This policy was last updated: 31/03/2020
Date to be reviewed: 01/04/2021
This policy explains how IMC Social will handle the privacy of your information. We are committed to maintaining robust privacy protections for all our users. We will take the necessary steps to ensure that users information is safeguarded and kept in accordance with all applicable laws and regulations.
What information do we collect?
The information that you provide us with may be collected and processed by us in accordance with the Data Protection Act 1998 and subsequent legislation.
Information you provide to us
We have a ‘Contact Us’ page which enables you to email us. We require you to complete the fields for your name, phone number, email and business name, so that we can contact you and provide details of our services to you, as well as deal with general company enquiries. Data collected is held on the grounds of being for legitimate business interests or to fulfil a contractual obligation.
If you do not proceed with any order your details will be deleted in accordance with our data retention policy.
We may use social media to engage with users and the IMC Social website links to our social media pages. We do not keep any specific data that identifies an individual user but hold details of our followers on these platforms.
When you visit our website, the server collects IP addresses to provide security and prevent brute force or malicious attacks. These IP addresses are not linked to any other personal data.
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The legal basis is article 6, section 1, clause 1 a, GDPR.
The only required information for sending the newsletter is your e-mail address. Entering additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.
You can revoke your consent to the transmission of the newsletter at any time and unsubscribe from the newsletter. You can declare the cancellation by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details stated in the legal notice.
We use the external service provider Mailchimp as a processor for the transmission of the newsletter. We have concluded a separate data processing agreement with the service provider to ensure the protection of your personal data. More information about Mailchimp can be found on the website https://mailchimp.com/legal/privacy/
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services to users and as permitted by law.
Third Party Payment Processor
Use of external tools on our website
We have integrated various tools from different companies into our website, which allow us to evaluate user behavior or to establish links with other websites.
The controller has integrated the component Google Analytics (with anonymisation function) on this website.
Google Analytics is a web analytics service. Web analysis is the gathering, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
As IP anonymisation is activated on our website, your IP address will be shortened by Google within Member States of the European Union or other states in agreement with the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by a Google server in the USA. On behalf of the operator of the website, Google will use this information to evaluate your use of the website, compile reports on website activity and to provide further services related to website and internet use to us. The IP address transferred through your browser to Google Analytics will not be combined with other data held by Google.
In addition, this website uses the Analytics feature UserID to track interaction data. This User ID will be additionally anonymised and encrypted and will not be linked with other data.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Further information and Google‘s applicable privacy regulations can be found at https://policies.google.com/privacy?hl=en and https://marketingplatform.google.com/about/ The following link provides a further explanation of Google Analytics https://marketingplatform.google.com/about/.
Our website also uses Google Analytics performance reports relating to demographics and interests and reports on Google Display Network impressions. You can disable Google Analytics for display advertising and customize the ads on the Google Display Network by visiting the ad settings at this link: https://adssettings.google.com.
Google Tag Manager
This website uses Google Tag Manager. Through this service so-called website tags can be managed centrally via a user interface. Google Tag Manager only implements tags. No cookies are used and no personal information is collected.
However, Google Tag Manager will not access these data. If deactivation has been implemented for certain domains / websites or cookies, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
Facebook Tracking Pixel
With your consent, we will use Facebook’s “tracking pixel”. This pixel can be used to track user behavior after they have been redirected to our website by clicking on a Facebook and / or Instagram ad. This allows us to record the effectiveness of Facebook and Instagram advertisements for statistical and market research purposes and, if necessary, to take optimisation measures. The tracking of users who have landed on our website after clicking on one of our Facebook and Instagram ads can remain active up to 180 days.
The data collected in this way is anonymous for us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we will inform you to the best of our knowledge.
Facebook may connect this data to the Facebook account and also use it for its own advertising purposes, according to its data usage policy.
If you want to disable cookie storage for Facebook, you can do so via your browser settings.
Facebook communication tools
We also use Facebook communication tools, especially the “Custom Audiences” and “Website Custom Audiences” products. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes.
If you want to refuse the usage of Facebook’s “Website Custom Audiences”, you can do so by following this link: https://www.facebook.com/ads/Website_custom_audiences/.
In addition, we use Customer Match Lists within the framework of our Facebook advertising activities, for instance for “Lookalike Audiences” and remarketing. To use Customer Match, lists of encrypted user data are uploaded to Facebook. After the upload, the system checks which data is already known and places these users in a list. After creating the customer match lists, the encrypted customer data is automatically deleted. Facebook does not gather new addresses in this way (encryption).
How we use your personal information
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller of your information and undertake to protect your personal and sensitive data in a manner that is consistent with the requirements of the Data Protection Act/General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of your data.
- administer the website;
- improve your browsing experience by personalising the website;
- follow up with correspondence, email enquires;
- send you general (non-marketing) communications;
- send you email notifications which you have specifically requested;
- send to you marketing communications, where expressly agreed;
- provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
- ask for feedback and review products and services;
- deal with enquiries and complaints made by or about you relating to the website.
Users of this website do so at their own discretion and provide any such personal details at their own risk.
We do not share, sell, or distribute your data to third parties, except as provided in this Privacy Notice. Your data may be shared with contractors working on our behalf, who act on our instruction in relation to the management of your data and must adhere to all data protection laws and regulations. Data processors will be required to have a signed agreement with us to ensure accountability.
We will only send you emails about our products and services (i.e. direct marketing) with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent for us to contact you by contacting us at firstname.lastname@example.org
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
Retaining your data
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
Storage of data
Your information may be stored on a cloud-based system whose servers are located within the UK or European Union (EU). All data will be stored so to comply with the Data Protection Act 1998 and as enacted, the General Data Protection Regulation (GDPR).
IMC Social cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. IMC Social and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
IMC Social may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Data Subject Rights
Subject Access Requests
The General Data Protection Regulation (GDPR) gives individuals, known as ‘data subjects’, the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. We have a formal request form to deal with SAR requests that can be accessed on our website, https://imcsocial.co.uk or by emailing us at email@example.com. You will need to tell us how we acquired the information.
Right to Rectification
Data subjects have the right to request that we amend or change personal information that we hold about you, that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful. Data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to obtain and transfer their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you can contact our Data Controller by email to firstname.lastname@example.org
Questions and queries
If you have any concerns about how we handle your data, you can contact the Data Controller by email to email@example.com
Changes to this policy
If you have a complaint about the use of your data, you can contact us by email to firstname.lastname@example.org
Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
Third Party Rights
Jurisdiction and Governing Law