Introduction

This policy works in line with EU General Data Protection Regulation (“GDPR”) and The Data Protection Act (1998). As a leading UK creative brand and marketing agency, the privacy and
security of the personal data we handle is critical to us. This privacy policy (“policy”) explains how we manage and protect your personal data if you are a Creative Spark client (“you”), inclusive of any data of your customers provided to us by you. This notice tells you who we are, what data about you we collect, and what we do with it. The types of data we collect, and what we do with it will vary depending on the type of relationship you have with us. Information about the business activities of Creative Spark Ltd can be found at www.creativespark.co.uk

Who are we?

Creative Spark (“we, us”) is a leading creative brand and marketing agency providing branding and advertising solutions and services, across a variety of platforms (online and offline) to customers, globally. We work closely with our clients, from start ups to global brands, wishing to create a new brand strategy and how this can be translated with both our online and offline and offline services (for the full list of services provided, please be directed to our website (url below). We are responsible for managing your personal data in connection with our services. Details of how to contact us can be found at www.creativespark.co.uk/contact . Or alternatively, you can email hello@creativespark.co.uk or call us on 0161 839 9955.

What data do we collect in relation to you?

The types of data we collect and the reasons for which we collect it from you depend on who you are, the relationship we have with you i.e. if you are a client or if you are a customer of a client.

Client

The personal data we collect about you may include the following:

● Full name
● Job title
● Contact details, including email address, phone number, office address
● Bank account details

Client customer

The personal data we collect about you may include, but isn’t limited to, the following:

● Full name
● Job title (if necessary)
● Contact details, including email address, phone number, address
● Relationship to client
● Marketing preferences

For what purposes do we use data about you, and on what legal basis?
We may use various data about you for various purposes connected with providing our services to you, the client. We may use data about you for the following purposes:

• Entering into and managing our commercial relationship with you
• Creating and managing your account with us
• Communicating with you in relation to service provision changes or issues or handling your enquiries
• Sending you marketing and promotional materials that we think will be of interest to you (you can unsubscribe at any time)
• Our record keeping and company administration
• To comply with legal and regulatory obligations
• For internal reporting and benchmarking
• To protect our business and properties and systems and to establish, protect or defend our legal rights

The legal basis for our use of data about you is one of the following (which we explain in more detail in the table below):

• The performance of our contract with you
• Compliance with a legal obligation to which we are subject
• Our legitimate business interests of which are not overridden by your rights, or where none of the above applies, your consent (which we will ask for before we process the data)

The purposes for which we use data about you, with corresponding methods of collection and legal basis for use, are:

Providing services

Purpose Basis for processing
If you are a client, we will use personal data to fulfil the contract between us. If you are a customer of a client, we may use your data in order to fulfil the contract between us and the client.
• Creating and managing your commercial relationship/account with us (or the account of the
partner which you represent);
• Communicating with you in relation to service provision changes, issues or handling your enquiries.

Basis for processing
• If you are a client the basis of our processing is to fulfil our contract with you.
• If you are customer of a client, the basis of our processing your data is to fulfil our contract with our client.

Record keeping and administration

Purpose Basis for processing
• To maintain internal records and other business administration tasks e.g. CRM, billing, project management etc.

Basis for processing
• The basis of our processing is legitimate interests.

Marketing and the sending of other promotional materials

Basis for processing
• The basis of our processing is our legitimate interests to send you marketing and promotional materials from time to time. Where we have obtained your consent to send marketing then we instead rely on consent as the legal basis.

Marketing and the sending of other promotional materials

Purpose Basis for processing
Legal & regulatory compliance or to defend or establish our legal rights
• To comply with legal and or regulatory obligations or to respond to requests from law enforcement agencies.

Basis for processing
• The basis of our processing is compliance with legal obligations to which we are subject or the pursuit of our legitimate interests.

Legal & regulatory compliance or to defend or establish our legal rights

Purpose Basis for processing
• To comply with legal and or regulatory obligations or to respond to requests from law enforcement agencies.

Basis for processing
• The basis of our processing is compliance with legal obligations to which we are subject or the pursuit of our legitimate interests.

For internal reporting and benchmarking

Purpose Basis for processing
• To produce reports on business conducted.

Basis for processing
• The basis of our processing is legitimate interests.

Sharing data with third parties

Purpose Basis for processing
• We may share your data with third parties, such as banks to take/make payments to you; or our service partners, in order to fulfil the contract between us and you, e.g. printers, TV production agencies, digital development partners, hosting services, accounts etc. All of whom will be GDPR compliant within their own right.

Basis for processing
• The basis of our processing is either fulfilment of our contract with you if you are a client or legitimate interests if you are a customer of our client.

Where we do not base our use of personal data about you on one of the above legal bases, we will ask for your consent before we process the personal data (these cases will be clear from the context). You are permitted to withdraw your consent at any time. In some instances, we may use personal data about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

Who do we share your data with, and for what purposes?

We may share necessary elements of your data with the following:

• service providers, our service partners, which provide us services (such as printers, TV production agencies, digital development partners, hosting services, accounts etc);
• other third parties, where required or permitted by law (such as regulatory authorities, government departments and law enforcement agencies) or when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal purpose
• in the context of organisational restructuring.

Where might data about you be sent?

Data we collect is processed and stored on servers in the UK. The only time your data will be sent outside of the UK is when you, the client, is outside the UK and wish to use third party services outside of the UK in order to fulfil the contract between us.

How do we protect data about you?

We implement appropriate technical and organisational measures (e.g. including but not limited to, password encryption) to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction.

How long will data about you be kept?

The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested the deletion of the data, and whether any legal obligations require the retention of the data (for example, for regulatory compliance). We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected.

What rights and options do you have?

You may have some or all of the following rights in respect of data about you that we hold:
• Request us to give you access to it
• Request us to rectify it, update it, or erase it
• Request us to restrict our using it, in certain circumstances
• Object to our using it, in certain circumstances
• Withdraw your consent to our using it (if our use is based on your consent)
• Data portability
• Opt out from our using it for marketing (you can, and have always been able to, unsubscribe to mailing lists at any point)
• Lodge a complaint with the supervisory authority in your country (if there is one)

You are able to exercise these rights by contacting us using the details set out at ‘Who should you contact with questions?’ below.

Who should you contact with questions?

If you have any questions, or wish to exercise any of your rights, you can contact:
By email: hello@creativespark.co.uk
By telephone:<.strong> 0161 839 9955
In writing: Creative Spark, 12 Arundel Street, Castlefield, Manchester, M15 4JP.

You have a right to contact the Information Commissioner’s Office with any questions or concerns.

If we cannot resolve your questions or concerns, you also have the right to seek remedy before a UK court.

Changes to this policy

We may update this notice (and any supplemental privacy notice), from time to time as shown below.

We will notify of the changes where required by applicable law to do so.
Last updated on 24.05.2018