal data because we need to process your personal information when:
- We are fulfilling our contractual obligations with you;
- We are required by law or in the fulfilling of a legal obligation;
- You have given us permission to use your personal information; or
we have a legitimate interest in processing your information.
Method of Collection of Personal Data
We obtain information about you:
- When you set up your account with us
- When you contact us for any reason
- If you complete an online form, enter a competition or complete a survey
when you contact us by telephone.
- When you use our website
Use of Personal Data
The information that we collect directly from you will be used to:
- Provide you with information about the products and services we offer
- Provide you with a more personalised and relevant service
- Improve our products and services
- Conduct market research
- Suppress details from marketing databases
Keeping Information up to Date
Please tell us as soon as possible if your contact details or other personal information change, or if you think that the information we have isn’t accurate. You can contact us on 01582 349445.
We’ll reply within one month of hearing from you.
Personal data will be retained for as long as we have, or need to keep a record of, a relationship with a business contact, which is for the duration of our relationship with a contact or their organisation. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
Third Parties / Data Partners
This section of our privacy statement describes why and how we collect and use personal data from our Data Partners.
Collection of Personal Data
Consumer and Business Data is collected from carefully selected Data Partners whom have met our due diligence criteria; and our Data Partners and ourselves employ rigorous data testing, including applying proprietary models and algorithms, in effort to maintain the most accurate data. These processes assure proper consideration is given to the individual interests, laws, industry rules, regulations and guidelines and ethical principles that impact our data usage.
We also utilise industry standard suppression files such as the TPS (telephone preference service), MPS (mail preference service), deceased registers and gone away suppression lists.
We process Consumer and Business data under the following lawful grounds depending on what is appropriate for the activity being carried out:
- Consent: the data subject has consented to receiving marketing communications via a specified communication channel for compatible product and services.
- Legitimate Interest: there is a legitimate interest for ourselves and our clients in processing data to provide products and services to consumers through marketing campaigns. On a case by case basis a balancing test is performed to ensure that we balance the potential impact on the data subject and their rights of processing data with the interests of ourselves and our clients.
- Legal Obligation: we may need to process data to fulfil legal requirements. Such as subject access requests (SAR) or suppressions.
- Performance of a Contract: we may need to process personal data to fulfil a contractual obligation.
Consumer prospect data is highly regulated with strict rules and industry best practices in place to protect the rights of the individual. The most common used for marketing communications are consent and legitimate interests.
For Business to Consumer (B2C) postal marketing a balance tested campaign can use personal data (PD) under the legitimate interest basis. For telephone and email communications PECR applies in addition to GDPR and therefore consent is the appropriate basis for processing PD.
The common types of consumer information we hold are listed below, with examples from these general categories:
- Demographics – age, gender, marital status, income, occupation and education
- Behavioural and lifestyle – hobbies, sporting activities, travel preferences, high-tech equipment users and purchasing behaviour
- Census – aggregated to provide general demographic information at a small area level
- Property Information – property type, property value and tenure
- Life events – consumers who have recently moved home or had a baby
From our data sources, as well as calculations and insights from it, we also derive information pertaining to:
- Individual consumers, such as gender, marital status, actual and estimated age range, estimated income, education level, household status (head of household, spouse, elderly parent, young adult) and lifestyle interests (e.g. product ownership, interests and hobbies, travel, charities supported etc.)
- Households, such as property type, whether a household rents or owns a home, the estimated value of a home, length of residence, number of adults, telephone number, presence of children and estimated household income
- Geographic information about individuals and households, such as address, census tract, block group, etc., postal breakdowns (postcode, postal area, etc), census estimated projections
We do not hold sensitive information about you such as: Financial data, Credit scores, Health information, Political preferences, Religious preferences, Sexual preferences, Data relating to children
We do not intentionally obtain or process data relating to children. We and our data partners take all reasonable efforts to ensure that the personal data we hold only relates to individuals aged 18+ and this is reflected in any terms and conditions where data is collected.
Our marketing campaigns to positive businesses are based on the legitimate interest of better personalising and matching the right offers that meet the needs and desires of prospective business customers of our clients. Business always have the option to opt-out.
The common types of business information we hold are listed below:
- Company name, address and telephone number
- Contact Name and Job Function/Title
- Industry type selection: Thomson Directory Classification
- SIC (Standard Industry Code) Classification
- Business turnover
- Small Office Home Office (SoHo) indicator
- Ltd/Non-Ltd indicator
- Age of business
- Commercial MOSAIC
- Method of collection of personal data
Our Data Partners collect a range of information about an individual from different data sources. This includes:
- Government ‘Open’ data e.g. Land Registry
- Consumer surveys and aggregated consumer panel data
- Research and/or historical retail data
- Summarised UK Census information
- Calculations using existing data
- Other authorised data providers, e.g. websites that have permission to share information about visitors
Use of Personal Data
Along with our Data Partners, we process information about you for the following reasons:
- To send you relevant marketing communications with information about the products and services we or they offer.
- To verify and enhance customer and marketing databases.
- To improve relevance through market research, analysis, segmentation and profiling.
- For identity verification, credit and risk management, revenue collection, database tracing activities.
- To unsubscribe you from marketing databases.
The method you are contacted regarding marketing campaigns depends on the contact details we have about you. This includes via post, email, on social media, using online advertising and giving you a call on your landline or mobile phone.
We always try to ensure that the right information is matched to the right offers. You may be contacted by either ourselves or our clients about products or services in one or more of the following sectors:
- Automotive – car dealerships and manufacturers
- Careers and Education – job opportunities, college course details
- Charity – volunteering, events
- Entertainment and Leisure – sporting events, local activities
- FMCG – supermarkets, pharmacies
- Finance – bank accounts, credit cards, loans, mortgages, investments, pensions and savings
- Insurance – car warranties, home insurance, life insurance, pet insurance, private medical insurance, travel insurance, vehicle insurance
- Legal Services – PPI claims, will writing
- Lifestyle – health and beauty, fitness
- Marketing and Surveys – market research, consumer surveys
- Public Sector – local information and services
- Publishing and Media – TV services, magazine subscriptions
- Property – home improvements, estate agencies
- Retail – clothing and fashion, food and drink, home furnishings, online retail
- Telecoms – broadband and internet services, mobile phone contracts
- Travel – airlines, holidays, hotels, travel bookings
- Utilities – electricity and gas providers, solar power, water suppliers, energy saving solutions
This section of our privacy statement describes why and how we collect and use personal data in connection with our recruitment activities. If your application is successful, we carry out pre-employment screening checks as part of our onboarding process. Depending on the role you have applied for, these checks may include criminal records checks.
Collection of Personal Data
We collect a range of information about an individual when they apply for a job with us. This includes:
- Name, address and contact details, including email address and telephone number
- Details of qualifications, skills, experience and employment history
- Information about an individual’s current level of remuneration, including benefits
- Whether or not an individual has a disability that we need to make reasonable adjustments for during the recruitment process
- Information about an individual’s entitlement to work in the UK
- Equal opportunities monitoring information, including information about gender, ethnicity, age, marital status and nationality.
Method of Collection of Information About You
We collect information electronically (or in hard copy) in a variety of ways, including:
- Application forms, CVs or resumes
- From passports or other identity documents
gathered through interviews or other assessment process, such as group exercises
- Case studies, online tests or personality questionnaires.
Use of personal data
We process information about you for the following reasons:
- To comply with our legal obligations. For example, we’re required to check a successful applicant’s eligibility to work in the UK before we employ them.
- To promote our legitimate interest in processing personal information during recruitment, and keeping records of the process. Processing personal information from job applicants enables us to manage the recruitment process, assess and establish a candidate’s suitability for employment and decide who to offer a job to.
- Health information is processed if we need to make reasonable adjustments to the recruitment process for candidates with a disability, fulfilling our obligations so a candidate can exercise specific rights in relation to equality legislation.
- Special categories of personal information is processed, such as ethnicity, it’s for equal opportunities monitoring with the explicit consent of job applicants – which can be withdrawn at any time.
- For some roles, we’re obliged to seek information about criminal convictions and offences. We do this because it’s necessary for us to carry out our obligations and exercise specific rights in relation to employment.
We’ll only request this information after an offer has been made and accepted.
We won’t use an individual’s personal information for any purpose other than the recruitment exercise for which they’ve applied.
Sharing of Personal Data
For the purposes of the recruitment exercise personal information will be shared internally with members of the HR department, our recruitment partners and hiring managers. We won’t share personal information with third parties, unless an individual’s application for employment is successful and we make a formal offer of employment.
If an individual’s application for employment is unsuccessful, we’ll hold personal information for six months after the end of the relevant recruitment process. At the end of that period, or when an individual withdraws their consent, we’ll securely delete or destroy the information. If an individual’s application for employment is successful, personal information gathered during the recruitment process will be transferred to the individual’s personnel file and kept during employment. We’ll notify the individual how long we’ll hold their information in our formal privacy notice and data protection policy.
Whenever we use information about you, you have the following rights.
Right to access (what information we have)
You can ask us for a copy of the information we hold about you. You can also ask us for details of what we use the information for, who we share it with, how long we’ll keep it for and where we got it from.
Right to rectification (ensuring we have the correct information)
You can ask us to rectify any incorrect information we hold about you, or update any incomplete information.
Right to deletion (if you want to be forgotten)
You can ask us to delete the information we hold about you. This right applies in certain circumstances, such as when we hold information we no longer need, or when you originally consented to us holding information about you but have changed your mind.
Right to object (stopping us using information about you)
You can ask us to stop using your information, including direct marketing. Please note that in some situations this right does not apply, for example, where we have a legal obligation to do so. If you gave us consent to use your information, you have the right to withdraw this at any time.
Right to restriction (suspending the use of information about you)
You can ask us to stop using information you have queried while we deal with your query.
Right to data portability
You have the right to request a copy of the information you have given to a company under a contract or with your explicit consent. The copy must be provided to you in a structured, commonly used and machine-readable format.
Please note that our relationship with our domestic and wholesale customers is based on legislation, not a contract or consent, so the right does not apply in this case.
If you’d like to put any of your rights into effect, please contact the Data Protection Officer. We’ll respond within one calendar month of receiving your request.
Opting Out of Marketing
We always try to make sure we get the right message to the right person, however if you feel that we haven’t then you can let us know at any time by going to https://www.attribute-design.co.uk/contact and entering your information.
By completing this form and informing us you wish to unsubscribe, we will remove your information from our marketing database. We’ll do this by adding your details to our suppression file, which we will only use to delete your details from our marketing database. We may need to keep some details relating to order history, transactional information and signed agreements.
We also recommend and use the following industry wide services where you can opt out from targeted marketing.
- Postal Marketing – You can opt out of postal marketing by registering with the Mail Preference Service (MPS) at http://www.mpsonline.org.uk. This service is administered by the Direct Marketing Association and recognised by the ICO.
- Telephone Marketing – You can opt out of all telemarketing activity by registering details with the Telephone Preference Service (TPS) at http://www.tpsonline.org.uk. This service is administered by the ICO.
- Email Marketing – You should always review privacy policies and marketing opt-in check boxes when registering for services or purchasing products online. Where unwanted email marketing is received, you should unsubscribe or use email filters to prevent future communications.
Disclosure of Personal Information
We may disclose your information to third parties in the following circumstances:
- If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective buyer or seller.
- If Attribute Design or its assets are acquired by a third party, in which case personal information held by us will be transferred.
This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Securing and Storing Your Information
We are committed to protecting the security of your personal information. We use a range of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure. We store your personal information on secure servers located in UK based data centres with limited access which are ISO 27001 certified and PCI compliant.
As some of our clients operate outside the European Economic Area (EEA), your personal information may be transferred to and stored at a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or third-party partners. We will only transfer personal data outside the EEA once appropriate contractual and transfer mechanisms are in place.
We will retain your information for as long it is valid, accurate and up to date or until such time that you unsubscribe directly with us in accordance with our retention policy.
If you wish to disable cookies, then you can do so by adjusting your browser settings.
We also collect IP addresses from form submissions (registration or contact forms for example) and in this case we will only use this data for identifying and restricting spam or robot submissions to our website.
Performance – Cookies that help us analyse how our website and services are doing and how we might improve them.
If you’re dissatisfied with how we’ve used information about you, you can complain to our Data Protection Officer. We hope you won’t need to, but if you do, we will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Information Commissioner’s Office (“ICO”) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the ICO website.
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
You also have the right to pursue the issue in court.
Contact our Data Protection Officer
Call: 01582 349 445
Mail: Data Protection Officer, Attribute Design Ltd, 12 Chapter House Road, Luton, LU4 0NN UK