Avondale Privacy Policy and Data Protection Notice

About Avondale

Avondale Corporate Ltd (“Avondale”), a company registered under Company Number 06938460 and whose registered office is at 168 Shoreditch High Street, London, E1 6RA. Avondale wants to collect and use personal information fairly and transparently. We will only use your data for our own marketing purposes in order to provide you with useful and timely information that is relevant to your job role and business objectives.

To us, fairness is:

  • using information in a way that people would reasonably expect
  • thinking about the impact of our processing and if it will have unjustified adverse effects on you or your business
  • ensuring that you understand how we intend to use your data
  • giving you the freedom and opportunity to express your data preferences to us
  • abiding by your preferences

By providing personal information to Avondale, in any of the ways described in this policy, or by entering into a contract with Avondale that requires such processing, the Subject is agreeing that they accept this privacy policy and that Avondale is authorised to process it.

What information do we collect, with your consent?

We may collect and hold the following personal data:

Name
Organisation
Job title
Address of employment
Home address
Phone Number
Mobile number
Email Address

Security: Where and how is data held?

Avondale makes use of a number of third party organisations and software applications to store and sychronise data. This is for the purposes of maintaining and recording our direct communication with new business prospects, sending out marketing communications and delivery of marketing services to our clients.  Whilst the following list is not intended to be exhaustive, Avondale typically only transfers the personal data relating to our clients where required, for the activities set out below, to the following third parties or Data Processors:

System/Software Function Data Server
Salesforce CRM and Marketing Activities Salesforce use Amazon Web Services (AWS) to host Salesforce online and mobile services. Amazon is responsible for the encryption process on their server and they hold a Comodo SSL certificate.

https://www.onepagecrm.com/security 
SharePoint Secure File Storage SharePoint is hosted by Microsoft. All personal data will be protected through Office365 security.

https://www.microsoft.com/en-gb/security
MailChimp Email Marketing Platform MailChimp have certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks.

https://mailchimp.com/about/security/
iDeals VDR Secure data room provider iDeals has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability.

https://www.idealsvdr.com/privacy
WPEngine Website Hosting https://wpengine.co.uk/legal/
Google Analytics Website and Campaign Metrics Google own and operate data centres around the world in order to keep their products running efficiently.  They adhere to the EU-US and Swiss-US Privacy Shield Frameworks for data compliance.
Google Adwords PPC Campaigns https://privacy.google.com/businesses/compliance 
Xero Accounting and Payroll Xero stores customer data with hosting provider Amazon Web Services to host their online and mobile services – but are not certified with Privacy Shield. Instead, they rely on a combination of measures to ensure compliance with EU data export rules, including Model Clauses.

https://www.xero.com/uk/about/security/

Avondale will update this list from time to time as our systems and operations evolve and inform you accordingly.

How do we look to use your data?

Avondale is the sole owner of any data you provide us.  We only look to use your data to inform you of our products, services and let you know how we can help your business.

Data collected is only used for our own marketing purposes and for delivery of services to our Clients. We do not share, sell or pass any data on to third parties for marketing purposes.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including the basis of legitimate interest
To register you as a new client (a) Identity

(b) Contact

 Performance of a contract with you
To process and deliver the services to you including:

 

(a) Supply of free publications and other insight materials to you which we reasonably believe are relevant or that you may select

 

(b) Invoicing and payment schedules

 

(c) To meet our specific commitments described in a contract with you

 (a) Identity

 

(b) Contact

 

(c) Financial

 

(d) Transaction

 

(e) Marketing and Communications

 (a) Performance of a contract with you

 

(b) Necessary for our legitimate interests (to manage the payment schedule)

 

(c) Necessary for our legitimate interests to undertake direct marketing activities (to develop our products/services and grow our business)
To manage our relationship with you which will include:

 

(a) Notifying you about changes to our terms or privacy notice

 

(b) Asking you to leave a review or take a survey

 

(c) Updating you on the progress of services based on a contract with you

 

 (a) Identity

 

(b) Contact

 

(c) Profile

 

(d) Marketing and Communications

 

 

 (a) Performance of a contract with you

 

(b) Necessary to comply with a legal obligation

 

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to keep you updated on progress of services)
To enable you to partake in:

  • Avondale surveys

 

  • Provide feedback on our services to you

 

  • Becoming, with your consent, a reference source for Avondale

 

 (a) Identity

 

(b) Contact

 

(c) Profile

 

(d) Usage

 

(e) Marketing and Communications

 (a) Performance of a contract with you

 

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

 

(c) Necessary to comply with a legal obligation
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

 

(b) Contact

 

(c) Technical

 (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

 

(b) Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you (a) Identity

 

(b) Contact

 

(c) Profile

 

(d) Usage

 

(e) Marketing and Communications

 

(f) Technical

 

 Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

 Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity

 

(b) Contact

 

(c) Technical

 

(d) Usage

 

(e) Profile

 Necessary for our legitimate interests (to develop our products/services and grow our business)

To maintain data accuracy and ensure the correct use of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with GDPR. Data is stored on servers within the EU, or on Amazon Web Servers certified under the EU-US Privacy Shield.

How do we notify you if there is a security breach?

In the event of a security breach that may affect you, we’ll notify you of the breach, provide a description of what happened and later report the action we took in response.

How is personal data collected and recorded by Avondale?

When you give your personal data to Avondale we will process that data in accordance with our responsibilities under the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003. GDPR Regulations (May 2018) and other relevant legislation.

Avondale collects and records data in the following ways:

Events: When we meet you face to face and we share contact details/exchange business cards and follow up with an email – which is explicit in requesting your consent to be added to our database.

Website: When visitors subscribe to our newsletter or download information we retain personal data that is input at the time of subscription.

Cookies: Used to help us understand your preferences based on previous or current site activity. Please see our cookie policy https://avondale.co.uk/cookie-policy for further details.

Telephone or Email Enquiries: We will ask you at the time of enquiry if you are happy for us to retain your details for our marketing purposes. We provide you with the opportunity to unsubscribe to email communication.

Client Contracts:  We will record our clients details and they will also have the opportunity to opt out of marketing communications.

List Brokers: We will only purchase lists from suppliers who are GDPR compliant, and who can assure us that every contact has opted-in to receive information on relevant products and services.

Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources (like Companies House subscription directories as set out below:

  • Technical Data from the following parties:

(a)    analytics providers such as Google based outside the EU;

(b)    third party acquirer networks such as Deal Nexus Intralinks based inside or outside the EU; and

(c)    search information providers such as Google based inside or outside the EU.

  • Identity and Contact Data from M&A and/or Company Data providers or aggregators such as Pitchbook or Dunn and Bradstreet based inside or outside the EU.
  • Identity and Contact Data from publicly available sources such as Companies House based inside the EU.
  • Identity and Contact Data from referral partners based inside the EU.
  • Identity and Contact Data from Data Contractors using publicly available sources such as directories or websites based inside or outside the EU.

This is information we receive about you if you use any of the other websites we operate or the services we provide. In the case of services that we provide to you, we will inform you at the first point of contact with you, if we intend to share those data internally and combine it with data collected on this site. Similarly, we will also inform you at the first point of contact for what purpose we will share and combine your data.

Your preferences are updated on our CRM system – manually with verbal requests, and automatically with ‘unsubscribe’ requests via our email platforms, Mailing Manager and Pardot.

By interacting with Avondale as defined in this policy, the Subject provides their consent for the transfer and use of their data by our Data Processors and their Data Sub-Processors which Avondale believe will enhance service delivery and customer relationship management activities.  No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event, the security provisions will be compliant with the applicable Data Protection Laws.

We may monitor, record, store and use telephone calls:

  • for staff training purposes, helping us to improve the quality of our customer service and to ensure the information we provide is consistent and accurate;
  • for reporting on the types and numbers of enquiries we receive;
  • to check instructions given to us.

We understand your personal information is important and we are committed to protecting your privacy.  Any information you disclose will be for Avondale use only and unless agreed otherwise with yourselves in advance will not be passed to any third party.

We will disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller of such business or assets.
  • If Avondale Corporate Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of Avondale Corporate Limited, our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Disclosures of your information

You agree that we have the right to share your personal information with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
  • Selected third parties, including:
    • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
    • analytics and search engine providers that assist us in the improvement and optimisation of our site;
    • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

We will disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller of such business or assets.
  • If Avondale Corporate Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of Avondale Corporate Limited, our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How do we contact you?

Our marketing communication is via email, direct mail (post), telephone and at events.  You have the right to opt out of any of these communication channels.

How do we record and hold your data preferences over time?

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law and to satisfy our professional indemnity requirements, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for example for tax purposes, client’s request, other questions or queries regarding past service provision etc.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Every piece of communication will provide you with the option to opt out or to be removed from our database altogether.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase, product/service experience or other transactions.

By providing this constant opportunity to update your preferences, we can be confident that we are only sending communications to those who are actively interested in our service offering.  Please be assured that we would never want to be considered a nuisance to you, or for our contact to result in a complaint.

Updating, Accessing or Enquiring about your data

You have the right to ask us not to process your personal data for marketing purposes.  We will usually inform you (before collecting your data) if we intend to use your data for such purposes.  You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by clicking the unsubscribe link provided on our marketing emails.

Under Data Protection Laws, Data Subjects can make certain choices in relation to how their personal data is processed.  These include whether your personal data is disclosed to third parties, and preferences regarding the frequency, subject matter, and/or format of communications. Data Subjects or any other concerned parties wishing to discuss matters relating to data protection, such as: Subject Access Request; concern over accuracy of collected data; or enquiries regarding a possible data breach or security incident, please email dataprotection@avondale.co.uk or write to:

 

Data Protection Officer
Avondale Corporate Ltd
Chapter House
33 London Road
Reigate
Surrey
RH2 9HZ

 

The email address is monitored within working hours and you should receive a reply within 2 working days.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

No fee usually required

You have the right to access information held about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If we do not hear otherwise from you, we will assume that the information you provide to us is accurate and up-to-date and we will continue to use the information to send you any communications we think are of use to you.