Last updated: June 2023
Data means information stored electronically or in certain paper-based filing systems.
Personal data is any information relating to a person (a ‘data subject’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Cabbells (‘we’) is the data controller of all personal data used by our business for our own commercial purposes.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).
Data processor means a person, public authority, agency or other body which processes personal data on behalf of the controller. Cabbells is also a data processor of personal data used in our business for our own commercial purposes.
2. Our data protection and privacy governance
Cabbells ensures that all staff receive regular training in the concepts and requirements of data protection law. Our staff are expected to embrace the ethos of data protection and privacy laws and to adopt practices in the workplace that reflect the company’s commitment to ensuring that the rights of individuals are respected and protected at all times.
Cabbells' internal policy for data protection requires any products, services or systems adopted by the company (relating in any way to the processing of personal data) to undergo an assessment to establish that they do not contravene the company’s policies and to maintain compliance with the data protection laws.
3. What information do we collect about you?
We will collect and store information about you when you enquire about our services, interact with us as part of a contract (directly or on behalf of your employer): via our website; by telephone; when you email us; write to us or when you meet with us.
This information may include all or any of the following:
Our CRM system is configured to provide for the recording of the following personal information:
In addition, we may have attached to your record in our CRM system:
Your data is likely to be recorded in our Customer Relationship Management (CRM) database system. There may also be emails that you have sent to us (and that we have sent to you) recorded in our CRM system and within our email server database. Some data may also be stored securely in paper form.
Records held within our accounting system will include a history of transactions (including sales orders, invoices and financial status information that relates specifically to your trading history with us). These may be regarded as ‘personal data’ if you are a sole trader or part of a general or limited partnership. See lawful bases table in section 8.
Supplementary information about you
We may supplement the information we hold about you as an individual (if you are a sole trader or part of a general or limited partnership) with information from third parties such as CreditSafe, LinkedIn and other publicly available platforms.
Website use data
When you visit our website, we will collect electronic ID data such as your Internet Protocol (IP) address. We do not use your IP address to identify you personally but these logs may contain unique identifiable information left by your computer.
We collect information about your browsing habits on our websites using ‘cookies’.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our website and to compile statistical reports on website activity. This also saves you from re-entering some information when you return to the site.
A cookie consent pop-up appears on our home page when you first visit it. This enables you to select your preferences for the specific cookies that we use.
We may also record your email address, name and company name in our mass email broadcasting system (which is a secure cloud-based database). See section 8. for lawful bases.
Personal data obtained indirectly
Where is your data being held?
The categories of recipients of this data include our CRM system, hosting providers, our financial systems, our email client and our internal file storage system.
4. How does Cabbells use your personal information?
We use your information for the following purposes:
Most of our marketing communications are broadcast via an email marketing platform. This platform includes an ‘unsubscribe’ link. You may use this link to inform us that you no longer wish to receive email marketing messages from us or you may do this via any one of our contact channels. See section 12.
We may contact you by telephone (via a business phone number where it has been provided, and sometimes via a mobile phone), by post (to your business address or home address – if working from home), by email (via a business email address if you have provided us with one) or by Social Media platform (such as LinkedIn, Facebook or Twitter).
5. Sharing information
We may share your personal information with our commercial partners (for example: email marketing providers, fulfilment houses, market research companies and printers) to fulfil our contract with you or your organisation, to evaluate and improve our products and services and/or for marketing purposes, if you have consented to this.
We will not share your personal details with any other third parties without your permission.
We only transfer data to server locations that are secure and UK GDPR (UK General Data Protection Regulation) compliant. See section 6 for detail on transfers of data outside the UK.
6. Data retention policy
How long do we hold your data for?
We keep your personal data for no longer than is necessary for the purposes for which it is being processed. This is to reduce the risk that it will become inaccurate, out of date or irrelevant.
We ensure that your personal data is securely disposed of when no longer needed or you unsubscribe (in the case of marketing related activities)
The data will be stored in line with our data retention policy for commercial contacts, which is eight years, unless we contact you to confirm that you are still interested in our services.
7. How we protect your personal data
All our database systems are password-protected and access is only afforded to those with a legitimate reason for so doing.
All users are required to have a domain user name and password to authenticate against the security model for access to our databases. A second layer of security, when available, is always used to check the user’s identity – commonly known as two-factor authentication.
Where corporate systems are available to staff via the internet, all web services are secured via SSL/TLS certificate security certificate and all internet data transactions are encrypted as a consequence.
Remote workers are only able to access data services within our corporate network via secure Virtual Private Network (VPN) from trusted devices, or via password protected cloud storage.
We only process (including storing) your data on server locations that are secure and EU GDPR, UK GDPR (UK General Data Protection Regulation) and Data Protection Act 2018 (amended) compliant.
Our CRM, email and accounting databases are all maintained within Google servers in a secure location in the European Union.
We will not share your personal details with any third parties, other than those detailed in section 3, without your express permission.
8. Transfers of data outside the UK
Cabbells relies upon the following: UK GDPR and DPA 2018 (amended) and EU GDPR. We store personal data in the EU. The EC has deemed the UK adequate for data transferred from the EU to the UK. This ensures that your personal data has the same level of protection that it would have in the UK.
In some circumstances we may need to transfer data outside the EU or to an international organisation. If this is the case, we will ensure that safeguards are in place to ensure that data is transferred securely, and we can provide details of these safeguards if required.
We always have signed contracts in place with any organisations (for example, mailing and fulfilment businesses) that we share your data with to ensure that they will keep your data secure and that they comply with the rules and principles of the UK GDPR (UK General Data Protection Regulation), the EU GDPR and the Data Protection Act 2018 which we also operate within.
9. Access to your personal information and how to remove or correct it
We want to ensure your personal information is current and accurate. Please let us know of any changes you wish to make.
How do I find out what information you hold about me?
You have the right to request a copy of the personal information that we hold about you. If you would like a copy of some or all of your personal information, please call us on 0203 6037930, email us at email@example.com or write to us at: Alban Row, 27-31 Verulam Road, St Albans, Hertfordshire, AL3 4DG, UK.
Please include your name, phone number and postcode to validate your request. We will provide the information to you within 30 days of receipt.
There is no charge for this service.
How do I correct any details that you hold about me that are incorrect?
We want to make sure that your personal information, which we hold, is accurate and up to date. You may ask us to correct or remove any information you think is inaccurate. Please email us at firstname.lastname@example.org and include your name, phone number and postcode to validate your request. We will action the requested correction without delay.
How do I remove my details from your database?
To remove your information from our database, just send an email along with your name, phone number and postcode to email@example.com. If we no longer need to hold your personal information for legal, contractual or vital interests’ purposes, we will take action without delay and erase all your information. An email confirmation will be sent to you.
What can I do if I object to your processing my data for marketing purposes?
You have a right to object to us processing your personal data for marketing purposes. You can notify us of this by emailing us at firstname.lastname@example.org. We will stop processing your data as soon as we receive your request.
10. Lawful bases for processing individual, sole trader, limited partnership or general partnership data
If you are an individual (i.e. not part of a corporate organisation), a sole trader or part of a general or limited partnership we may process your data as follows:
*We would rely on your explicit consent to process your personal data for marketing purposes. This means that we ask you for this before we would use your data to send marketing related communications to you or use your data to include your details in a case study, for example.
If you are a member of a corporate organisation including Limited Liability Partnerships (LLPs) we may process your data as follows:
Cabbells is a strategic content marketing agency. We create and deliver content marketing strategies that get results for our clients. To enable us to do this effectively we share relevant articles, commentary on the marketing and business environments, promote relevant Cabbells products and services, share events, news and other information already in the public domain.
We consider that this use of corporate individuals’ data is what you would reasonably expect, has minimal privacy impact and is justified from a commercial interests’ perspective.
Recruitment or applicant data
We actively encourage speculative applications from potential candidates for employment at Cabbells. This personal data will be stored on our email system and storage drives for the purpose of future recruitment for five years, unless requested otherwise. Where you have volunteered ‘sensitive’ data (for example racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; the processing of genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health and/or data concerning a natural person’s sex life or sexual orientation) we will hold this information on file, but it is not required for the purpose of future recruitment.
The processing of your data for a job application will be necessary for the purposes of a legitimate interest (i.e. reviewing your application against a job/vacancy criteria for selection purposes) by us as a potential employer and in order to enter into a contract with you, the data subject, if successful. If you, as an applicant, fail to provide certain information when requested, we may not be able to enter into a contract with you.
The details of unsuccessful candidates in a recruitment process will be held on file for no more than six months, unless we request, and the candidate actively consents, that we may keep these details for future recruitment.
11. Links to other websites
12. If you have a complaint
You have a right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are not satisfied with how we are handling any concerns that you have with your data.
If you are based in an EU member state or an EEA country, you have the right to make a complaint at any time to the relevant supervisory authority in the country where you live.
We would, however, appreciate the opportunity to address your concerns before you approach the ICO or any other supervisory authority so please do contact us in the first instance.
13. Changes to our privacy notice
14. How to contact us
by email: email@example.com, phone 0203 6037930 or write to us at:
Alban Row, 27-31 Verulam Road, St Albans, Hertfordshire, AL3 4DG, UK.