If you have any queries, please contact privacy@OwensDDB.com
1. General Information
1.1 Introduction and General Terms
Owens DDB Limited is committed to protecting your Personal Data and your privacy. We endeavour to ensure that any Personal Data we collect about you will be held and processed strictly in accordance with applicable data protection legislation,
Owens DDB Limited is headquartered in Dublin, Ireland, and therefore all personal data we process is held in accordance with local laws that implement the European General Data Protection Regulation (“GDPR”).
We also ensure that we comply with any other applicable local law governing personal data protection.
The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR (which can be accessed here), unless otherwise indicated.
Owens DDB has created this Privacy Notice which explains how and why we collect Personal Data about you (“Your Data”), what that data is, under what circumstances we may disclose or transfer it, and how long we store it for.
1.2 What does this Notice cover?
At Owens DDB we collect and process Personal Data in a number of ways so this notice is layered to allow you to find the information that is most relevant to your situation. Please read this general information section then click on the heading below that is most appropriate for you situation, to find out more.
1.3 How do I contact Owens DDB?
If you have any queries regarding this notice or complaints about our use of Your Data, please contact us at privacy@OwensDDB.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.
Data Privacy Officer
Owens DDB Limited
23-25 Grantham Street,
1.4 Will Owens DDB share my Personal Data with anyone else?
Other than as set out below, we hold Personal Data on Owens DDB’s own secure servers in Ireland.
In certain limited circumstances, however, it may be necessary for us to share Your Data with the recipients set out below. We may also share it with the third parties identified in Section 2 of this Notice. All third parties with whom we share Your Data are required to protect it strictly in accordance with applicable data protection law and, where the third party is acting as our data processor, they may only use it for specified purposes and in accordance with our instructions.
We occasionally make use of consultants who may have access to Your Data if it is necessary for the service they provide.
In relation to any other third parties, we will only share Your Data with your consent or in the following circumstances:
1.4.2 Where we are required to do so for legal reasons
We will share personal information with companies, organisations or individuals outside Owens DDB if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Owens DDB, our users or the public, as required or permitted by law.
1.4.3 Where it is necessary in connection with legal proceedings
We may share Your Data with certain third parties where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise our legal rights.
1.4.4 If we sell our business, go out of business or merge with another company
1.5 Data Security
We have put in place appropriate security measures to prevent Your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Your Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
1.6 How long will Owens DDB keep my information?
Unless otherwise indicated in Section 2 below, we will hold Your Data on our systems for as long as is necessary for the relevant activity for which it was collected. After this time we may retain Your Data for a further period of a maximum of 10 years in order to comply with legal record keeping requirements. In limited circumstances, we may keep Your Data for longer than this if we have identified a legal, regulatory or technical reasons why this is necessary.
1.7 How to access, correct or delete Your Data
You can request access to all the Personal Data that Owens DDB has collected from you directly or indirectly, by contacting us using the contact details set out above. You can also request that we correct or delete Your Data in the same way.
For EU Residents, for further information on your rights to access, correct or delete Your Data under the GDPR.
1.8 Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
1.9 Your choices and opt-outs
You can opt out of receiving marketing emails from us at any time. You can opt out of our marketing emails by clicking the ‘unsubscribe’ link at the bottom of our marketing messages.
Also, all opt out requests can be made by emailing us at privacy@OwensDDB.com.
Please note that it may take up to 3 days to remove you contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make a request.
1.10 Changes to this Privacy Notice
We keep our privacy notice under regular review. This version was last updated on 19th October 2018.
If material changes are made to the Privacy Notice, for instance affecting how we would like to use Your Data, we will provide a more prominent notice (including, for certain services, email notification of Privacy Notice changes).
2. How do we collect your data?
At Owens DDB, we collect and process Personal Data in a number of ways. To help you find the information that is most relevant to your situation, we have separated our policy into a number of sections depending on how you interact with us. Please click on the heading below that is appropriate for your situation to find out more.
2.1 You are engaging with us as a potential customer or prospect
2.1.1 What does this section cover?
This section of our Privacy Notice sets out information relating to the data we collect from or about you when you interact with us as a prospective customer or if you belong to an organisation we have identified as potentially interested in our services.
This includes Personal Data collected in the following ways:
- when you download our marketing materials through our website or another party’s website;
- when you use the “Enquiry” form on the website;
- when you request information regarding our services via post, email or telephone;
- when you contact us or provide Your Data in relation to a marketing event we are running or sponsoring; or
- when you provide us with your business card.
2.1.2 How do we collect Your Data?
We collect certain Personal Data directly from you at the point at which you interact with us.
We also use public sources, social media, marketing services firms and media publishers to obtain Personal Data relating to people at organisations we believe may be interested in our services. A list of the third party sources we use is available on request.
In some circumstances, we may also obtain your Personal Data as a result of a referral from an existing Client.
Where you have provided your Personal Data to a third party who is collecting it on our behalf (such as EventBrite or Zoom), we will collect certain Personal Data about you from that third party.
2.1.3 What Personal Data do we collect?
The Personal Data we collect will depend how you are interacting with us but, in general, this will include:
- First name;
- Last name;
- Job Title;
- Company Name;
- Email address;
- Telephone number; and
If you voluntarily provide additional Personal Data to us, we will also collect and hold that data in accordance with this Privacy Notice.
2.1.4 What do we use the Personal Data for?
We use Your Data in order to provide you with the information that you have requested, to respond to the request or enquiry you have submitted or to contact you in relation to the event you are attending. We may also use the Personal Data to contact you about the service in which you have shown an interest or to send you other similar marketing materials. Our legal basis for using Your Data in this way is that it is necessary for the purposes of our legitimate interest of running our business and increasing our customer base.
Where you have indicated your consent to it, we may also use Your Data to send you other online resources or marketing materials which we believe may be of interest to you. Our legal basis for using Your Data in this way is consent. You can unsubscribe from our emails at any time using the “unsubscribe” button at the bottom of the email. If you are an EU Resident, please see the section “Additional Information for EU Residents” below, for further information on how you can withdraw your consent.
2.1.5 Who do we share this Personal Data with?
We use a third party automated email provider to send out marketing communications on our behalf.
All third parties with whom we share Your Data are required to protect it in accordance with applicable data protection law and, where the third party is acting as our data processor, they may only use it for specified purposes and in accordance with our instructions.
2.2 You are a customer of Owens DDB
2.2.1 What does this section cover?
This section of our Privacy Notice sets out information relating to the data we collect from or about you when you become, or the organisation you work for becomes, a customer of Owens DDB.
2.2.2 How do we collect Your Data
We collect Personal Data about when you provide such Personal Data to us in order to become a customer of ours.
If you work for an organisation that has signed up for our services, we may receive Personal Data about you from other members of your organisation.
2.2.3 What Personal Data do we collect?
We collect the Personal Data necessary to provide you with the service you have requested or to support the service, which may include the following:
- First Name;
- Last Name;
- Email address;
- Telephone or mobile number (if voluntarily provided);
- Access permissions;
- Whether you are authorised to make changes to our service
If you voluntarily provide additional Personal Data to us, we will also collect and hold that data in accordance with this Privacy Notice.
2.2.4 What do we use the Personal Data for?
We use Your Data to provide you with the services you, or the organisation your work for, has requested. This may include using Your Data to manage our relationship with you and for service administration purposes (e.g. to provide you with reports or password reminders, or to notify you that a particular service, activity or online content has been suspended for maintenance). We may also use Your Data to contact you in relation to any support queries you raise. Our legal basis for using Your Data in this way is that it is necessary for the performance of a contract to which you are subject.
We provide occasional emails to keep you updated with information about Owens DDB and other services we provide which we think you, or your organisation, may be interested in and to let you know about Owens DDB services. From time to time we may also contact you to ask your views on issues affecting Owens DDB. We may personalise the message content based upon any information you have provided to us and your use of Owens DDB platforms. Our legal basis for using Your Data in this way is that it is necessary for the purposes of our legitimate interest of running and improving our business.
You can opt out from these communications at any time. You may either use the unsubscribe mechanism in any of the communications you receive, or contact privacy@OwensDDB.com
Your Owens DDB Account
As part of the contractual services Owens DDB provides, you may have registered for an admin or publishing account, for example on one of the websites or similar marketing assets – for example email marketing accounts – we develop and/or host and/or manage on your behalf. This will allow you to login to your website or email marketing account. You might be asked to create an account on other Owens DDB services to enable you to sign in and seamlessly enjoy Owens DDB services or 3rd party service such as email marketing that we provide.
For as long as Owens DDB is providing services to you, an admin or publishing account with an associated named individual may be a necessary part of delivering that service and you cannot delete your account. However, any individual’s Personal Data may be removed wherever requested, provided an alternative named individual is provided. If you delete your admin or publishing account then Your Data will be deleted in timeframes in accordance with local laws, and the remaining information is anonymised for analytical purposes. Deleting your Owens DDB admin/publishing account will not delete the data you shared with Owens DDB for reasons that are not connected with that service. For example, if you download marketing collaterals or register for events. To delete non-service-related information as well, please contact us using the contact details in paragraph 1.3 above.
2.3. You have contacted us in relation to a data protection query for one of our privacy clients
2.3.1. What does this section cover?
When you engage with us as a client, we will be the Controller of any of the personal data you submit to us. If, as a client, you provide us with then personal data of 3rd parties which you have collected on a legitimate basis, we will be the Processor of this data. This section covers any Personal Data we may receive from our clients, or have access to, whilst fulfilling our DPO role.
2.3.2. How do we collect Your Data?
Your Data will usually be collected when you submit an email to our privacy email address.
We may also receive limited personal data about you from clients, or have access to it, where it is required in order to fulfil our statutory requirements as a DPO (for example, where we need to investigate whether a complaint has been dealt with appropriately).
2.3.3. What Personal Data do we collect?
We will receive whatever Personal Data you include in your email to us but generally this will include:
- Your name;
- Your email address;
- Details of your query/complaint;
In limited circumstances, we may also have access to any Personal Data included in a response to a Subject Access Request that you have made to our client.
2.3.4. What do we use that Personal Data for?
We use Your Data in order to comply with our legal obligations under Article 39 of the GDPR.
2.3.5. Who do we share Your Data with?
In certain circumstances, we may need to share Your Data with a Supervisory Authority. For example, if we need to cooperate with a Supervisory Authority in relation to a complaint you have lodged.
3. Additional information required under the GDPR
3.1 Your privacy rights
Under the GDPR (or equivalent local legislation that implements or adopts the GDPR), data subjects have certain rights with respect to their Personal Data, including those set forth below.
- right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data;
- right to rectification – you have the right to obtain rectification of inaccurate Personal Data we hold concerning you;
- right to erasure – you have the right to obtain the erasure of Your Data without undue delay in certain circumstances
- right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data;
- right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format;
- right to withdraw consent – where you have provided your consent to us processing Your Data, you have the right to withdraw your consent at any time. This can be done by emailing privacy@OwensDDB.com at any time;
- right to lodge a complaint – you may lodge a complaint with the supervisory authority in the EU Member State where you are resident or where you work. For further information on your rights, please see the supervisory authority of your country or EU Member State. The relevant supervisory authorities for Ireland is set out below and the website contains the relevant contact details:
3.1.1 No fee usually required
You will not have to pay a fee to access Your Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
3.1.2 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
3.1.3 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
3.2 International transfers of Personal Data
In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR and/or Applicable Local Laws. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
3.2.1 Third party suppliers
Some of our third party suppliers are based outside the EEA. Whenever we transfer Your Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring Your Data out of the EEA.
19th October 2020