Updated March 2019
Introduction and general terms
This policy covers services provided by Tonic Creative Business Partners Limited (“Tonic”, “we”, “us” or “our” in this policy). Tonic is a business consultancy working with creative businesses and agencies (“client” or “clients” in this policy).
Tonic is committed to protecting and respecting your privacy. This policy explains the basis on which personal information we collect from you will be processed by us. Where we decide the purpose or means for which personal data supplied by you is processed, we are the “data controller.” We will comply with all applicable data protection laws, including the General Data Protection Regulation 2016/679.
This policy explains the following:
- What personal information we may collect about you
- Grounds for processing
- Who we share your information with
- How we will use that information
- Who we may disclose that information to, and
- Your rights regarding the information
WHY DO WE COLLECT YOUR DATA?
We only use your data for business-to-business purposes for outreach and marketing purposes. We may contact you about a product or service, event, responding to an enquiry or contacting you about matters requiring your attention.
WHAT INFORMATION WILL TONIC COLLECT ABOUT YOU?
We collect and process the following personal information: name, gender, company address, telephone number, e-mail address, job title.
The majority of the personal information we collect about you comes from publicly available online information. We may also collect information on the phone or face-to-face.
We may also collect information about your behaviour when you receive emails (e.g. whether you read the email, open it and forward it on to third recipients). We collect this through our e-marketing platform.
GROUNDS OF PROCESSING
On some occasions, Tonic processes your data with your consent. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Generally Tonic processes your personal information based on legitimate interest and when these interests are not overridden by your data protection rights. We will connect with businesses that may benefit from our products or services and therefore have a legitimate interest in contacting these relevant businesses.
Necessary to fulfil a contract
Tonic may process your data when we need to do this to fulfil a contract with you.
Necessary because of a legal obligation
Tonic may process your data to comply with our legal and regulatory obligations, e.g.
preventing, investigating and detecting crime, fraud or anti-social behaviour and
prosecuting offenders, including working with law enforcement agencies.
We may share your information with the following:
Access to personal information is restricted to those individuals and partners who have a need to access the information for our business purposes.
We may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Change of circumstances
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email, account message and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
HOW WE WILL USE INFORMATION ABOUT YOU?
We use various forms of marketing to provide you with promotional materials about our services and products.
Consumer Control & Opt-Out Options
If you do not wish to receive promotional or other marketing material from us please contact us using the above email address.
Your rights in relation to personal data THAT we process relating to you
You have the following rights over the way we process personal data relating to you. We
aim to comply without undue delay, and within one month at the latest. To make a request,
please contact us using the above email address.
Ask for a copy of the data we are processing about you and have inaccuracies updated
You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected.
We will use reasonable efforts to the extent required by law to supply, correct or delete
personal information held about you on our files (and with any third parties to whom it has
been disclosed to).
Object to us processing data about you
You can ask us to restrict, stop processing, or to delete your personal data if:
you request Tonic to stop processing the personal data;
- Tonic no longer needs to process that personal data for the reason it was collected;
- Tonic is processing that personal data because it is in the public interest or it is in order to pursue a legitimate interest of Tonic, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;
- the personal data was unlawfully processed; or
- you need the personal data to be deleted in order to comply with a legal obligation.
Make a complaint to a Supervisory Authority
If you are unhappy with the way we are processing your personal data, please let us know. If you do not agree with the way we have processed your data or responded to your concerns, you have the right to lodge a complaint with the Information Commissioner's Office. Further information, including contact details, available at https://ico.org.uk
We review the personal data we store every two years. If the data is still correct, we will keep it. If it is out of date at this stage, we will remove it. We typically retain your data for ten years to satisfy our regulatory obligations.
Tonic is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
Our security measures include:
- Regular review of information collection
- Restricted access of data to employees, contractors and agents. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
INTERNATIONAL DATA TRANSFERS
We will notify you of any changes to this policy by email, notice on the website or account message.