This Privacy Notice sets out how we handle the Personal Data of our customers, prospective customers, suppliers, employees, prospective employees, candidates, workers and other third parties.
This Privacy Notice applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, candidates, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. This Privacy Notice sets out what we expect in order for the Company to comply with applicable law. Compliance with this Privacy Notice is mandatory. Related Policies and Privacy Guidelines may be available to help interpret and act in accordance with this Privacy Notice. Any breach of this Privacy Notice may result in disciplinary action.
It is important to point out that we may amend this Privacy Notice from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here.
This Privacy Notice is effective from 16th May 2018.
2. Who We Are
We are The Lead Supply and we are committed to using direct email marketing to boost the UK economy and help businesses grow. For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR"), we are the data controller.
We are registered in the UK as a Limited Company. Please see our details below:
Registered office address:
148 Westgate, Wakefield, West Yorkshire. WF2 9SR
Data Controller Representative:
3. Why This Privacy Notice Is Important
New data protection laws came into Europe called the General Data Protection Regulations (GDPR), they came into force on 25/May/2018 in the UK and the EU. GDPR broadens the scope of personal data. Data controllers must to be more transparent about processing.
If your business is listed on the database we use, we must tell you what personal data we hold, why we hold it and what we do with it.
4. Why we collect personal data
The Lead Supply collects personal data about our clients, employees and prospective customers to provide our lead generation services. It also enables us to fulfil our obligations arising from any contracts entered into between a client / employee and us - and to notify them about changes to our service. It can also be used to trace individuals, verification and / or validation of the identity of individuals for the purposes, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification. When contacting anyone for the above purposes we may do so by phone, post, email or other electronic means, unless you tell us otherwise.
We also collect information to provide us with a better understanding of the users of our website as a group, but this does not contain personally identifiable information. Personal data is also collected by a third party contact centre on our behalf. This enables us to:
- Promote our client’s goods and services which include direct marketing;
- Provide our clients with leads to enable them to grow their business
- Provide members of the database with information, products or services that they request from us or which we feel may interest them;
5. The data that we hold
For clients and prospective customers we hold the customer name, job title, registered business address, company telephone number, and company industry classification. We occasionally will hold a home address and home contact telephone number but only with their consent. For employees we may also include some personal data such as date of birth, home address and contact telephone numbers. We may also hold the following data:
- When we are contacted, we may keep a record of that correspondence
- Where we ask an individual to complete surveys that we use for research purposes although they do not have to respond to them
- Details of transactions a client may carry out to fulfil their orders
- Emails received including, but not limited to traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise.
The databases used to generate leads for our customers will typically include:
- Contact name
- Contact job title
- Contact job role and function
- Contact email address
- Contact telephone number
- Demographic and classification information about the business (SIC Code)
- The business address and postcode
- The IP Address they connect from
- The “User Agent” reported by the browser they are using
- Their preferences to receive further marketing communications from us
The GDPR classes the name as personal data. The email address, if it includes your name, is also classed as personal data. The telephone number may also be classed as personal data.
6. What is our legal basis to process personal data for our email campaigns?
The GDPR lists six lawful bases for processing data. "Legitimate Interest" for "direct marketing" is the lawful basis we use for the processing we carry out. This is covered in the GDPR.
We have assessed our and our clients’ business interests in carrying out marketing activities and we have carefully considered the impact the collection and use of personal data could potentially have on individuals’ rights. The databases we use contain business data, which is used to promote business in the UK and such activities are unlikely to affect the fundamental rights and freedoms of individuals concerned. We have therefore concluded that the most appropriate lawful ground for the processing of personal data is our and our client’s legitimate interests.
The ICO say companies using this basis should conduct a "Legitimate Interests Assessment" (LIA), and we have done this. The LIA balances your rights and our interests. The ICO consider direct marketing as having a relatively low risk of causing harm, where their guidance is adhered to.
7. What is the data source?
Your details will have been obtained from several sources. These include: directly from yourself, Companies House, call centres, third parties, and online resources. Data in the public domain is also collated. You may ask us for the data specific to your records in the form of a Data Subject Access Request.
8. Your right to object and your right to rectification.
You have the right to object to the processing of your personal data that we carry out. The quickest way to do this is to use the unsubscribe link contained in the emails we send you. If you wish, you can email us your objection - please see the details below.
The ICO "For the public" website has helpful information about your rights and how to exercise them.
9. How is data retained and stored?
We collect and store personal data for the purpose of our business database. As such, we will only retain your personal data for as long as we believe it is up-to-date, i.e. as long as it is associated with a business that is included in our database. We verify our data periodically and if we learn that you are no longer involved with a business that is in our database, we will remove your data from our records.
All information about you will be stored on secure servers.
The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and the European Economic Area (“EEA”). It may also be processed by staff operating outside the UK or the EEA who work for us or for one of our suppliers. We will take all steps reasonably necessary to ensure that any personal data transferred outside the UK or the EEA is treated securely and in accordance with the applicable data protection laws.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
10. What are your rights?
You have the right to:
- Request to see the personal data we hold about you. This includes the right to obtain a confirmation as to whether or not we process any of your personal data;
- Request that we correct any inaccuracies in the personal data that we hold on you;
- From May 2018, in certain circumstances you may have the right to be forgotten (i.e. to have your personally identifiable data deleted). In many cases we would recommend that we suppress you from future communications, rather than data deletion;
- In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage;
- Request that we do not process your personal data for direct marketing and that we will keep your contact details to ensure that no further contact is made;
- Object to our processing of your personal data if we are relying on legitimate interest as the lawful ground for processing; and
- Request the transfer of any personal data you have provided to us to a different organisation.
If you have any concerns or complaints about our privacy activities, you can contact us on firstname.lastname@example.org
k. You can also contact the Information Commissioner’s Office on 0303 123 1113 (www.ico.org.uk