This privacy notice provides you with details of how we collect and process your personal data through your use of our sites www.thegraygency.com .
The Graygency is the data controller and we are responsible for your personal data (referred to as “we”, “us”, or “our” in this privacy notice).
If you need to email us about anything related to this privacy notice, you can email us at firstname.lastname@example.org or you can write to us at Dalvænget 11, Hinnerup 8382, Denmark.
If any of your personal information should change (e.g. when you have got a new job and changed email address, moved house or changed your name) please email us after you have enjoyed a celebratory drink at the email address above and let us know how it has changed. From time to time we may email you to check that the personal data we hold for you is accurate and up to date.
- WHAT PERSONAL DATA WE COLLECT ABOUT YOU
We may collect the following data about you:
- Your name
- Your email address
- Your address
- Your Phone number
- Your date of birth
- Your business name
- Your financial details
- Any personal data you post on our website
- Technical data such as your IP address, your login details, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the amount of times you use our website, your time zone and other technology on the devices you use to access our website.
- Your marketing and preferred methods of communication.
- Any other information that you directly provide, whether it is through a contact form on our site, over the telephone, by mail or when you participate in one of our competitions or surveys.
- Photographs from events
- Credit information from third parties.
- HOW WE MAY USE YOUR DATAWe will use your data in order to:
- Process financial transactions to enable you to purchase our goods our products or services.
- Send you customer communications about improvements we have made to products or services you have bought
- Enable us to perform a contract with you and process orders, respond to your questions about products and orders. Reply to any correspondence you make about our product range or the services we offer
- Send you marketing communications where we are allowed by law to do so
- Personalise your browsing experience on our websites
- Monitor the use of our website and online services
- Ask you to complete surveys or invite you to enter competitions or prize draws
- Keep records of orders placed and correspondence in relation to such orders
- Keep records of communications
- Analyse your use of our website and online services
- To aid the administration and protection of our business and website
- Deliver relevant website content and advertisements to you
- Understand the effectiveness of our advertising
- Bring legal claims against you if you breach a contract or fail to make a payment.
- Comply with any legal obligations we are subject to or as required by a government authority
- Obtain or maintain our company insurance policies
- Manage the running of our business
- To seek out professional advice
- OUR LAWFUL GROUND OF PROCESSING
Under the General Data Protection Regulations, we can only legally process your personal data if we have a lawful ground for doing so.
Below we will inform you what we consider to be our lawful grounds:
- In relation to customer data that we have gathered from you when you have placed an order with us that we need to fulfill the contract, inform you of any product or service updates and to keep a record of the contract. We need to process the data for the purpose of performance of the contract that you are subject to and for our legitimate interest of informing you about updates to the product or service, record keeping and to establish, pursue or defend legal claims as responsible business operations
- When you enquire about our products, services through our website or through other methods and we process the information in order to reply to your enquiry and keep records of this, the processing is necessary to carry our your request before we hopefully enter into a contract and for our legitimate interest in keeping records on the off chance we have to establish, pursue or defend any legal action.
- In relation to Prospect Data we have gathered when you have signed up for any of the wonderful free resources we giveaway. We need to process the information to send you the resources designed to help your business, to reply to any of your correspondence or feedback and to keep records for our business.
- In relation to marketing data we have obtained when you told us your marketing preferences, when you gave us permission to send you details of our products and services, for the purposes of us sending you marketing communications, enabling you to participate in our promotions such as competitions, giveaways and prize draws, to deliver interesting web content and ads to you and to measure and understand how well we are advertising. The processing is necessary for our legitimate interests which in this case are to study how customers and users use our products/services in order to develop them and grow our business and shape our marketing strategy in the future. In short so we can do our job better.
- In relation to User Data we have gathered through cookies and our website or other online services for the purposes of running our website, ensuring you are delivered relevant content and to make sure our website is safe, we also need to maintain backups of our website and databases to ensure our website and other online services run correctly.
The processing is necessary for the purpose of our legitimate interests which in this case are to enable use to properly administrate our website and business
- In relation to all kinds of technical data (that includes data about your use of our website an digital services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the device you use to access our website).
- We process this data to analyse your use of our web and online services and to administrate and protect our business and webpage. We also use it to deliver interesting web content and ads to you and to measure and understand how well we are doing and how we can do better.
Our lawful ground for this processing is our legitimate interest, in this case it is to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
- We are also required to process some data as a legal requirement by government authorities, this processing is necessary for compliance with legal obligations which we as a business are subject to.
- In relation to keeping records, this processing is again a legal obligation we are subject to, as a business it is in our legitimate interest to process this information for running our business and also on the off chance we have to establish, pursue or defend any legal action.
- As a business we know a lot about digital marketing, but we do not know everything about everything. Sometimes we seek professional advice or services. We need to process your information in this respect as a legitimate interest to protect and grow our business.
We do not collect any sensitive data about you, we do not need to know anything about your race, ethnicity, religious, political or philosophical beliefs, sexual orientation or information about your health. We treat everybody the same (with a smile and a desire to help you improve).
We do not collect any information about criminal convictions or offences
And we do not carry out any automated profiling
- HOW WE COLLECT OUR PERSONAL DATA
We may also receive data from publicly available sources such as companies house and the electoral register based inside the Eu.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to make our business better).
Under the privacy and electronic communications regulations, we may only send you email or text marketing communications if you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving communications since. Under these regulation, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.
We are unlikely to every share your personal data with any third party for their own marketing purposes, however if we are ever going to do this we will get your express consent.
You can ask us our third parties to stop sending you marketing messages at any time by emailing us at email@example.com we also have UNSUBSCRIBE buttons on the bottom of all our emails.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions such as purchases, warranty registrations etc.
- DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, accountants, auditors and insurers.
- Government bodies that require us to report processing activities or otherwise disclose your personal data.
- Market researchers and fraud prevention agencies.
- Third parties to whom we sell, transfer or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within our group of companies which involves transferring your data outside the European Economic Area.
We are subject to the provisions of the GDPR that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
We may transfer your personal data to countries that the European commission have approved as providing an adequate level of protection for personal data by, or
- If we use US-Based providers that are part of EU-US Privacy shield, we may transfer data to them, as they have equivalent safeguards in place, or
- Where we use certain services providers, who are established outside of the EEA, we may use specific contracts or codes of conducts or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorization. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legal required to.
- DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes , if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, I, Financial and transactional data) for 6 years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information continually without further notice.
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation top your personal data that include the right to request to correction, erasure, restriction transfer, to object to processing to portability of data and (where the lawful ground of processing is consent to withdraw consent.
You can see more about these rights at.
If you wish to exercise any of your rights as set out above, please contact firstname.lastname@example.org.
You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if the request is clearly unfounded, repetitious or excessive or refuse to comply with your requests in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security protocol to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within a 30-day window. Occasionally it may take us longer than 30 days if your request is complex or we have received multiple requests at once. In this case we will be the first to notify you of any delay.
If you are unhappy with any aspect of how we collect and use your data you have the right to complain to the ICO, the supervisory authority for data protection issues (www.ico.org.uk) We would be grateful if you would inform us prior to contacting the ICO as we would prefer to resolve it for you.