Bamboo PR Privacy Notice
Last Updated: 21 September 2023
Bamboo Public Relations Limited and its affiliates, subsidiaries and related entities (“Bamboo PR “Bamboo “we, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).
Founded in 2002, Bamboo PR is a Marketing and PR agency specialising in public relations, marketing services, content marketing, social media marketing and event management services for technology and IT communications companies. Its company number in Companies House is 04461618 and it is registered at 20 Mortlake Business Centre, Mortlake High Street, London, SW14 8JN.
The purpose of this privacy notice is to explain what personal data we collect about you when you use and interact with our website. When we do this, we are the data controller.
However, when providing our client businesses our services, we are the data processor.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at firstname.lastname@example.org.
Our Privacy Promise
- Keep your data safe and private;
- Never sell your data;
- Give you ways to manage and review your marketing choices at any time;
- Clearly explain how we protect and process journalist, influencer, and analyst data; and
- Only process your personal data in accordance with the applicable data protection regulations and the appropriate security standards.
Personal data we collect
When you access, interact with our website and with us, and send us website enquiries, we will collect the following types of personal data, either directly from you, or from third parties such as companies or people that introduce you to us and public information sources:
- Email address
- Content of your enquiry
- Any other message you choose to share with us
If you choose to subscribe to our newsletter or download our marketing content, we will collect your:
- Marketing preferences
- Email address
If you choose to participate in our testimonials or refer us, we will collect your:
- Job role
- Testimonial and referral messages
When we onboard your business as a client and deliver our services to your business, we may collect corporate data that may contain your:
- Corporate email address
- Phone number
- Job role
- Company information
- Credit card number/bank account details
To grow our business with new business and to build relationships with prospective new clients, we may collect corporate data that may contain your:
- Corporate email address
- Phone number
- Job role
- Company information
- LinkedIn profile
- Previous conversations had with a member of our team
We may also process personal data from our client’s customers when delivering PR outreach services to journalists, influencers and analysts as well as the marketing services, email marketing services and event management services we provide. In these cases we will be acting as a Data Processor.
Bamboo PR relies on its journalist, analyst and influencer contacts and relationships to provide a service to its clients.
Many of these relationships span several years and when new relevant individuals are identified we process their personal information to deem relevancy and to open an ongoing dialogue on behalf of our clients.
This data is kept regularly up to date and consent can be withdrawn at any time under the standard individual rights outlined by UK GDPR. We ensure the data we collect and process is securely managed, with routine internal audits to ensure journalists and other relevant parties are still fit for purpose for the needs of our clients.
We use ResponseSource to verify these contact details regularly and those relationships.
The information we collect, and process includes:
- Name and title
- Job title and publication affiliations
- Business address and related addresses
- Contact details for you and your business, such as email addresses and phone numbers
- Publication information, circulation figures and topics of interest
- Records relating to subscriptions and rights to erasure
- Anonymised Google Analytics tracking data
Purposes for which we use personal data and the legal basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
|Purpose||Lawful Basis for Processing|
|To provide you with a response for your enquiries and with customer care||Performance of the contract you have with us (or that you may wish to enter with us)|
|To collect and post testimonials||Consent|
|To send you marketing communications, tell you about relevant products and offers||Consent|
|To onboard you or your business as a client, provide you with the expected services, manage our customer relationship, and collect payments||Performance of the contract|
|To provide clients with our PR services||Performance of the contract|
|To manage and build our relationships with prospective clients.||Legitimate interest, of which its validity is regularly reviewed|
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
Sharing your data
We may share your data with third-party companies that provide us with services and assistance, companies or individuals that we introduce to you, email marketing technology companies that assist us with our marketing activities, and companies you ask us to share your data with. We only transfer personal data to third parties that we trust and that are capable of providing adequate levels of data protection compliance.
We may choose to sell, transfer, or merge parts of our business, or we may seek to acquire other businesses or merge with them. During any such process, we may share your data with other parties. We’ll only do this if they agree to keep your data safe and private.
In the unlikely event your personal data is processed outside of the UK, it will be because the organisations we use to provide some of our services to you are based outside the UK.
We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:
- Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
- We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary.
How long we keep your data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
After you stop being a client, we may keep your data for up to 7 years for one of these reasons:
- To respond to any questions or complaints
- To show that we treated you fairly
- To maintain records according to rules that apply to us
We may keep your data for longer than 7 years if we cannot delete it for legal, regulatory, or technical reasons or to maintain the relevant personal identifier to ensure your right to erasure. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
The data we hold on to journalists, analysts and influencers is held while we have an active relationship or until an individual leaves a publication or organisation.
How we protect your data
We implement appropriate technical and organisational measures to protect data that we process from unauthorised disclosure, use, alteration or destruction.
Our workplace technology is managed by Air IT and involves secure device management, remote wipe capabilities should devices be lost or stolen, up to date security software, such as antivirus and firewalling, and a robust internal process to ensure changes to our IT estate are auditable and controllable.
Our employees go through annual data protection training with the assistance of our DPO, Evalian Ltd, as well as annual cybersecurity awareness training for all employees.
We have an extensive set of internal procedures, access controls, policies and frameworks that are regularly reviewed and tested related to data protection.
Your rights and options
You have the following rights in respect of your personal data:
- You have the right of access to your personal data and can request copies of it and information about our processing of it.
- If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your personal data with your consent, you can withdraw your consent at any time, such as for marketing activities.
- Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your personal data if:
- It is not accurate.
- It has been used unlawfully but you do not want us to delete it.
- We do not need it any-more, but you want us to keep it for use in legal claims; or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances you can compel us to erase your personal data and request a machine-readable copy of your personal data to transfer to another service provider.
- You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at email@example.com.
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.
If you have any questions, or wish to exercise any of your rights, then you can contact:
20 Mortlake Business Centre, Mortlake High Street, London, SW14 8JN
Alternatively, you can email us at firstname.lastname@example.org.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Ltd can be contacted as follows:
Leylands Business Park
Phone: +44 (0)333 050 0111