This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Magdalen Marketing Agency as well as the data provided from our clients. In collecting this information, we are acting as a data controller and a data processor and, by law, we are required to provide you with information about our organisation, including why and how we use your data and the rights you have over your data.
Changes to the data protection law
From the 25th of May 2018, we will be processing your personal data in accordance with the General Data Protection Regulations (GDPR). Up until that point, we will continue to process your personal data in accordance with the existing Data Protection Act 1998 (DPA). This notice is written to comply with both the DPA and the GDPR.
Information we may collect from you
You may give us information about you by filling in forms on our site Magdalen Marketing Agency or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to our service, and participate in discussion boards or other social media functions on our site. It also includes when you enter a promotion or survey, during the course of any other activity commonly carried out on our site and when you report a problem with our site. The information you give us may include (but not be limited to) your name, address, email address, phone number, personal description, job history, qualifications and photographs.
With regard to each of your visits to our site we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plugin types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers). We also collect information on the methods used to browse away from the page and any phone number used to call our customer service number.
Personal data requested may also contain “special category data” as defined in the GDPR and this may include racial or ethnic origin, sexual orientation and health (ie. whether you are registered disabled). You can decide whether you wish to share this information with us. Not sharing this information does not prevent you from registering or using our services.
Where else may we get your data from?
Our Client’s Databases
As part of our service, we may obtain your personal details from our clients. As part of our internal processes, we may receive personal information recorded on data spreadsheets. This information is then uploaded to a third party emailing system. Once uploaded, after required messages have been sent out, this data is then deleted from both our system and any external systems used. If you require us to remove the information completely, we can delete all email chains that include this data.
Why do we collect this information?
We collect information about you in order to send out appropriate marketing that is tailored to your interests.
In addition, we sometimes use the anonymous personal data (with all personal identifiers removed) for the purposes of research, industry trend reporting and for our own planning purposes and future developments.
Where we store your personal data
Protection of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data through the use of security measure like the use of an SSL certificate, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, including all necessary technical and organisational measures to protect your data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing.
What do we do with your information?
The personal information you provide helps us to provide tailored advice and opportunities depending on your preferences. Our aim is to provide you with only content relevant to you. You may unsubscribe to these emails or change your profile information at any time either via the site or through the link provided at the bottom of each email.
To be more specific, your information may be used in one or more of the following ways:
- For the facilitation of any legal obligations or defend any court actions that we may have.
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure.
- To communicate with you in the delivery of our services including client opportunities, sponsored events or employer sponsored competitions.
- Notify you of any changes to terms and conditions or policy changes.
- To help us improve our services and its delivery to you.
- Conduct market research activities.
- Provide you with relevant advice and career options relevant to you.
- To allow you to better engage with the interactive and personalised services on our websites and systems.
- In an aggregated and anonymised form, use the data to plan new products, manage our relationship with our clients, and also improve existing products.
- Facilitate any social media sharing functionality and authentication.
- Resolve complaints and data access requests in accordance with data protection law.
Additionally, information we receive from other sources may be combined with information you give to us for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Although usage will be limited to the original purpose for which we obtained your data unless we have your consent otherwise.
We may share your information with selected third parties including:
Business partners, suppliers, clients and subcontractors for: (1) the performance of any contract we enter into with them or you or (2) the purpose of sourcing your employment or engagement with a third party.
Information may also be used in the following ways:
- Analytics and search engine providers that assist us in the improvement and optimisation of our site may receive your information.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Magdalen Marketing or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Automated processing and profiling
We use the information you provide to make automated decisions solely in the capacity of delivering you content based on your stated preferences.
Legal basis for processing your data
The legal basis for processing under GDPR is outlined below:
Candidate personal data held by us
Contractual necessity (Article 6(1)(b)), legitimate interest (Article 6(1)(f)) and consent Article 6(1)(a)
Client or employer related personal details held by us
Contractual necessity (Article 6(1)(b)), legal obligation (Article 6(1)(c) and legitimate interest (Article 6(1)(f))
It may be necessary for us to process your data in order to fulfil a contract with you. Such as the case of a Client or Supplier we may need to process your personal data for the purpose of fulfilling out contractual obligation with regards to the service or product delivery.
We may also process your data when it is in our legitimate interest to do so and theprocessing does not impact on any of your data protection rights. Our legitimate interests include:
- Ensuring the security and integrity of our services and ensuring that our systems such as websites work properly;
- Selling and supplying services to our clients;
- Protecting clients, employees and other individuals (including yourself) and maintaining their safety, health and welfare;
- The promotion, marketing and advertising our products and services;
- Sending promotional communications tailored to your preferences from our clients in relation to your career;
- Understanding our client’s and your behaviour, activities, preferences, and needs to deliver a better quality and custom experience;
- Improving existing products and services and developing new products and services;
- The handling client and your contacts, queries, complaints or disputes; and
- Fulfilling our duties to our clients, yourself, colleagues, shareholders and other stakeholders.
You have the right to object to the processing of your data under legitimate interest should you feel that such legal basis is not warranted or feel that it overrides any of the rights that you may have.
How long we keep your information for
Personal information such as email addresses: for a maximum of 6 months
Employer/client related personal details: For the length of our relationship with you plus 6 years (Limitation Act (1980) in case the case where there may be a dispute. Some information may be required to be retained longer due to legal obligations (eg. HRMC).
Your rights over your information
You have the right to not have your personal data processed for unrelated marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes, and obtain your consent.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
For emails from us you can stop receiving these by clicking the unsubscribe link in the emails sent or change your preferences.
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate.
You can also ask us to give you a copy of the information and to stop using your information for a period of time if you believe we are not doing so lawfully.
To submit a request by email, post or telephone, please use the contact information provided above.
In addition to the above you have the following rights under GDPR:
- The right to ask what personal data is held, which is free from the 25th May 2018.
- The right to ask to update and correct any out of date or incorrect personal data that we hold free of charge.
- The right to erasure of personal data where consent is the only legal basis for processing and that consent has been withdrawn.
- The right to data portability in the sense that personal data provided directly by the data subject is exportable in an open format like CSV where the legal basis for processing is based on either contract or consent.
- The right to restrict or object to the processing of your personal data where:
You contest the accuracy of the personal data and the accuracy needs to be verified;
You object to the processing under legitimate interest ground and consideration needs to be made whether our legitimate interest overrides that of the individuals;
The processing was unlawful and you request restricted processing over erasure;
You can withdraw consent at any time where consent has been relied upon. If consent is the sole legal basis for processing, we will stop processing the data after the consent is withdrawn. The data will then be placed in a restricted processing mode until you have asked to exercise your right to erasure or the personal data falls outside stated retention period (whichever comes first).
Our communications with you
We will periodically communicate with you by email, post, telephone or device notifications for the purposes of delivering our services to you. The legal purpose for which is under the legitimate interest provision under both GDPR and the Privacy and Electronic Communications Regulations (PECR).
However, should you be concerned about the content of these communications (such as unwanted marketing communications or simply want to change the way we communicate with you please log into your profile on the relevant website and change your preferences, or use the relevant unsubscribe link. Alternatively you can contact us by telephone or letter at the details provided above.
You may contact us for any of the described purpose above. Our main address is:
Oxford Marketing Agency
Suites D + E
The Lion Brewery
St Thomas Street
Oxford OX1 1JG
You can contact us by post at the above address, or by via email at firstname.lastname@example.org or by telephone on +441865 688 777.
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above asking for the person responsible for data protection.
Changes to this privacy notice
Your right to complain
If you have a complaint about our use of your information you can do so with the relevant supervisory authority within the EU to which you are a resident, whom may refer the complaint to the UK supervisory authority.
Complaints in the UK can be made to the Information Commissioner’s Office via their website at www.ico.org/concerns or write to them at:
Information Commissioner’s Office