Fair Processing Notice

For Website Users, Clients and Potential Clients

Zuken process data about our website users, potential clients and clients. This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and your rights.

We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation

Our contact details:
Zuken Ltd
Address: 1500 Park Avenue, Almondsbury, Bristol BS32 4RF

When you use our website, we will process the following personal data about you:

Why do we need it?

We need your name and contact details in order to answer your enquiry and we process this data with your consent.

We need your IP address and MAC address for security reasons.

We will send you our Newsletter when you consent for us to do so. You have the right to unsubscribe to marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident.

OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

By law, we need a legal basis for processing the personal data of a website user. We will process your data using the legal basis of consent and legitimate interests.

Consent
Consent is given where we ask you for permission to use your information in a specific way and you agree to this.  Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time. For example, you consent to receive our Newsletter by email.

In order to answer your enquiry effectively we may pass your details on to one of our local trusted resellers who will be able to assist you further.

Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).

For example, Zuken has a legitimate interest to process your data if you subscribe to a webinar or download content from our website and we will also keep your personal data on a suppression list so that we don’t email you again if you have opted-out.  We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your rights.

We process the following data because we have a legitimate interest:

  • the IP address and the MAC address when you visit our website enables us to keep our website secure
  • keeping your data in our system in order to keep it secure
  • your email in a suppression list so that we don’t email you again by accident
  • sending you marketing communications when you have subscribed to webinar or downloaded any content

HOW LONG DO WE HOLD YOUR PERSONAL DATA?

We hold your data:

  • for marketing – upto 25 months, in accordance with Marketo Data Retention Policy 
  • for enquires – upto 3 years – ie contact form submissions
  • for security – upto 10 years – ie placing onto suppression lists

WHO DO WE SHARE YOUR INFORMATION WITH?

DATA TRANSFERS OUT OF THE EU OR EEA

Your data is kept within the EU or EEA, except for data that is processed by Limelight Networks, Salesforce or Marketo.

Limelight’s services are used by businesses seeking to deliver faster websites, more responsive applications and the highest quality video, to their customers’ devices

Limelight Networks is located in the USA, which is a non-adequate country for data transfer as determined by the European Commission. Your data is protected by Limelight Networks as they participate in and have certified their compliance with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”).

Limelight Networks will comply with the Privacy Shield Principles with respect to the personal data that it receives in the United States from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view Limelight Networks’ Privacy Shield certification at https://www.privacyshield.gov/. Limelight Networks’ commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

 

Salesforce is a Customer Relationship Management platform, Salesforce is located in the USA, which is a non-adequate country for data transfer as determined by the European Commission. Your data is protected by Salesforce as they participate in and have certified their compliance with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”).

Salesforce will comply with the Privacy Shield Principles with respect to the personal data that it receives in the United States from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view Salesforce’s Privacy Shield certification at https://www.privacyshield.gov/. Salesforce’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

 

Marketo provide digital marketing automation services, Marketo is located in the USA, which is a non-adequate country for data transfer as determined by the European Commission. Your data is protected by Marketo as they participate in and have certified their compliance with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”).

Marketo will comply with the Privacy Shield Principles with respect to the personal data that it receives in the United States from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view Marketo’s Privacy Shield certification at https://www.privacyshield.gov/. Marketo’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

 

Resellers
Your local reseller may be located within a country which is a non-adequate country for data transfer as determined by the European Commission. In this instance, your data is protected by EU Standard Contractual Clauses between our UK office and our resellers. The EU Commission has determined that Standard Contractual Clauses are sufficient safeguards on data protection for the data to be transferred internationally. You can learn more about Standard Contractual Clauses at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

If your local reseller is located in Japan or Canada, then Standard Contractual Clauses are not required as the EU Commission has determined that Japan and Canada are adequate for data transfer (Canada has a partial adequacy statement for commercial organisations only).

YOUR RIGHTS UNDER THE GDPR

You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance.

You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.