Privacy Policy

 

1. Introduction

 

This policy explains how we use personal data (“Data”) and other information shared with and/or collected by us.

All data processed by us is handled in compliance with applicable data protection laws including, amongst others, the European General Data Protection Regulation ((EU) 2016/679) (‘GDPR’).

Website Users from Different Countries

We understand that users from other countries may have different expectations or experiences with regard to privacy. For all website visitors, no matter their country and location we are committed to applying the same high standard laid down in this policy.

Use by Children

Our website and services have no intention of collecting data on website visitors who are under 16 years. However, we cannot verify whether a visitor is over 16 years of age. We, therefore, recommend that parents be involved in the online activities of their children, in order to prevent children’s data from being collected without parental permission. If you are convinced that we have collected such data, please contact us.

Before you use or submit any data, through or in connection with the website, please review this policy carefully.

2. Definition


Definition

We have tried to use easily understandable language in this document for all of our users around the world. A few explanations on terms we use in this policy:

Controller: Privacy stakeholder that determines the purposes and means of processing personally identifiable information. In some jurisdictions also referred to as “Organization”, “Data User” or “Business”.

Data Subject: Natural person to whom the personally identifiable information relates. In some jurisdictions also known as “Individual” or “Consumer”.

Personal Data: As used in information security and privacy laws, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Also known as “Personally Identifiable Information” or “Personal Information”.

Online Lead Generation
In marketing, lead generation is the initiation of consumer interest or inquiry into the products or services of a business. We call datasets (such as contact information) collected in an online lead generation campaign “Lead Data” and individuals “Leads”. We also refer to our customers as “Advertisers” or “Customers” in comparison to us, that act as, “Online Advertising and Lead Generation Agency”.

3. Services

We are an online advertising and lead generation agency for professionals. Companies (“customers”) use our services to run advertising campaigns on Facebook and other websites and to generate leads.

4. Controller

Controller and operator of this website is: Paul Harty of Harty’s Railway Management

5. Data Protection Officer

The internal data protection officer that you can reach via p.harty@skyscansurveys.co.uk

6. Our Data processing

CONTACTING US

Request for Information or Advice When you wish to receive information or advice from us, you can fill in a form on our website or send us an email. In the form, we ask you to provide data such as full name, email address, phone number (optional), company name, and website. We also may process information provided voluntarily by you in the text box of the form. If you send us an email, we process the info provided in your email. We use this data only to contact you and provide you with the requested information or advice. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Request a Quote
If you request a quote for one of our services, we will process any information you submit, such as full name, address, email address, company, phone number, country, and service inquiry. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Customer Acquisition
We may also store some or all of that information you provide in a quote request in our customer relationship management system, which is facilitated by a third-party service provider (Salesforce). The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Customer Management
We also process data for the provision of our services such as business contact information, financial information such as bank account numbers, credit, and debit card numbers for payment processing. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Partner Portal
We operate a partner portal for our customers at no additional costs to give them more insights into their campaigns. We offer statistical evaluation of campaigns for qualitative improvements of services. Such statistics show only aggregated data that is not identifiable. We process user-provided information such as email address, name, surname, company name (/client ID), and password to set up an account. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Customer Loyalty
We occasionally send emails to existing customers. This includes, for example, updates concerning new functions of our partner portal which gives our customers insights into their marketing campaigns. We also send out event-related emails for reasons of customer loyalty or to ask you for feedback. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. You can object to this data processing at any time by sending us an e-mail or by clicking on the link provided in the newsletter e-mail.

Data from Publicly Available Sources
We also may use information collected from publicly available sources or enrichment providers (Dun and Bradstreet) to update and complete our business records. The legal basis for the processing of this data is our legitimate interest, Art. 6 (1)(f) GDPR.

Newsletter
You may have the possibility to register for a newsletter on our website. We ask you to provide data like full name, e-mail address (business), telephone number (business), and company name. The legal basis for the processing is your consent, Art. 6 (1) (a) GDPR. You can withdraw your consent at any time by sending us an e-mail or by clicking on the link provided in the newsletter e-mail. For sending out e-mails we use the newsletter service of MailChimp. The provider is Rocket Science LLC, USA. Mailchimp is a service that can be used to organize and analyse the sending of newsletters and also has interaction tracking features.

Interaction Tracking
Tracking your and others’ reactions to and interactions with our newsletters helps us to deliver the content most useful for you and to analyse and evaluate the effectiveness of our marketing efforts. The legal basis for the processing is our legitimate interest, Art. 6 (1)(f) GDPR. You can object to this processing at any time.

Job Applications
We process information such as name, email address, date of birth, qualifications, experience, information relating you your employment history, skills, and other experience that you provide to us if you apply for a vacancy. The legal basis for processing of this data is contract or our legitimate interest, Art. 6 (1)(b) or (f) GDPR. We will store this data for up to 6 months.

Complaints and Enforcement of Rights 
When you wish to make a complaint, you can fill in a form on our website or send us an email. Where it is necessary for compliance with a legal or regulatory obligation that we are subject to, we process your data according to Art. 6 (1)(c) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation. For more information see section “Your Rights with Respect to your Data”.

LEAD GENERATION


Online Marketing Campaigns
In most cases, we run an online campaign only for one specific customer. In this case, we process contact information such as name, email address, and phone number (“Lead Data”) only as the service provider (“Processor”) on behalf of our customers (“Controller”). Our processing is governed in accordance with the GDPR and based on a data processing agreement between us and our customer, Article 28 (3) GDPR. We integrate opt-in consent in all of our campaigns, so our customers can rely on consent to contact you, Article 6 (1)(a) GDPR. We store some of this data in de-identified form for up to 5 years to assist our customers, to prove consent, and for legal defence purposes unless our customer instructs us otherwise. Please note that we do not sell your data to any other party.

Requesting Buyer Quotes
We operate a few websites where you can request several quotes. Making customized quotations is only possible when we have a minimum amount of data. In this case, we process contact information such as full name, email, and phone number (“Lead Data”). Your data will be securely passed down to a limited number of trusted customers (“Controllers”) following your request. Our processing is then governed in accordance with the GDPR and based on data sharing agreement between us and the limited number of customers. We share this data only to meet the reason for which the information is provided. The legal basis for processing of this data is consent, contract or our legitimate interest, Art. 6 (1)(a),(b) or (f) GDPR.

Campaign Flow Questions
In our online lead generation campaigns, we also may ask product-specific questions to find it out if you qualify for the specific product or service of our customer. Our processing is governed in accordance with the GDPR and based on a data processing agreement between us and our customer, Article 28 (3) GDPR.

Custom Audiences (General)
In our online lead generation campaigns, we may use Custom Audiences functions on behalf of our customers (“Controllers”) to exclude an existing audience from targeting. Our processing is governed in accordance with the GDPR and based on a data processing agreement between us and our customer, Article 28 (3) GDPR. Our customers mostly base the processing on consent or legitimate interests, Article 6 (1)(a) or (f) GDPR.

Facebook Custom Audiences
This is a targeting option that lets businesses find their existing audiences among people who are on Facebook. Advertisers can choose to show their ads to certain audiences. You may see ads on Facebook because an advertiser has included you in an audience based on your information or off-Facebook activity. For example, advertisers can use or upload a list of information that Facebook can match to your profile to show or exclude you from seeing certain ads or create a so-called “Lookalike Audiences”. Lookalike audiences are lists of people to target with advertising who are similar to (or ‘lookalike’) the people currently engaging with the advertiser’s business. This function is only used by us upon a customer’s instruction to achieve the best result for its marketing campaign. To adjust this area in your Facebook account you can use your settings at “Ad Preferences” under https://www.facebook.com/adpreferences/ad_settings and “Audience-based advertising section”.

WEBSITE INFORMATION


Server Log-files and Protocol Data
This website collects a series of general information with each visit. This information is stored in so-called log-files of the server and can include e.g. the time and date when our website was accessed, the type of browser you are using, the domain name, or your computer’s IP address. The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. The data is also used to optimize our website and to ensure the security of our systems. The legal basis for the processing is our legitimate interest, Art. 6 (1)(f) GDPR. An evaluation of this data for marketing purposes does not take place. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Geolocation
We may collect different types of information about your location, for example, your IP address when used to access the website. This data may be used to customize the services provided to you, such as location-based information, advertising, and features. The legal basis for the processing is our legitimate interest, Art. 6 (1)(f) GDPR. We shall not retain the data any longer than is required for the purposes described or required under the applicable legislation.

Cookies and Similar Technologies   
On our website, we make use of cookies to tune our services to your needs and to better align the structure, navigation, and content of the website and for marketing purposes. A cookie is an information stored on your device by a website you visit. Some cookies are stored on your device for the duration of your internet session, and some are stored for longer. We especially use web analytic applications and (re-)marketing tools, plugins, and third-party integrated services. The legal basis for the processing is consent or legitimate interest, Art. 6 (1)(a) or (f) GDPR. You can find more detailed information in our ‘Cookies’ statement. 

Cookie Preferences
This website uses a cookie consent manager from the service provider OneTrust. This is a tool that manages a website’s process of collecting and storing a user’s consent for the collection of their data through cookies. It informs you about the types of cookies used on our website and gives you the right to accept and refuse cookies.

Targeted Advertising
We may use direct marketing ourselves through Facebook, Google, or LinkedIn. The legal basis for the processing is consent or legitimate interest, Art. 6 (1) (a) or (f) GDPR. For more information, check out our cookie statement. You can manage advertising preferences through the cookie consent manager, or by using the advertising settings of your browser.

Blog
Our blog helps us keep our community informed with the latest news, insights, interviews and more. We may process your data if you comment on posts, for example, to be able to raise a defence in the event that a third party complains about our blog’s comment content. The legal basis for such processing is our legitimate interest, Art. 6 (1) (f) GDPR.

7. With Who Do We Share the Data?

We share your data in the following way:

Our Offices/Affiliates
We may share your data with our affiliates to respond to a request or provide and develop our services. Companies owned and operated by us can be found on our website. 

Service Providers
We may employ other companies which process data solely on our behalf, for example, to store our data. Such service provider (“Processor”) is only entitled to process the data needed to perform its services and activities and in accordance with our written instructions. The processor guarantees that it has implemented the appropriate security measures in such a manner that its processing meets the requirements of this policy and the GDPR and ensures the protection of the rights of all individuals. The processing of data by a processor shall always be governed by a written data processing agreement between us and the processor.

Sharing with Customers
We may share lead data collected through an online campaign for monetary gain with a limited number of trusted business customers (“Controllers”) to whom you authorize us to disclose your personal information in connection to receive a quote for their products or services.

Sharing with Authorities and Courts  
We may share your data if we are obliged to do so by statutory law or instructions from a public authority or court.

8. Our Data Processing

We share your data in the following way:

Our Data Storage
We store your data on servers in the EU. We use the infrastructure of an external service provider (Google).

Service Providers
Some of our service providers (“Processors”) are located outside the EU so your processing of data will involve a transfer of data outside the European Economic Area. The sharing will only be done with appropriate cross-border transfer mechanisms in place. For example, specific contracts approved by the EU Commission, so-called EU Standard Contractual Clauses, or technical measures such as IP masking.

9. Your Rights with Respect to Your Data?

GENERAL PRIVACY RIGHTS
Right to Be Informed (Transparency)
You have the right to be informed about the collection and use of data. We provide you with the legally required information via this policy. We may provide you with further privacy notices on specific occasions.

Right of Access
You can obtain confirmation as to whether we process your data. You have the right to access and receive a copy of data, and other supplementary information.

Right to Update or Correct Your Data (Rectification)
You have the right to have inaccurate data rectified.

Right to Erasure (Deletion)
You have the right that your data gets deleted.  

Right to Restrict Processing
You have the right to restrict the processing of your data in certain circumstances. This means that you can limit the way that we use your data. This is an alternative to requesting the erasure of data.

Right to Data Portability
The right to data portability allows you to obtain and reuse your data for your own purposes across different services. We will provide to you, or a third party you have chosen, your data in a structured, commonly used, machine-readable format. 

Right to Object
You can object to the processing of data at any time when we rely on Art. 6 (1) (e) or (f) GDPR (see Section “What Kind of Data Do We Collect?”). This effectively allows you to stop or prevent us from processing your data, for example, for direct marketing purposes. In other circumstances, the right can be more limited where we have a legitimate ground to process the data. If you object to data processing, we may not be able to provide certain products or services to you.

Withdrawal of Consent
You can withdraw consent at any time where we rely on Art. 6 (1)(a) GDPR to process your data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Right in Relation to Automated Decision-making and Profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling.

Right to Lodge a Complaint
You have the right to complain to a data protection authority about our processing of your data. For more information, please contact the Dutch Data Protection Authority under your local authority. You can find a good overview of EU data protection authorities via the website of the European Data Protection Board. If you are based outside Europe, you can have a look at the website of the Global Privacy Enforcement Network.

COMPLAINTS ABOUT ADVERTISING AND ONLINE CAMPAIGNS
Information on the privacy practices of our customers and how they deal with personal data can be found in their privacy policy that is connected to the webform of our online campaigns. It is best to contact them if you would like to exercise your rights and choices, for example, to unsubscribe from their email newsletter.

Have You Filled out Your Contact Details in an Online Campaign?
If you have any questions with respect to our lead generation activities and the data we process for our customers, please contact p.harty@skyscansurveys.co.uk We may ask you for further information to identify you. Once we receive and confirm your verifiable request, we will reach out to the customers in order to coordinate your privacy request.

Complaints About an Advertisement?
Should you see ads from us, it is because you are using Facebook or other websites on which our ads are placed. As a marketing agency, we create our online campaigns with utmost care and transparency. If you have a complaint about an ad or online campaign, please contact us.

Ad Preferences on Facebook
Please note that what ads you see on Facebook is regulated by Facebook based on its terms and conditions. The platform does not belong to us and we, therefore, have no control over what ads you see. As a Facebook user, you can adjust what ads are shown to you by using your Facebook settings (“Ad Preferences”). For example, you can block or hide ads that you do not like. See more information here: https://www.facebook.com/help/109378269482053.

Ad Choices on Websites
What advertisements you see on websites that you surf on is regulated by the company that operates that website, for example, a news website (such as MSN) or an email account provider (such as Yahoo or GMX). This website operator (often called “Publisher”) is in charge of placing ads on its website. They often do this to finance themselves. That means, for example, that you can read your daily news or use an email account without paying money for it. In return, you have to look at advertisements. Sometimes you can block or adjust the ads that you see in the settings of the website or by using an ad blocker for your internet browser.

HOW TO ENFORCE YOUR RIGHTS
If you have any requests regarding your rights or complaints, you can contact our data protection officer at p.harty@skyscansurveys.co.uk  We will process your request immediately and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after we receive your written request.

10. Security

We make every reasonable effort to prevent any loss, misuse, disclosure, or modification of data as well as any unauthorized access to it. We also use practices such as computer passwords, firewalls, encryption, and internal organizational tools such as restricted access and permanent deletion of electronic records. We also transfer Lead Data securely to customers by using secure encryption protocols like SFTP or HTTPS. The service provider we use to store your data is certified under high IT security standards, such as the ISO27001. If you feel that your data is not secured properly or there are indications of abuse, please contact us.

11. Links

This privacy policy applies to data collected by us. If we provide a link to a third-party site, please be aware that we are not responsible for the content or privacy practices of that site. We encourage our users to be aware when they leave our website, and to read the privacy policy of other sites that collect data. We are not liable for any disputes, loss, or damage that may arise from or in connection with your use of such third-party sites.

12. Registrations

Harty’s Railway Management trading as Sky Scan Surveys Registration Number: 10296536

13. Change of Control and Sale

We can also share your data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us, or part of our business will have the right to continue to use your data, but only in the manner set out in this policy unless you agree otherwise.

14. Revisions of this Policy

Please note that this policy may be revised, for example due to revisions in the applicable legislation. The revised policy will be published on our website. We recommend checking our website and the policy on a regular basis. The last revision was made in June 2022.

15. Contact

Please note that this policy may be revised, for example due to revisions in the applicable legislation. The revised policy will be published on our website. We recommend checking our website and the policy on a regular basis. The last revision was made in June 2022.

Secure Your Free Consultation

Ready for expert insights on your next project? Just fill in your details below and we’ll be in touch as soon as possible