At Yoyo Design, we are committed to protecting and respecting your personal data and being transparent about what we do with it, no matter how you interact with us.
This privacy statement describes why and how we collect and use personal data and provides information about what rights you have.
Personal data we collect
Clients. Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data where it is strictly needed for those purposes. We process personal data in order to run our business including: managing our relationship with clients, developing our services, maintaining and using IT systems, hosting and facilitating the hosting of events, administering and managing our website and applications. Unless we are asked not to, we use client business contact details to provide information that we think will be of interest in us and our services.
Business Contacts. We process personal data about contacts existing and potential Yoyo Design clients using a third-party customer relationship management (CRM) system. This data will include name, employer name, contact title, phone, email and other business contact details. In addition, we may collect data from Yoyo Design emails of legitimate interest (sender name, recipient name, date and time).
Visitors to our Offices. We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time for reasons of health and safety. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
Suppliers. We process personal data in relation to our suppliers and their staff as necessary in the provision of services. Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients.
Job Applicants. All the information you provide during the application process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements as necessary. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
Unless required to do so by law, we will never share any information you provide with any third parties for marketing purposes.
When you indirectly give us information
When you interact with us on social media platforms such as Facebook, WhatsApp, Twitter or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.
Using your personal data for marketing
As of May 2018, we have an ‘opt-in only’ communication policy. This means that we only send marketing information to people who have specifically said that they agree to us doing this or to people that register via our website to receive our newsletters. If you would like to receive such communication but have not yet opted-in you can do so by sending us an email to email@example.com.
Third-party Data Processors and software
We use the following third-party platforms to process, manage and/or store personal data. Privacy Policies for each, abide by the new General Data Protection Regulation (GDPR) therefore ensure the security of personal data. Software brand names have been omitted for security reasons.
Cloud-based email and word processing tools - We use industry standard office-based applications and systems to conduct our day-to-day business activities. All data is encrypted at rest and password protected. We actively monitor for potential security threats and data breaches in real time.
Email marketing platform – We use this to enable people interested in our services or products to subscribe and unsubscribe to email marketing lists through sign-up forms.
Event management and ticking platform – We use to collect personal information which enables us to provide tickets for our events. If you register for an event we will collect your name, email address and the company you work for. This information will be retained until immediately after the event unless you explicitly consent to us retaining your details for longer (e.g. for upcoming future events) and will not be shared with any 3rd party organisations.
CRM – We use this to store personal information about our business contacts of legitimate interest, as classified above. This data will be retained for a maximum period of 36 months, from the last active communication between both parties.
Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on secure (password and firewall protected) servers. All electronic transactions you make to or receive from us will be encrypted using SSL/TLS technology. Unencrypted data transmission over the internet is inherently insecure, for example, email and as such we cannot guarantee the security of data sent via email or other insecure methods.
We actively monitor any emails sent to us, including file attachments for any malicious software of viruses.
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling;
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
You may exercise any of your rights in relation to your personal data by written notice to Yoyo Design Ltd, 90 Calverley Road, Tunbridge Wells TN1 2UN.
For further information on your rights please refer to the ICO website.
Retaining and deleting personal data
Our data retention policies and procedures are designed to help ensure we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.
If your personal details change, please help us keep your information up to date by notifying us at Yoyo Design Ltd, 90 Calverley Road, Tunbridge Wells TN1 2UN
This website is owned by Yoyo Design Ltd. Our principal place of business is at 90 Calverley Road, Tunbridge Wells, TN1 2UN.
You can contact us at any time:
- by post to the address listed above
- by email to firstname.lastname@example.org