Spanish Marks is committed to protecting the privacy of individuals and to the responsible use of email marketing.
This policy explains how and why we use personal information.
What information do we collect?
If you purchase services from us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email, fax and telephone number of business contacts).
We also collect information if you fill in a form, complete a survey, etc., which may include contact information that we decide to use for marketing purposes (please see ‘Marketing’ below). We do not normally collect sensitive personal data. In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Most of the time this won’t be personal data (for example, we might obtain information about a company’s business and performance), though on occasion we may receive personal data (such as a person’s work email or telephone number, or details of their role within a business).
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- enter into, or perform, a contract with you:
- comply with a legal duty;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these;
- we will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using personal data to the extent necessary to perform our contractual obligations (such as administering their accounts and providing them with services):
- we will never sell your personal data or share it with third parties who might use it for their own purposes;
We may use personal information (such as email addresses) to market and promote our services. To ‘opt out’ of communications or amend your contact details or preferences, please email us at email@example.com.
Information for email recipients
This policy primarily covers how we use data relating to our customers, prospects, website visitors and people who interact with or do business with us. In these cases, we will be the “data controller” for the purposes of data protection law.
We are required by law to hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as data controller.
We will only share data with other entities when legally obligated. In addition to this we also have legal and regulatory obligations to share your data with government bodies (HMRC) or relevant Regulators and we may also disclose your information for fraud prevention purposes.
Please note: We will not under any circumstances share or process your data for any marketing purposes unless you have opted-in for us to do so.
We provide web-based contact form (and application forms) which help us manage and execute permission-based, multi-channel marketing campaigns.
If you have a received an email or other communication sent by us that you believe is spam or in violation of our acceptable use policies, please contact our team at firstname.lastname@example.org.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
We archive most information provided to us by clients as soon as services are ceased, and data will cycle out of long-term backups up to 2 years later. We store logs of outbound emails for up to 12 months after the email is sent for the purposes of handling complaints and compliance monitoring.
We will continue to store limited information about the client (including transaction records) for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the client has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
- the right to have inaccurate data rectified; and
- the right to object to your data being used for marketing or profiling.
If you would like further information on your rights or wish to exercise them, please email email@example.com.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Changes to this statement