Privacy Notice – Client

    The following privacy notice is for businesses that are customers or potential customers.
    For consumers where we are holding your data please see our Consumer Privacy Notice.

  1. Why this Privacy Notice is important to 'You', 'Your'.
  2. This Privacy Notice is important because it explains to You how we may use the personal Information We collect and hold about You. Should you have any questions about this Privacy Notice please see the contact details at the bottom of the Notice.

  3. UK Data Protection Law.
  4. Throughout this Privacy Notice we will talk about UK Data Protection Law, this predominantly means the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 as well as the EU GDPR regulations which came into force on 25th May 2018.

  5. Who We are - 'We', 'Us', 'Our'.
  6. The Original Data Company Ltd is a company registered in England & Wales under company number 09509986. Our registered office is: Suite 2013, Letraset Building, Wotton Road, Ashford, Kent, TN23 6LN. The Original Data Company Ltd are Data Controllers of the Personal Information held about You and accordingly are registered with the Office of the Information Commissioner (ICO) under the Data Protection Act 2018. Our registration number is ZA116547.

    Our Data Protection Officer is Paul Golding. He can be contacted by Email: compliance@theoriginaldatacompany.com or Write to: The Data Protection Officer, The Original Data Company Ltd, Suite 2013, Letraset Building, Wotton Road, Ashford, Kent, TN23 6LN.

  7. Our ethos.
  8. We want this Privacy Notice to be honest, open and transparent because We know that Your privacy, and the protection of Your Personal Information is important to You. We take every reasonable precaution to ensure compliance with UK Data Protection Law. Further information about Your rights under UK Data Protection Law is available from the Office of the Information Commissioners (ICO) Website. If You wish to find out more please visit: www.ico.org.uk. We do not want to collect or hold any Personal Information about You that You do not wish or intend to give. That is why it is important that You read this Privacy Notice carefully.

  9. What information do we hold about You and how do we collect it?
    • Information you give Us. This may arise from you filling in forms on Our site www.theoriginaldatacompany.com (our site) or by corresponding with Us by phone, e-mail or otherwise. This includes information You provide when You complete Our Unsubscribe form or Data-Protection-Enquiry/Subject-Access-Request (SAR) form. The information You give Us may include your name, address, e-mail address and phone number.
    • Information You give Us in relation to Business transactions, which You carry out with Us. This will include Your general business enquiries, counts and information enabling us to fulfil Your orders (Sales) or for Us to buy products or services from You (Purchases). The information You give Us may include your name, address, e-mail address, phone number as well as Financial Information.
    • Information We receive from other sources. We may receive information about You if You use any of the other websites we operate or the other services We provide. In this case we will have informed You when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, search information providers, credit reference agencies) and may receive information about You from them.
  10. Where is Your Personal Information held?
  11. The data that We collect from You or about You will be stored within the European Economic Area ("EEA") or areas with EU GDPR adequacy status and will not be transferred outside those regions unless we have Your explicit consent to such transfer and storage. In any event, Your data will only ever be transferred to organisations where an approved code of practice in relation to data protection is adopted. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this privacy notice. We use a variety of physical and network security technologies and procedures to help protect Your information from unauthorised access, use, or disclosure. We also operate stringent people processes which means that only a limited number of people in Our organisation have access to the information We hold. We have established procedures to cope with events that happen that are beyond Our control.

  12. What do we use your personal information for? A summary.
  13. We use Your personal information to:

    1. to unsubscribe You from Our databases;
    2. to add You to Our suppression file/Do not contact file;
    3. providing that You have given to us the necessary consent, to provide You with information about goods and services We offer;
    4. to notify you about changes to our service;
    5. to carry out Our day to day business with You including in the fulfilment of orders You may place with Us or that we may place with You;
    6. to communicate with You about an enquiry You may have made.

    Our business activities also involve us acting as a Data Processor to process our clients’ data on their specific instructions. This data may contain personal data that belongs to our clients (in legal terms they are the Data Controller). We do not do anything with this data other than as instructed by our clients. Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of our clients’ personal data and against accidental loss or destruction of, or damage to, our clients’ personal data. Our clients’ data is not kept for longer than is necessary for those purposes provided to us.

    In the performance of our Data Cleansing and Data Validation services, we are often requested to cross reference our clients’ data to data we receive from our suppliers. Both the clients’ data and our suppliers’ data contain Personal Data that may relate to individuals. Our website provides more details on the Data Cleansing services and the Data Sources that we use. When we process our clients’ data against our suppliers’ data we do so on the legal basis of Legitimate Interest.

    Information we receive from other sources. We may combine this information with information You give to Us and information We collect about You. We may use this information and the combined information for the purposes set out above (depending on the types of information We receive).

  14. Disclosure of your information
  15. We may share Your personal information with:

    • Business partners, suppliers and sub-contractors for the performance of any contract We enter into with them or You. This may include the details You have given to Unsubscribe so that they can also Unsubscribe You.
    • If We are under a duty to disclose or share Your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of The Original Data Company Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  16. Our Data Retention & Back up Policy
  17. We take Your data privacy rights seriously. Whilst the law does not put a time limit on the amount of time We should hold Your personal data, We wish to retain data for as long as it is required for the purposes for which it was collected; for as long as it remains accurate and up-to-date; and most importantly, for as long as You are happy for us to do so.

    In addition, to help Us maintain the most recent indication of your marketing and data processing preferences, if We hold Your email address We will provide You with ongoing reminders of Your data subject rights with access to this privacy notice. We refer to this as engagement or notification recency. Therefore Our data retention policy considers the purpose, the legal basis under which it is processed and also the most recent engagement.

    For Marketing - where We process Your data under consent we will stop using it for marketing purposes after ten years. Where We rely on legitimate interests We will also continue to process Your data for ten years. However, where We hold an email address for You We will maintain regular contact and will ensure that You have the opportunity to opt out at least once every six months.

    For Profiling - We will stop using Your data for this purpose after ten years.

    For Data Cleansing & Deduplication – where we receive third party files for the purpose of data cleansing or deduplication we will store the data for a maximum of 90 days after completion of the order. This period may be shorter if agreed with the client/supplier.

    It is important that the personal data We hold and process is accurate and up-to-date. Therefore, we regularly refresh the database against suppression lists and remove those who no longer wish to be contacted. As we explain in the section 10 of this Privacy Notice marked “What if I don’t want to receive any more information from You? you can withdraw your consent to us at any time by unsubscribing here.

    Our backup policy is to backup data daily, overwriting the previous days backup. One backup each month will then be held offsite for a period of three months before being securely deleted.

  18. What other rights do I have?
  19. Data protection law provides You with several rights in relation to Your personal data:

    Right of access . You can ask Us for a copy of the personal data We hold about You across Our entire business. This is known as a Data Access Request (DSAR). To do this please click here.

    Right to rectification. If You think the personal data We hold about you is inaccurate or incomplete, You can ask for it to be corrected or completed.

    Right to erasure or right to be forgotten. You can ask us to delete the personal data We hold about You.

    Right to restrict processing. If You are concerned about the accuracy of the data We hold about You, You can ask that we restrict our use of it until the query is resolved.

    Right to object. You have the right to object to us processing your data for direct marketing purposes and this extends to any associated profiling activity to support direct marketing. This is an absolute right, meaning that if you object to this, we must no longer process your personal data for this purpose.

    Right to request that Your data be transmitted directly to another data controller (Known as right to data portability).

    Right to be informed. We must provide You with information about how and why we're using Your personal data.

    Rights in relation to automated decision making and profiling. Under data protection rules, the use of automated decision-making and profiling is tightly controlled, particularly where any resulting decision made about you is made solely by automated means and produces a legal or similarly significant effect. In these circumstances, you have the right not to be subject to such decisions unless certain specific criteria are satisfied.

    Right to lodge a complaint with a supervisory authority - If we cannot deal with your complaint to your satisfaction you also have the right to complain to a relevant supervisory authority which include; The Information Commissioners Office; Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or call: 0303 123 1113 or online at https://ico.org.uk/concerns/ and The Advertising Standards Authority - https://www.asa.org.uk/make-a-complaint.html

    Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use, why we use them, and how to change your cookie settings.

    Essential cookies are required for normal operations of a website, for example submitting a form. For non-essential cookies, the basic operations of a website could function without them but some features would be missing. First party cookies are cookies which relate to the website you are visiting, whilst third party cookies may carry information with you as you visit other websites.

    Basic website operations
    PHPSESSID Used when you submit a form on our website to display related messages back to you on another page. For example to display an error message if the form has been completed incorrectly, or to repeat your submitted information back to you afterwards, and thank you for submitting. We may collect IP addresses from Form submissions (registration or contact forms for example) and in this case we will only use these for identifying and restricting spam or robot submissions to our website. Depending on its content, most form data we collect is cleared from our servers within 2 days, and up to a maximum of 1 month.

    This cookie is essential and will not be disabled unless you have disabled cookies entirely in your web browser’s settings.

    Essential

    First party

    Email newsletter analytics
    Our emails track if you have opened the email, which links you’ve clicked within the email, your IP address and browser type.

    You can unsubscribe from these emails at any time from the Remove My Details page, any unsubscribe link on our websites, or the link at the top and/or bottom of our emails.

    Email campaign data is deleted within 2 months of sending. Afterwards, the links and tracking for the email will no longer function.

    • Disabling cookies

    Cookies help you get the most out of our website. However, you may set up your browser to delete or block some or all of them or to notify you when you are sent a cookie.

    Further methods for blocking specific cookies are detailed within the table above.

    Please remember, if you do delete or block the use of some or all of the cookies described above, some features of our websites, such as submitting forms, will not work and your experience may be affected. If you do not adjust your settings to delete or block cookies, then they will be placed on your browser when you visit our websites. You can adjust your settings at any time.

    Find out how to manage cookies in popular browsers:

    To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org

  20. The sale or acquisition of The Original Data Company Ltd or its assets.
  21. If The Original Data Company Ltd or any of its assets are acquired by or merged with another entity, your Personal Information may be one of the transferred assets. If We choose to sell or transfer Our assets, We may choose to retain a copy of Your information post sale or merger.

  22. Changes to this Privacy Notice.
  23. We will occasionally update this Privacy Notice. We will record these changes by posting a notification at the foot of this page. If the changes We make to the Privacy Notice in any way affect Your rights under UK Data Protection Law, especially in relation to how We collect and hold information about You We will contact You to explain the changes and obtain Your permission to do so.

  24. Contact Us.
  25. If You have any comments or queries in connection with this Privacy Notice, please contact The Original Data Company Ltd by: Email at compliance@theoriginaldatacompany.com; or Write to: The Data Protection Officer, The Original Data Company Ltd, Suite 2013, Letraset Building, Wotton Road, Ashford, Kent, TN23 6LN.

    If you have any queries or concerns about the data usage please contact us by emailing us at info@theoriginaldatacompany.com.

ISO 27001 Certification

The Original Data Company has achieved UKAS-accredited certification to ISO 27001:2022.

ISO 27001 is a government-backed and worldwide standard for Information security, cybersecurity and privacy protection through Information Security Management Systems.

You can verify the validity of our ISO certificate by entering our certificate number 252989 on the UKAS website. Alternatively a direct link to the certification can be found HERE.