Data Protection and Security Policy
Flamingo Marketing Strategies Ltd is committed to preserving the confidentiality and integrity of all information it holds and processes and to operating its business in compliance with the requirements of relevant Data Protection Laws and Regulations.
We recognise the importance of Personal Data and of respecting the privacy rights of individuals. This Data Protection Policy (“Policy”) sets out the principles which we apply to our Processing of Personal Data and use of Confidential Information and our commitment to safeguard one of the most valuable assets which belong to our Clients.
Any questions about this Policy should be raised with the Flamingo Marketing Strategies Data Officer whose details are at the end of this Policy.
The following key words and phrases are used within this Policy:
means the entity which determines the purposes and means of the Processing of Personal Data;
means the entity which Processes Personal Data on behalf of the Controller;
means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states and the United Kingdom, applicable to the Processing of Personal Data as part of the Services;
means the identified or identifiable person to whom Personal Data relates;
means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
means any information relating to an identified or identifiable natural person where such data is Customer Data. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. Data Protection and Security
Under the Data Protection Laws and Regulations, Personal Data must be processed in accordance with certain data protection principles, under which Personal Data must be:
- Processed fairly and lawfully and in a transparent manner;
- Obtained and processed only for one or more specified, explicit, and lawful purposes;
- Adequate, relevant and not excessive in relation to the purpose;
- Accurate and, where necessary, kept up to date;
- Kept for no longer than is necessary for the purpose;
- Processed in accordance with the rights of Data Subjects and in a manner, that ensures appropriate security, integrity and confidentiality of the Personal.
Flamingo Marketing Strategies ensures it employs appropriate technical and organisational measures to adhere to these principles.
4. Nature and Purpose of Processing
The purposes for which we use your information and the legal basis under the Data Protection Laws and Regulations on which we rely to do this are explained below.
Where You Have Provided Consent
We may use and process your Personal Data where you have consented for us to do so to contact you via email or text with marketing information about our Services if you (i) indicate that you would like to receive such marketing from us; (ii) sign up to our newsletter, emails/ texts via our website or other medium where available; or (iii) when you refresh your marketing preferences when responding to a request from us to do so.
You may withdraw your consent for us to use your information in any of these ways at any time by using the unsubscribe automated link included at the bottom of Flamingo Marketing Strategies marketing emails. Alternately you can send an email to firstname.lastname@example.org, putting OPTOUT in the title.
Where There is a Legitimate Interest
We may use and process your Personal Data where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
- For marketing activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same, as explained above);
- For analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
- To correspond or communicate with you;
- To verify the accuracy of data that we hold about you and create a better understanding of you as a client;
- For network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- For prevention of fraud and other criminal activities;
- To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- To assess and improve our service to customers through recordings of any calls with our contact centres;
- For the management of queries, complaints, or claims;
- For the establishment and defence of our legal rights;
- To administer the Website.
When making the decision to process personal data under the basis of legitimate interest we make an assessment, including completing where appropriate a formal Data Protection Impact Assessment (DPIA), to ensure our interests are balanced with the interests of the individual. This assessment will consider:
- The level of benefit of this processing to Flamingo Marketing Strategies;
- The level of expected impact on the privacy of the individual;
- Whether the individual would reasonably expect us to use their data in the way we propose; and
- Whether it is possible to unnecessary burdensome on the individual to ask for consent when they are unlikely to object to the processing.
Where There is a Legal Requirement
We will use your Personal Data to comply with our legal obligations: (i) to assist a public authority or criminal investigation body; (ii) to identify you when you contact us; (iii) to send you any required information if you are a shareholder, and/or (iv) to verify the accuracy of data we hold about you.
Where it is Required to Complete a Contract
Flamingo Marketing Strategies will process Personal Data as necessary to perform its training and consulting services and as further instructed by the Customer in its use of the services, as a Data Controller.
5. The Security of Personal Data
Flamingo Marketing Strategies has implemented procedures designed to ensure that Personal Data remains secure throughout the entire chain of processing activities by Flamingo Marketing Strategies and its sub-processors (specifically Keap, Zapier, myleadpages.net, Calendly, Stripe and Quickbooks). Additionally, the Flamingo Marketing Strategies website undergoes security assessments by internal personnel and third parties, which include infrastructure vulnerability assessments and application security assessments.
Flamingo Marketing Strategies adopts a number of internal security controls, which include:
- Controls to ensure initial passwords of Flamingo Marketing Strategies employees with access to Personal Data must be reset on first use;
- Controls to limit password re-use by Flamingo Marketing Strategies employees;
- Password length and complexity requirements for Flamingo Marketing Strategies employees;
- Specific requirements to ensure all passwords used to access internal systems the support processing of Personal data store of passwords in salted hash format and do not transmit passwords in an unencrypted format;
Flamingo Marketing Strategies, or an authorised independent third party, will monitor the website for unauthorised intrusions using network-based intrusion detection mechanisms.
All Flamingo Marketing Strategies systems used in the provision of the website, including firewalls, routers, network switches and operating systems, log information to their respective system log facility in order to facilitate security reviews and analysis.
Flamingo Marketing Strategies maintains security incident management policies and procedures. Flamingo Marketing Strategies with notify impacted individuals without undue delay of any unauthorized disclosure of their respective Personal Data by Flamingo Marketing Strategies or its agents of which Flamingo Marketing Strategies becomes aware to the extent required by Data Protection Laws and Regulations.
The physical data centre, provided by our partner Thinkology, used to provide the website has secure access control systems. These systems permit only authorised personnel to have access to secure areas. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, are secured by around the-clock guards, two-factor access screening, including biometrics, and escort-controlled access, and are also supported by on-site back-up generators in the event of a power failure.
6. Sub-processors Supporting the Processing of Personal Data
Flamingo Marketing Strategies have entered into written agreements with sub-processors containing privacy, data protection, and data security obligations that provide a level of protection appropriate to their processing activities.
Flamingo Marketing Strategies utilises the services of the following sub-processors to process Personal Data as part of its marketing activities and to complete the necessary processing needed to provide its training and consulting services:
- Keap (formally Infusionsoft) – Flamingo Marketing Strategies uses this marketing automation/CRM tool to deliver e-mail campaigns to clients, subscribers and other interested parties. Keap has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://keap.com/legal/application-privacy-notice
- Calendly – Flamingo Marketing Strategies uses the appointment boking service offered by Calendly to schedule appointments with potential prospects. Calendly has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://calendly.com/pages/privacy
- Zapier – Flamingo Marketing Strategies utilises Zapier to connect the secure services of its sub-processors as required to complete the chain of processing. Zapier has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://zapier.com/privacy/
- Stripe – Flamingo Marketing Strategies utilises Stripe to collect and process payments from clients. Stripe has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://stripe.com/gb/privacy
- Quickbooks – Flamingo Marketing Strategies utilises Quickbooks to manage the billing of clients and track and report financial results. Quickbooks has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://quickbooks.intuit.com/uk/privacy-policy/
7. European Specific Provisions – Overseas Transfers
The GDPR requires that Personal Data must not be transferred to a country or territory outside the European Economic Area (i.e. the member states of the EU plus Iceland, Liechtenstein and Norway), unless that country or territory or organization ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the Processing of Personal Data.
Subject to paragraph 3.20, where Flamingo Marketing Strategies shall not transfer Personal Data to any country outside of the EEA without prior written consent from the individual, except for transfers to and from: (i) any country which has a valid adequacy decision from the European Commission; or (ii) any organization which ensures an adequate level of protection in accordance with the applicable Data Protection Laws and Regulations.
8. Your Rights and Choices
You have a number of rights in relation to your Personal Data under Data Protection Laws and Regulations. In relation to certain rights to access your Personal Data, we may ask you for information to confirm your identity and, where applicable, to help us to search for your Personal Data. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Accessing your Personal Data
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your Personal Data if this concerns other individuals or we have another lawful reason to withhold that information.
Correcting and Updating your Personal Data
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using the details described at the end of this policy.
Withdrawing Your Consent
Where we rely on your consent as the legal basis for processing your Personal Data, as set out under, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using the unsubscribe automated link included at the bottom of Flamingo Marketing Strategies marketing emails. Alternately please send an email to email@example.com, putting OPTOUT in the title.
If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.
Objecting to our Use of Your Personal Data and Automated Decisions Made About You
Where we rely on your legitimate business interests as the legal basis for processing your Personal Data for any purpose(s), you may object to us using your Personal Data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your Personal Data, we will temporarily stop processing your Personal Data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
Erasing your Personal Data or Restricting its Processing
In certain circumstances, you may ask for your Personal Data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your Personal Data for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your Personal Data where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these circumstances, we may only process your Personal Data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your Personal Data in a Structured Data File
Where we rely on your consent as the legal basis for processing your Personal Data or need to process it in connection with the Services, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your Personal Data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your Personal Data if this concerns other individuals or we have another lawful reason to withhold that information.
Complaining to the UK Data Protection Regulator
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your Personal Data. Please visit the ICO’s website for further details.
9. Contacts and Responsibilities
Flamingo Marketing Strategies has appointed a “Data Officer”. This individual is responsible for:
Ensuring that Flamingo Marketing Strategies’ employees receive appropriate training and are working in compliance with this Policy;
Undertaking regular assessments of Data types and ensure that the right levels of protection are in place;
Acting as a key point of contact for data protection queries and the reporting of breaches for all Data Owners, employees, customers and Data Subjects;
Monitoring and ensuring the compliance with this Policy within Flamingo Marketing Strategies and dealing with any disputes which may arise concerning data protection issues;
Conducting reviews of internal procedures to ensure that they continue to provide adequate protection of Personal Data and Confidential Information;
Updating this Policy to reflect any changes in data protection laws;
Registering with government agencies (such as the UK Information Commissioner’s Office).
If you have any queries regarding this Policy, please contact our Data Officer by email at sending an e-mail to firstname.lastname@example.org and putting FAO: DATA OFFICER in the subject.
10. Amendments to This Policy
This Policy will be updated from time to time by the Data Officer to reflect any changes in legislation or in our methods or practices. The current issue of the Policy will be available from our website at breakthrough-partners.com or from our Data Officer.
We recommend you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our website.