LEAD INTELLIGENCE LIMITED
By “We” or “Us”, we refer to our firm, Lead Intelligence Limited. We are Registered in England and Wales at the Registered Address: 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
By “You” we mean you, the individual/customer to whom the data that we process and/or control relates.
For the purposes of the Data Protection Act (“DPA”), we are a “Data Controller”.
We are registered with the Information Commissioner’s Office, Registration Number: ZA745799
You can contact us using the information provided below:
- Telephone: 07968 478 916
- Email: firstname.lastname@example.org
In-person or by Post: 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
Our office opening hours are Monday to Friday between 9:00am and 5:00pm.
We may collect and process personal data relating to you, including specifically your name, address, contact details (phone number and/or email address) and age range.
We may then derive information pertaining to you such as Gender, Marital status, Actual and estimated age range, Estimated income, Education level, Household status (head of household, spouse, elderly parent, young adult), Lifestyle interests (e.g. product ownership, interests and hobbies, travel, charities supported etc) as well as derive information to Households such as Property type, whether a household rents or owns a home, The estimated value of a home, Length of residence, Number of adults, Telephone number, Presence of children, Estimated Household income
In certain circumstances, we may hold special category data (also known as sensitive personal data) we will require this information to tailor our approach to how we can best assist you and your needs. For instance, you may have a medical condition which means that a third-party deal with your affairs or you may have an impairment which would mean we would be best to contact you via a different method.
Any special category data held will be treated with the strictest of confidence and will be held purely based on your explicit consent to aid us in providing the best service to you. If you do not provide your explicit consent relating to any impairment or vulnerability, the information will not be recorded and will also not be disclosed to any third-parties.
We receive personal information indirectly, from online and telephone direct marketing companies “Data Contributors”.
When you have registered, applied or made an entry on a Data Contributor’s website or app you will have been given the option to agree to third party marketing by the channel/s that you specified. Typically, you will have four options to choose from which are Telephone, SMS (Text Message), Email or Post.
Where you agree to third party marketing, your data may then be sent to us. We combine this information to create a Single Customer view so we can share your information with other companies “Third Party Controllers” who want to contact you about their products and services.
Under the Data Protection Act 2018 and the General Data Protection Regulation 2016, we are required to have a lawful basis to process your personal data. When processing your data, we rely on the following lawful bases to do so:
1. Consent (i.e. where we have asked whether you wish to permit us to process data in a certain way and you have told us that you allow us to do so)
2. Legitimate Interest (i.e. where the processing is necessary for the purpose of a legitimate interest pursued by our company or a third party, except where such interest are overridden by the interests, rights or freedoms of the data subject).
Our primary interest when processing your personal data is to enable us to create a Single Customer view and to share your information with Third Party Controllers, which we do by way of business.
We will process your information to achieve the following outcomes:
- Supply to your data to Third Party Controllers
- Ensure accuracy by combining data and insights from multiple Data Contributors
- Combine data from multiple Data Contributors and publicly available databases to make assumptions using combined data to create marketing profiles.
- Restrict marketing communications for consumers registered with Mailing Preference Service (“MPS”) or the Telephone Preference Service (“TPS”)
- Update the data using Equifax’s DisConnect product to identify people who have moved home or are deceased
- To maintain a suppression file of data that has withdrawn consent for Third Party Controllers
- Create marketing categories derived from information you have provided.
- Remove your data from our database and Third-Party Controller databases
- Respond to your requests for information
- Update and correct the accuracy of the data
- Provide you with marketing information about products and services that are listed in the Privacy notice on Data Contributor’s websites.
- To create Custom Audiences on Facebook and Google Platforms.
- Create marketing profiles
- Derive information pertaining to individual customers such as Gender, Marital status, Actual and estimated age range, Estimated income, Education level, Household status (head of household, spouse, elderly parent, young adult), Lifestyle interests (e.g. product ownership, interests and hobbies, travel, charities supported etc)
- Derive information pertaining to Households such as Property type, whether a household rents or owns a home, The estimated value of a home, Length of residence, Number of adults, Telephone number, Presence of children, Estimated Household income
Third party controllers may contact you by email, SMS, telephone or post depending on the consent you have given or whether they are relying on another lawful basis to contact you.
Throughout the provision of our service, we may disclose your personal data to Third Party Controllers. The categories of recipients of personal data are as follows:
- Investments & savings
- Rosland Capital, Vin X
- Telecoms and Utilities (including Broadband, Mobile Telephones, Landlines, Energy switching)
- Bulb, ESB, Utilita, EC outsourcing, YCL, Lead 365
- Mail Order
- Funeral Planning
- Media & publishing companies
- Subscription Services- marketing town
- Home improvements
- Heat seal- Wall protect
- Loans, credit cards and mortgages
- Business to Business
- Retail (Including Fashion, clothing and FMCG)
- Government & Educational institutions
- Entertainment & Leisure
- Call Centres
- Money Saving Offers
- Property (including retirement properties
- General Insurances including Life Insurance and Private Medical Insurance
- Market Research
- Household & Car
- Holidays (including Hotels, Airlines and escorted tours)
- Health & Well-being (including mobility)
- The Lead People
- Straight forward Media
- Green Pi
- Perfect Ingenuity
Your data may also be shared with future companies promoting the Products and Services listed. You can request a full list of the Third-Party Controllers that you data may be shared with.
We may transfer data outside of the United Kingdom (UK) or European Economic Area (EEA). Personal Data shared with third-party operational providers, required for the provision and operation of our services (as described within Recipients of Personal Data), may transfer personal data outside of the UK and EEA. Should this be the case, the international transfer will be made in accordance with an adequacy decision or subject to appropriate and documented safeguards.[AH1] [MA2] [MA3]
Your right to access
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.
Your right to rectification
You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
Your right to erasure
Under certain circumstances, you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute.
Your right to restrict processing
Under certain circumstances, you have the right to request the restriction or suppression of your personal data, and as like the right to erasure, it is not absolute. Restriction of processing means we are permitted to store your personal data; we are unable to use it.
Your right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data.
Your right to object
Under certain circumstances you have the right to object to the processing of your personal data, however, you do have the absolute right to object to direct marketing.
Your right to be informed
You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with.
In the context of your personal data, You have the right to lodge a complaint to the supervisory authority, the Information Commissioner’s Office (“ICO”). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you would like to make a complaint, please contact us using the following information:
- Telephone: 07968 478 916
- Email: email@example.com
in-person or by Post: 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
Our office opening hours are Monday to Friday between 9:00am and 5:00pm.
You can also complain to the ICO if you are unhappy with how we have used your data and to do so may use the following information:
- The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline number: 0303 123 1113
To withdraw consent you can email firstname.lastname@example.org with your request to withdraw your consent. Please include your First Name, Surname, [Mobile, Landline or Email] and Postcode so we can identify you and remove your information from the database. It can take up to 28 days to remove your information from all Third-Party Controllers. If you continue to receive marketing message after 28 days after your request to withdraw your consent, please contact us directly.
Should consent be withdrawn for a particular purpose that we are relying on that consent to perform, we may be unable to provide you with our services or may be unable to tailor our services to your needs which may subsequently impact the service we provide.
Your information is securely stored on our data based in the UK.
We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, of harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon request. By law, we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
You have the right to access your personal information, also known as a Subject Access Request (SAR). This means you are entitled to obtain the following information about yourself:
- Confirmation that we are processing their personal data;
- A copy of their personal data; and
- Other supplementary information;
A third party may make a request on your behalf. We will require evidence from the third party as to evidence this entitlement. This may take the form of a written authority or be a more general power of attorney.
To make a subject access request you should do so in writing either via email or written letter. In order for us to process your request it is our responsibility to identify you and be satisfied that you are the individual whom the data relates to. You cannot make a SAR on behalf of someone else unless you have the required written authority or demonstrable Power of Attorney.
The simplest way to make a SAR is to email us at email@example.com or alternatively you can write to us at Data Protection Officer, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.
We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however, this will be proportionate to the request itself and if we have doubts of the authenticity of identification.
For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Personal data is data that relates to a person. A data supplier must demonstrate how and when they received this data, under what lawful basis it was collected, by whom and how that basis complies with the GDPR today.
It is essential that any organisation involved in processing personal data is clear as to their role and responsibility.
Under GDPR, everybody in the data processing chain is responsible for the care of personal data including both controllers and processors.
It’s important to establish the provenance of data. Therefore, you should stay as close to the point of original data collection as you can. Work with collectors where you can; if you use a broker, ensure they have a clear view of the data origin and completed the relevant due diligence documentation.
Get due diligence forms completed by your suppliers, but don’t stop there. Your due diligence process should be an on-going process.
There are six lawful bases for processing (Consent, Contract, Legal obligation, Vital interest, Public task and Legitimate interest). Either Consent or Legitimate Interests could be acceptable for different forms of Direct Marketing. Neither is ‘stronger’ than the other; it’s important to establish the most appropriate for the type of processing conducted.
The standards for obtaining consent are increased under GDPR. Consent needs to have been captured “freely, specifically, informed and unambiguously” using a “clear affirmative action.”
A data collector will collect consent from a consumer for other organisations to process their data; this is third party consent and the GDPR requires that the third party should be named. Categories of third-party organisations will not be enough to give valid consent under the GDPR. If the third party is not named then consent cannot be relied upon as a lawful basis and another lawful basis is likely to be most appropriate for your processing activities, such as Legitimate Interests.
If your supplier relies upon Legitimate Interests as the appropriate legal base for processing personal data they should be able to share with you details of the Legitimate Interests Assessment they conducted, demonstrate that they have clearly informed people what will happen to their data and given the consumer the opportunity to object.
It needs to be as easy and without penalty for a consumer to withdraw their permission. Withdrawal of permission is not the same as being forgotten. A data supplier needs to retain a record of a consumer if they are to ensure they no longer communicate with that consumer. A consumer may request to be forgotten and a data supplier will inform the consumer of the implications of this choice before complying with the request.
Fines under GDPR could be up to €20m or 4% of global turnover, whichever is higher; therefore, marketers need to choose their suppliers carefully.
Lead Intelligence Limited
Lead Intelligence is a company limited and registered in England and Wales under number 12546685 Registered office 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
CALL 07968478916 to speak to one of the team
Copyright © 2020 Lead Intelligence Limited - All Rights Reserved.
ICO Registration number: ZA745799