Last updated: 18 May 2018
How We Use Your Personal Information
This document sets out how Bluestorm collects and uses your personal information. This includes information that you supply to us and plus other data that we learn by having you as a client.
Bluestorm are committed to the protecting your right to privacy and to ensuring the security of any personal information that we hold.
We will not sell your data to any third party. We will only hold information that is relevant to our work with you or prospective professional relations.
Bluestorm is certified by the Government-backed Cyber Essentials which demonstrates our commitment to the security of your data and the defence against potential cyber-attacks.
Who We Are
1 Redcliff Road
Melton Business Park
01482 649343 (9am - 5.30pm, Monday - Friday)
Your Legal Rights
You are protected under law to ensure that we only use your personal information when there is a valid, legal reason for us to do so. We must fulfil one of the following criteria:
- Contractual obligation
- Legal duty
- Legitimate interest
- You have given your explicit consent
Legitimate interest is when we have a valid business reason to process your data. However, this must not go against your interests and should be within what would generally be considered acceptable and fair.
Other areas of the law cover sensitive personal information, none of which we will collect - e.g. ethnic origin, sexual orientation.
Outside of these areas, the only other situations we would process your personal information in would be:
- For reasons of public interest
To establish, exercise or defend legal claims
Types Of Data
The data we hold will include, but may not be restricted to, one or more of the following:
- Work address
- Work email
- Personal email (if supplied by you)
- Work telephone number
- Personal telephone number (if supplied by you)
- Work mobile number
- Personal mobile number (if supplied by you)
- Job title
- Correspondence history
Service history (what we have supplied to you)
How We Collect Data
We may collect data from you via any of the following sources:
- Data that you give us (via contact forms, emails, telephone conversations etc)
- Data we purchase from reputable data companies for the purpose of prospecting
- Recommendations from other companies
Publicly available information available through the internet.
How Long Do We Store Your Data For
We will keep your data:
On our internal systems
- As long as you are an active client
- For an appropriate length of time to facilitate future enquiries you may make
Within our website CMS
- For 6 months following a contact form submission
We keep your data to allow us to keep in contact with you for any ongoing work and to allow us to contact you regarding any prospective work and updates about Bluestorm.
As a client of Bluestorm we may add your work email address, and any other that you give us your consent to use, to our e-marketing list.
These newsletters will only contain information regarding our work at Bluestorm and will not contain any other content, paid or otherwise, from any third party.
You can unsubscribe from this at any point by following the link at the bottom of any of the e-marketing emails or by contacting us directly via firstname.lastname@example.org or through any of the methods detailed at the beginning of this policy.
We use Campaign Monitor for the processing of e-marketing campaigns. Full details of Campaign Monitor’s security can be found here: https://www.campaignmonitor.com/trust/security/
Keeping Our Records Up-To-Date
We actively seek to ensure that all of the data we hold is current and up-to-date. However, if you believe that we are holding inaccurate data about you, please inform us and we will look to rectify this as quickly as possible.
If you would like to know what personal information we hold on you, please contact us and we will supply it to you without undue delay.
Similarly, please inform us if you would like us to delete any personal information that we hold on you.
Cookies are little files of data that are stored on your computer or handheld device, used by websites in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).
Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or what’s in your shopping basket.
This website does not store any information that would, on its own, allow us to identify individual users of this service without their permission. Any cookies that may be used by this website are used either solely on a per session basis or to maintain user preferences.
Cookies are not shared with any third parties.
If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of the website. You can block cookies by going into your browsers control panel/preferences.
You can opt-out of sending information to Google Analytics by installing the Google Analytics opt-out browser add-on.
How We Process Data Supplied By clients
Beyond the data we hold ourselves, we will often handle data supplied to us by clients to process on their behalf for specific reasons.
In all cases, Bluestorm will act as a Data Processor acting under the direct instruction of the client, the Data Controller.
Processing of personal data on behalf of clients
The client shall at all times comply with all Data Protection Laws in connection with the processing of Protected Data.
The client shall ensure all instructions given by it to Bluestorm in respect of Protected Data (including the terms of this Agreement) shall at all times be in accordance with Data Protection Laws.
The client shall indemnify and keep indemnified Bluestorm against all losses, claims, damages, liabilities, fines, sanctions, interest, penalties, costs, charges, expenses, compensation paid to Data Subjects, demands and legal and other professional costs (calculated on a full indemnity basis and in each case whether or not arising from any investigation by, or imposed by, a supervisory authority) arising out of or in connection with any breach by the client of its obligations.
Bluestorm will only process personal information in accordance with a contracted agreement except where otherwise required by applicable law (and shall inform the client of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest); and
If Bluestorm believes that any instruction received by it from the client is likely to infringe the Data Protection Laws it shall promptly inform the client and be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing.
Taking into account the state of technical development and the nature of processing, Bluestorm shall implement and maintain the technical and organisational measures to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.
Bluestorm will inform the Data Controller of any sub-processors which are to be used so that an agreement can be put in place prior to any processing being carried out.
Bluestorm will (at the client’s cost) assist the client in ensuring compliance with the client’s obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the processing and the information available to Bluestorm.
We will also assist in responding to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data.
Bluestorm shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the United Kingdom or to any international organisation without the prior written consent of the client.
Bluestorm shall notify the client without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.
At the end of the provision of the Services relating to the processing of Protected Data, at the client’s cost and the client’s option, Bluestorm shall either return all of the Protected Data to the client or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Bluestorm to store such Protected Data.