Privacy Policy
Last Updated – April 2023, Version 2.4
Who are we?
We are TwentyCi and we are a group of companies that mainly provides marketing services to businesses. (“We”, “Us”).
Our registered companies are TwentyCi Ltd (06943607) and TwentyCi Data Ltd (05672869) and our registered address is 8 Whittle Court, Knowlhill, Milton Keynes, MK5 8FT.
We comply with the relevant data protection regulations and are registered with the Information Commissioners Office under numbers Z9319492 and Z2201604 and we are members of the Direct Marketing Association.
Our Group Data Protection Officer is Colin Bradshaw and can be contacted at the above address, via our contact form or dataprotection@twentyci.co.uk, alternatively by telephone on 01908 829300.
What this privacy policy covers
This policy applies to www.twentyci.co.uk (“website”) and our day to day business operations including recruitment. This policy covers what data we may collect about you, how we use it, your rights and how you can exercise them.
If you have received a marketing message from one of our Clients and would like to know more, this is covered under a different policy, which you can find here.
Any links from our website to third-party sites are not subject to this privacy policy so please make sure you read the privacy policy of those websites before you progress, we cannot accept any responsibility or liability for those third-party websites.
What information do we collect?
- Contact details – This is basic personal data which may include name, email address, telephone number, organisation name & address and your job title.
- Contact history – This is a record of what communications or telephone calls we may have sent or made to you.
- Website Information – If you complete any enquiry form or click on an email we have sent you, we will record that you done so. If you then later engage with any content on our website, we will know that you have done so.
- Tracking – We may track who has opened and clicked the email messages that we send which is at a person level (e.g. we know WHO has specifically carried out this action).
- Video content – If you’re using our video recruitment tool, we will use this content as part of our recruitment process.
Where do we collect your information from, what is our lawful basis for doing so and what is the purpose for the processing?
We may collect your personal information from a range of sources and this table explains them:-
Source | Lawful Basis | Purpose | Retention Period | GDPR Article Reference |
---|---|---|---|---|
Legitimate Interest | Prospecting our goods and services or business networking | For as long as it is relevant and appropriate to keep this information based on role & communications | Article 6(1)(f) | |
ALF (see this page for details on where ALF collect your data from) | Legitimate Interest | Prospecting our goods and services or business networking | For as long as it is relevant and appropriate to keep this information based on role & communications | Article 6(1)(f) |
Trade Shows & Events | Legitimate Interest | Prospecting our goods and services | For as long as it is relevant and appropriate to keep this information based on role & communications | Article 6(1)(f) |
Our Website | Legitimate Interest / Consent / Contract | Prospecting our goods and services, dealing with your enquiry | For as long as it is relevant and appropriate to keep this information based on role & communications | Article 6(1)(f) Article 6(1)(a) Article 6(1)(b) |
General Networking | Legitimate Interest | Prospecting our goods and services | For as long as it is relevant and appropriate to keep this information based on role & communications | Article 6(1)(f) |
Clients (Current / Lapsed) | Legitimate Interest / Contract | Client management, contract delivery & client development | For as long as a customer & then for as long as it is relevant & appropriate to keep this information based on role, communications & contract cycle | Article 6(1)(f) Article 6(1)(b) |
Desk Based Research | Legitimate Interest | Prospecting our goods and service | For as long as it is relevant & appropriate to keep this information based on role & communications | Article 6(1)(f) |
BAR Membership | Legitimate Interest | Prospecting our goods and service | For as long as it is relevant & appropriate to keep this information based on role & communications & BAR membership status | Article 6(1)(f) |
Suppliers (Current / Lapsed) | Legitimate Interest / Contract | Management of supply of goods & services | 7 years post contract termination | Article 6(1)(f) Article 6(1)(b) |
Recruitment | Contract | Recruitment | 36 months | Article 6(1)(b) |
Suppressions / Opt outs | Legal Obligation | To honour your request to opt out of communications | Indefinite | Article 6(1)(c) |
Who do we share your details with?
- Our Group Companies – TwentyCi, TwentyCi Data, TwentyEA, View My Chain, TwentyCi Asia, TwentyConvey.
- Our Service Providers – We may provide your information to third parties who provide systems or services to assist with our business operations. For example, email marketing, CRM system providers, print & mailing house for direct mail campaigns. Where we do employ a third-party data processor this is ALWAYS under a written contract as is required under Article 28 of the GDPR.
- Regulatory Bodies – on rare occasions we may be asked to share your information with regulatory bodies who are investigating a complaint on your behalf.
Do we use Cookies?
Yes, we use two types of cookies on our website which help us to deliver a better website experience: –
- Google Analytics – to help us to understand what pages our visitors are viewing, for how long & how they got there. It does not allow us to identify you as an individual.
- Insights Page (our blog) – these cookies may allow us to identify you as an individual and see what pages and articles you are reading. You can read more about the cookies here.
You can if you wish disable cookies in your Internet Browser.
What are your rights?
Under the data protection regulations, you have a number of rights as the data subject, the following section outlines these rights & how you can exercise them.
- Right to be informed 1. When we collect your information or within a reasonable period after collecting your information, we have to tell you about the collection and use of your information. The information we must provide you with includes, our purpose, lawful basis, retention periods, who we intend to share it with and your rights. 2. We must provide this in plain English.
- Right to access 1. You have the right to request access to the personal data that we process about you. 2. We must provide this free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
- Right to rectification 1. You have a right to have inaccurate personal data rectified or completed if it is incomplete.
- Right to erasure 1. This gives you the right to request that we erase your information from our systems under certain circumstances. 2. This is not an absolute right to have your data erased and can be a bit confusing, for example if you are a supplier of goods and services to us, we need to process your information so that we can pay you. You can read more about when this right applies here. 3. If you have asked us to stop sending you marketing messages, in order to honour this request, we need to maintain a suppression file and we will do this under a legal obligation in line with data protection and PECR regulations – if we did not retain this suppression file, we may collect your data via another source and you may start getting marketing messages again. 4. If we do not believe that we need to comply with your request, we will explain why.
- Right to restrict processing 1. You have the right to request the restriction or the suppression of your personal data, again it only applies in certain cases and is an alternative to the “Right to erasure”. You can read more about this right here.
- Right to data portability 1. This right would be highly unlikely to apply to TwentyCi and the data it holds about you. It would most likely apply in situations like switching banks and utility providers for instance. This right only applies where the following conditions have been met: – 1. you provided the personal data to the data controller (TwentyCi) 2. where our lawful basis (see table above) is based on your consent or contract; and 3. is processed by automated means.
- Right to object 1. You have the right to object to: – 1. Processing which is based on legitimate interest, or the performance of a task in the public interest where there is no overriding justification for the processing of your data. 2. Direct Marketing, including profiling. 3. Processing for purposes of scientific/historic research and statistics.
- Rights related to automated decision making including profiling 1. You have the right to not be subject to a decision based solely on automated decision making which produces legal effects or significantly affects you. You also have the right to request human intervention, express your point of view or obtain an explanation of the decision and be able to challenge it. 2. However, we do not use any automated decision-making processes which have a damaging effect on you.
- Right to complain to a supervisory authority 1. If we have been unable to deal with your complaint to a satisfactory level, you have the right to complain to the Information Commissioners Office (ICO), you can contact them here.
Changes to our privacy policy
We reserve the right to update this Privacy Policy from time to time as appropriate in relation to legislative or our business developments. The “last updated” date will be updated with the date of the last change.