Privacy Policy
This Privacy Policy applies only to your use of our Site.
What data do we collect?
- For Clients and Prospective Clients:
- Contact Information: Name, job title, email address, phone number.
- Business Information: Company name, address, financial details for invoicing.
- Marketing Preferences: Preferences for communication and campaign targeting.
- For Website Visitors:
- Technical Information: IP address, browser type, operating system, and device identifiers collected via cookies or similar technologies.
- Behavioural Data: Pages visited, time spent on our website, and referral sources.
- For Employees and Contractors:
- Employment Data: Bank details, National Insurance number, performance records.
- Sensitive Data: Health information (for statutory reporting or reasonable adjustments).
How do we collect personal data
Direct Interactions: When you contact us, complete forms, or engage in our services.
Automated Technologies: Via cookies, tracking pixels, and analytics software on our website.
Third Parties: From public databases, referrals, or social media platforms when you interact with our content.
Security and third party data
We use three third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the current legislation. These third parties are EU-U.S Privacy Shield compliant.
- Google for analytics and remarketing
- Mailchimp for mailing list subscription and removal
- Facebook for remarketing
We will also report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Purpose and legal basis for processing
Purpose | Legal Basis |
Delivering contracted services | Performance of a contract |
Marketing communications (opt-in only) | Consent |
Analytics to improve user experience | Legitimate interests (with anonymisation where feasible) |
Regulatory compliance (e.g., HMRC) | Legal obligation |
Protecting against fraud or misuse | Legitimate interests |
Cookies
- Essential Cookies: Required for website operation.
- Performance Cookies: Collect anonymised data for analytics.
- Marketing Cookies: Used for retargeting and tracking ad performance.
- Managing Cookies: You can control cookie settings through your browser or visit https://illuminatedigital.co.uk/cookie-policy/
We use Google Analytics (GA) to track website user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records user data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address but Google does not grant us access to this. GA makes use of cookies, details of which can be found on Google’s developer guides. We use Google AdWords Remarketing to advertise trigger across the Internet. AdWords remarketing will display relevant ads tailored to you based on what parts of the TriggerApp website you have viewed by placing a cookie on your machine. The cookie is used to say “This person visited this page, so show them ads relating to that page.” Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
We also use the Facebook pixel to determine people who have visited our site and use this for remarketing purposes. Facebook Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
Disabling cookies on your internet browser will stop GA and Facebook from tracking any part of your visit to pages within this website.
Sharing and disclosure of data
Trusted Service Providers:
- IT infrastructure providers (e.g., cloud hosting).
- Marketing software platforms (e.g., email automation).
Legal or Regulatory Requirements:
- Disclosure to HMRC, ICO, or other authorities when mandated.
Client Collaboration:
- Sharing campaign performance data when working collaboratively with other agencies.
All third-party providers undergo a rigorous due diligence process to ensure compliance with data protection laws.
Data retention policy
Client Data: Retained for six years after the conclusion of services, in line with tax record requirements.
Marketing Data: Retained until consent is withdrawn or five years after last interaction.
Employee Data: Retained for seven years post-employment, unless legal obligations require longer.
Your rights
Right to Access: Request a copy of your data and supplementary information.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your data (subject to lawful limitations).
Right to Restrict Processing: Limit the ways your data is used.
Right to Data Portability: Transfer data to another organisation in a structured format.
Right to Object: Opt out of direct marketing or processing based on legitimate interests.
Right to Withdraw Consent: At any time, where processing relies on consent.
Right to Complain: File a complaint with the Information Commissioner’s Office (ICO).
Security Measures
Technical Measures:
- Data Encryption: AES-256 for storage; TLS 1.3 for transmission.
- Access Control: Multi-factor authentication (MFA) and role-based permissions.
- Regular Audits: Biannual penetration testing and vulnerability assessments.
Organisational Measures:
- Employee Training: All staff undergo annual GDPR training.
- Incident Response Plan: Established procedures for breach detection, containment, and reporting.
- Data Minimisation: Only essential data is collected and processed.
Data breach management
In the unlikely event of a data breach:
Detection: Continuous monitoring identifies anomalies.
Containment: Systems are isolated, and affected parties notified immediately.
Reporting: Breaches involving personal data are reported to the ICO within 72 hours.
Prevention: Post-incident reviews ensure updated controls and training.
We employ industry-standard security measures to safeguard your data
Technical Measures:
- Data Encryption: AES-256 for storage; TLS 1.3 for transmission.
- Access Control: Multi-factor authentication (MFA) and role-based permissions.
- Regular Audits: Biannual penetration testing and vulnerability assessments.
Organisational Measures:
- Employee Training: All staff undergo annual GDPR training.
- Incident Response Plan: Established procedures for breach detection, containment, and reporting.
- Data Minimisation: Only essential data is collected and processed.
Updates to this policy
This policy is reviewed whenever signifcant changes occur. The latest version will be available on our website.
Contact Information
- Data Protection Officer: Jo Phipps
- Email: josephine@illuminatedigital.co.uk
- Address: Hartfield Crescent, London, SW19 3RZ
If you believe we have failed to address your concerns, you may lodge a complaint with the ICO at www.ico.org.uk.