The following information provides you with details about how we process your personal data and your rights under data protection law.
Collection and use of personal data when you visit our website
The website can be visited and used without the User entering any personal information.
Some parts of the website offering the download of information or services may require that Users input personal data to receive the services or access special areas, or register as a User with password protection. In these cases, we point out for which purpose the data is raised as well as information on whether the data input is voluntary or mandatory for the usage of the services concerned.
We save and use your personal data only for the specific purpose for which you intended i.e. agreed. The use of the personal data for any other purpose can only be effected when it is legal to do so. All of your personal data will be kept confidential and may be passed on to our employees or their agents only when it is necessary for the explicit purpose intended by the User. Please note that it may be necessary for us to forward such information between offices, affiliates or third party service providers, both inside and outside the European Economic Area. However, we use its best endeavours to ensure that all involved entities protect your data adequately. Apart from said offices, affiliates and service providers, your data will not be given to any other third parties unless
- you have expressed your consent in writing;
- the information is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
- we are under legal obligation to do so.
Upon request, we will provide you with information on the personal data collected and stored. We will correct any inaccurate data upon your request. You may, at any time, revoke the agreement to the use and storage of personal data and we will immediately delete the information upon receiving the revocation. In those cases where we are obliged to store the data for a certain period of time, the data will be made inaccessible.
Upon visiting our website our server will record your IP address in combination with the date, time and duration of your visit. This information helps us to compile statistical data on the use of our website and to analyse how Users navigate through our website in order to evaluate and improve it to our visitors´ benefit.
Purpose of processing, legal basis and retention period
If we request consent to process your personal data, we do so in line with Article 6, Paragraph 1, Sentence 1, Letter a of the GDPR. If processing your personal data is required to fulfil a contact or pre-contractual measures prompted by your request, our processing is legally based on Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR. In cases in which processing of personal data is required to fulfil our legal obligations, processing is in line with Article 6, Paragraph 1, Sentence 1, Letter c of the GDPR. If processing of personal data is necessary to protect a legitimate interest of our company or a third party, and if at the same time the interests, basic rights and freedoms of the data subjects, which require the protection of personal data, do not take precedence over our legitimate interest, Article 6, Paragraph 1, Letter f of the GDPR shall serve as legal basis for said processing.
Unless otherwise specified, we delete personal data in accordance with Article 17 and 18 of the GDPR or restrict their processing. We only process and store your personal data for as long as they are required to fulfil our contractual and legal obligations. Data no longer required for the intended purpose are deleted regularly unless temporary further processing is necessary, which may arise on account of other legally permissible purposes.
Collection and use of personal data when you visit our website
Newsletter Sign Up
As part of the registration process for our monthly email newsletter, ‘Up close’, we collect personal information. We use this information to send you our monthly newsletter; and to contact you if we need to obtain or provide additional information. We will also make sure you get invited to our events. We don’t sell or trade email lists with other businesses.
We process your data in line with Article 6, Paragraph 1, Sentence 1, Letter a of the GDPR.
We use a third party provider, MailChimp, to deliver our newsletter. MailChimp is GDPR compliant, and has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes, which allows lawful transfer of EU/EEA personal data to the U.S. pursuant to its Privacy Shield Certification. Mailchimp also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability. Find out about Mailchimp’s security practises here.
Mailchimp’s tools also provide us with information about email opening and clicks to help us monitor and improve our newsletter. For more information, please see MailChimp’s privacy notice.
You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails. If you prefer the personal touch, you can emailing firstname.lastname@example.org to get your details taken off the list.
In our office (322 High Holborn, London) we operate a common Guest WiFi network in some of our offices using Cisco Meraki devices.
During use of these networks, Cisco Meraki logs the following in to our cloud portal:
- Device Name (Device name could contact users own name dependant on setup of the device)
- Device Type (e.g. Apple iPhone)
- Usage Amount and Destinations
- Internal Guest WiFi IP Address
- Device MAC address
We do not use this detail for any purpose other than providing a Guest WiFi network and troubleshooting of connections to this network.
Direct Mailing Events
Our clients provide us with personal information they capture when you purchase or otherwise receive a product or service from them.
When performing marketing service for our clients we may be asked to mail the printed product, typically letter, leaflet or brochure or similar goods of printed matter directly to the address of current or potential customers of our clients (“consumers”).
- For this purpose we receive from the client or its data partner personal data of the consumers deliver the printed product to the provided address consumers (names, postal address, email address, phone numbers), and/or
- printed content, i.e. personal information that has to be displayed/included at the printed product eg pricing, subscription information, membership information
We act as processor in this respect and we process the personal data based on written instructions issued by our clients.
For this purpose, we only require the data from our client necessary for delivering the service and require from our clients that they own the data based on lawful basis, typically based on the consent granted by the data owner or based on legitimate interest. However it is eventually the data controller, i.e. our clients or their data partner, who is ultimately responsible for lawful obtaining of the consumer’s private / personal data.
We are subcontracting the printing and/or mailing activity to third parties (“vendors”) who process the data to deliver the job to our clients (based on written instructions issued by us). In this case we share the data that is necessary for the fulfilment of the job to the vendors and we have concluded with all vendors the Data Protection Clause.
We continue to bear responsibility for the protection of consumer’s data in the case of processing by a processor. Hence, processing the data within our company and transfer of the data to vendors is made only in secure way in order to prevent any data breach and we require the same secure method of processing from our vendors.
You hold the following rights with regard to your personal data processed by us:
- access to information on the categories of the processed data, purposes of processing, recipients or categories of recipients of your data, and the planned retention period (Article 15 of the GDPR)
- correction of inaccurate or incomplete data and/or their amendment (Article 16 of the GDPR)
- deletion of data in line with Article 17 of the GDPR, in particular if the personal data are no longer necessary for the intended purpose or are processed illegally, or if you withdraw your consent or have lodged an objection to processing
- restriction of data processing in line with Article 18 of the GDPR in certain circumstances insofar as, for instance, deletion is no longer possible or the deletion obligation is at issue
- in line with Article 20 of the GDPR on data portability, to have us provide you or a third party with the personal data you supplied to us in a structured common machine-readable format
- for reasons arising from your particular situation the right to object to data processing on account of a legitimate interest (Article 21, Paragraph 1 of the GDPR)
- withdrawal of your consent at any time to be effective in the future (Article 7, Paragraph 3 of the GDPR); this also of course also applies to the withdrawal of consents you granted us prior to the GDPR coming into effect
- in line with Article 77 of the GDPR to lodge a complaint about data processing with the responsible supervisory authority
Responsibility for data processing and company data protection officer
If you have any questions regarding how we handle your personal data you are welcome to contact Radek Tazler, the Data Protection Officer of Konica Minolta Marketing Services, at DataProtection@ms.konicaminolta.com