We may make changes to this policy from time to time, such as complying with legislation updates or company policy.
How We Collect and Use Personal Data
We may obtain personal data directly from you in a variety of ways as indicated below. We only collect this data when you voluntarily submit such information to us for any of the following reasons:
Via our web enquiry form, you may submit details including name, company, email address and telephone number. Additional information may be supplied voluntarily that will help us engage with your enquiry on a more personal level. If you are a business prospect, we will also add your data to a customer relationship management (CRM) record if you provided a business card to any of the Cyber-Duck business development team.
When you provide your personal details to us they will be stored securely. We may use your information to conduct legitimate business interest communication with you for the purposes of developing a business relationship, unless other options for communication have been selected or you have unsubscribed to this content.
Newsletters and Events
You may choose to opt-in to other types of communication when completing forms on our website. These communications may include regular email newsletters or invitations to events. If data fields are marked as mandatory, this is to enhance and personalise your experience with us, particularly around event attendance.
Subscribers can change preferences or unsubscribe at any time by using links provided in these emails. We will also add your data to a CRM record if you’ve provided our team with business cards at events and workshops, as part of our legitimate business interests with you, we may use this data to invite you to similar events in the future. Any issues with managing subscriptions or data can be quickly brought to our attention by contacting [email protected].
Careers and job applications
You may send us personal details including email address, name, and details on a CV, via our website. We currently use a PeopleHR (see third party processors section below) to process applications for career related submissions. We consider submission of an application as the user giving consent for this data to be used for the processing of a job application but not for any other purpose, unless a user opts-in to receive other email communication while completing forms on our website.
RESOURCES (GATED CONTENT) from insights
We may gather your personal identification information (full name, company email address) in connection with downloading resources (e.g. UX Book) that we make available on our website. We will collect personal identification information only if you’ve voluntarily submitted such information to us, either by completing the form or using LinkedIn authentication.
You can decline to supply personal identification information, except that it may prevent us from providing you with this gated content download. In exchange for downloading these products of value, you will receive quarterly digital news and insights from the Cyber-Duck team. But, you can unsubscribe using the links in these newsletters at any time.
Non-personal identification data
We may collect non-personal identification information whenever you interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about the users means of connection to our website, such as the operating system and the Internet service providers utilised and other similar information. We may use information to understand how you, and our others as a group, use the services and resources provided on our website. This can help us optimise future user experience of our website.
LEGITIMATE INTEREST SUBSCRIPTION
Who we classify as a legitimate interest subscriber
In light of GDPR, we have reviewed our subscriber list and determined whether we have a legitimate interest in maintaining contact with some subscribers or contacts. That means we may contact you to inform you that you’re an active subscriber within our secure database. You may be so for one of the following reasons:
- You are currently or have been a client of Cyber-Duck
- You’ve expressed an interest in our service previously as a prospect
- You’ve requested to hear more about our company via email
- You’re a friend of the business or a close associate
- You work for a university or an academic institution that works with Cyber-Duck
- You supply services to Cyber-Duck
We consider each of the above as good reason to continue contacting you in the future. Under GDPR, this is known as a Legitimate Interest and we believe there is a mutual and genuine interest in you hearing from Cyber-Duck going forward.
We do not share our database and our subscribers’ data with any third party without the specific consent of our subscribers.
What do we send our subscribers and when?
- Quarterly newsletters - We will normally only contact you on a quarterly basis (4 times per year) with relevant information and news about Cyber-Duck, trends in your industry, or in relation to one of our events.
- Client bulletins – These are for clients only and include important service level agreement (SLA) announcements as well as technology, security information and any other important updates that impact our service to you.
- Events – Intermittently we may hold client workshops or events that could be useful for your CPD and training that may benefit you or your colleagues. Once you show interest in an event, we will send you reminders.
How we store and process your information
All your information is stored securely in our CRM system, Pipedrive.
How we send out electronic communication
We will normally email you everything, but we may call or send you an SMS message if you are attending an event or Cyber-Duck party.
How to change your preferences
If you disagree with our assessment of legitimate interest in your case, you can change your preferences at any time. You can unsubscribe from our mailing list by clicking the unsubscribe button in your email correspondence from us.
Alternatively, you can get in touch with our team to learn more about how we manage your data, as well as what data we collect and hold, by contacting us at [email protected]. We will also be able to update your preferences.
Web Browser Cookies
How We Protect Your Information
We understand that sharing your data with us is very personal. Cyber-Duck will protect your data and adopt appropriate data collection, security measures, storage and processing practices against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.
Who Has Access to Your Information?
We will not sell or rent your information to third parties. We will not share any of your personal information with third parties for marketing purposes.
Third party processors
We use third party processors who help us operate our business and website or administer activities on our behalf. As a data controller, we ensure our data processors, are GDPR compliant. All data is stored either in the EU or in the USA with Privacy Shield compliant data processors. This is something that we verify as an organisation. We will share your information with the following third parties if you have given us your permission and only for these purposes:
|Third Party Name||Data processing type||Data and purpose||Data processor security compliance|
|Mailchimp||Email communication||Collection of name, email address mandatory, other fields are optional. Fields available for email communication preference types.||Compliant with the EU-U.S. Privacy Shield Framework under GDPR|
|People HR||Applicant Tracking System||Collect personal data relevant to current or future job roles.||UK based - ISO27001 Accredited
|Pipedrive||CRM & Pipeline Management||Collect name, contact and company details to engage with prospects and current clients.||EU Customers data stored in Germany – GDPR Compliant|
|Eventbrite||Event Management||Collect data relevant to event communication, registration and management.||Compliant with the EU-U.S. Privacy Shield Framework under GDPR|
|Survey Management||Collect survey responses if a participant provides their responses or personal details.||Certified and complies with the EU-U.S. Privacy Shield Framework.|
You will find content on the Cyber-Duck website that links to other websites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties who may be data processors. These websites and services may have their own privacy policies, customer service policies, so we encourage you to read them.
For many of you, we will retain your data for as long as you remain engaged with Cyber-Duck. We will conduct regular data reviews then securely delete your data in line with legal guidelines and our own data retention policies as shown below:
|Contact Type/Tag||Retention Timeframe||Criteria|
|Client||T&C specific||Clients can check specific terms and conditions within their contractual agreements|
|Prospect||3 years||Prospect deleted after period of inactive engagement|
|Content Subscriber||3 years||Subscriber deleted after period of inactive engagement|
|Associate - Friend of the business||7 years||Individual data deleted after period of inactive engagement|
|Supplier||7 years||Supplier deleted after period of inactive financial activity|
|Previous Staff||7 years||Individuals data deleted after no additional contact|
|Human Resources||7 years||Individuals data deleted after no additional contact|
|Applicants||7 years||Applicant details deleted after no additional contact
Paper copies of CVs are securely destroyed after 1 year
Access rights to your information
You have rights regarding accessing, correcting or limiting how Cyber-Duck use or disclose information we hold about you.
Subject Access Requests (SAR):
You have the right to see what personal data we hold about you and for how long. To obtain a copy of this personal information, please email [email protected]
Please put in the subject line: SUBJECT ACCESS REQUEST.
We will respond to any requests to access your personal information within 30 days. Requests will be processed free of charge unless the requests from one subject becomes excessive. We reserve the right to charge a fee if more than one request is received within a 12 month timeframe from a single individual. Requests for corrections to information will be dealt with within 21 calendar days from an electronic receipt of information from the data subject.
Your Acceptance of These Terms
12 High Street, Elstree
Herts, WD6 3EP, United Kingdom
+44 (0) 20 8953 0070
This document was last updated on the 22nd of October 2018.