We may make changes to this policy from time to time, such as complying with legislation updates or company policy.
How We Collect and Use Personal Data
We may obtain personal data directly from you in a variety of ways as indicated below. We only collect this data when you voluntarily submit such information to us for any of the following reasons:
Via our web enquiry form, you may submit details including name, company, email address and telephone number. Additional information may be supplied voluntarily that will help us engage with your enquiry on a more personal level. If you are a business prospect, we will also add your data to a customer relationship management (CRM) record if you provided a business card to any of the Cyber-Duck business development team.
When you provide your personal details to us they will be stored securely. We may use your information to conduct legitimate business interest communication with you for the purposes of developing a business relationship, unless other options for communication have been selected or you have unsubscribed to this content.
Newsletters and Events
You may choose to opt-in to other types of communication when completing forms on our website. These communications may include regular email newsletters or invitations to events. If data fields are marked as mandatory, this is to enhance and personalise your experience with us, particularly around event attendance.
Subscribers can change preferences or unsubscribe at any time by using links provided in these emails. We will also add your data to a CRM record if you’ve provided our team with business cards at events and workshops, as part of our legitimate business interests with you, we may use this data to invite you to similar events in the future. Any issues with managing subscriptions or data can be quickly brought our attention by contacting firstname.lastname@example.org.
Careers and job applications
You may send us personal details including email address, name, and details on a CV, via our website. We currently use a PeopleHR (see third party processors section below) to process applications for career related submissions. We consider submission of an application as the user giving consent for this data to be used for the processing of a job application but not for any other purpose, unless a user opts-in to receive other email communication while completing forms on our website.
Gated content from insights
We may gather your personal identification information in connection with using resources (like the UX Book) that we make available on our website. We will collect personal identification information only if you’ve voluntarily submitted such information to us, either by completing the form or using LinkedIn authentication. You can decline to supply personal identification information, except that it may prevent us from providing you with this gated content.
Non-personal identification data
We may collect non-personal identification information whenever you interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about the users means of connection to our website, such as the operating system and the Internet service providers utilised and other similar information. We may use information to understand how you, and our others as a group, use the services and resources provided on our website. This can help us optimise future user experience of our website.
Web Browser Cookies
How We Protect Your Information
We understand that sharing your data with us is very personal. Cyber-Duck will protect your data and adopt appropriate data collection, security measures, storage and processing practices against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.
Who Has Access to Your Information?
We will not sell or rent your information to third parties. We will not share any of your personal information with third parties for marketing purposes.
Third party processors
We use third party processors who help us operate our business and website or administer activities on our behalf. As a data controller, we ensure our data processors, are GDPR compliant. All data is stored either in the EU or in the USA with Privacy Shield compliant data processors. This is something that we verify as an organisation. We will share your information with the following third parties if you have given us your permission and only for these purposes:
|Third Party Name||Data processing type||Data and purpose||Data processor security compliance|
|Mailchimp||Email communication||Collection of name, email address mandatory, other fields are optional. Fields available for email communication preference types.||Compliant with the EU-U.S. Privacy Shield Framework under GDPR|
|People HR||Applicant Tracking System||Collect personal data relevant to current or future job roles.||UK based - ISO27001 Accredited
|Pipedrive||CRM & Pipeline Management||Collect name, contact and company details to engage with prospects and current clients.||EU Customers data stored in Germany – GDPR Compliant|
|Eventbrite||Event Management||Collect data relevant to event communication, registration and management.||Compliant with the EU-U.S. Privacy Shield Framework under GDPR|
You will find content on the Cyber-Duck website that links to other websites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties who may be data processors. These websites and services may have their own privacy policies, customer service policies, so we encourage you to read them.
For many of you, we will retain your data for as long as you remain engaged with Cyber-Duck. We will conduct regular data reviews then securely delete your data in line with legal guidelines and our own data retention policies as shown below:
|Contact Type/Tag||Retention Timeframe||Criteria|
|Client||T&C specific||Clients can check specific terms and conditions within their contractual agreements|
|Prospect||3 years||Prospect deleted after period of inactive engagement|
|Content Subscriber||3 years||Subscriber deleted after period of inactive engagement|
|Associate - Friend of the business||7 years||Individual data deleted after period of inactive engagement|
|Supplier||7 years||Supplier deleted after period of inactive financial activity|
|Previous Staff||7 years||Individuals data deleted after no additional contact|
|Human Resources||7 years||Individuals data deleted after no additional contact|
|Applicants||7 years||Applicant details deleted after no additional contact
Paper copies of CVs are securely destroyed after 1 year
Access rights to your information
You have rights regarding accessing, correcting or limiting how Cyber-Duck use or disclose information we hold about you.
Subject Access Requests (SAR):
You have the right to see what personal data we hold about you and for how long. To obtain a copy of this personal information, please email email@example.com
Please put in the subject line: SUBJECT ACCESS REQUEST.
We will respond to any requests to access your personal information within 30 days. Requests will be processed free of charge unless the requests from one subject becomes excessive. We reserve the right to charge a fee if more than one request is received within a 12 month timeframe from a single individual. Requests for corrections to information will be dealt with within 21 calendar days from an electronic receipt of information from the data subject.
Your Acceptance of These Terms
12 High Street, Elstree
Herts, WD6 3EP, United Kingdom
+44 (0) 20 8953 0070
This document was last updated on the 31st of May 2018.