- Policy Introduction
This policy establishes the legal framework under which The Local Marketing Team Ltd (“we,” “our,” or “the company”) processes personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This policy is critical to our operations as a marketing and website development company, ensuring the lawful, transparent, and ethical processing of personal data. As both a Data Controller and Data Processor, depending on the context of our services, we recognise our obligations to safeguard personal data entrusted to us by clients, employees, and third parties. This policy ensures we meet our legal, regulatory, and contractual data protection obligations while enabling the secure and efficient operation of our services.
- Scope of Policy
This GDPR policy applies to:
- All personal data processed by The Local Marketing Team Ltd, in the context of marketing, website development, or related services.
- All employees, contractors, consultants, and third-party service providers acting under our instruction.
- Any processing of personal data conducted within the UK, the European Economic Area (EEA), or involving data subjects whose personal data falls within the scope of the UK GDPR.
- Key Legal Definitions
3.1 Personal Data
Any information relating to an identified or identifiable natural person (“data subject”), such as:
- Name, email, phone number, and physical address
- Financial information, IP addresses, or cookies
- Data relating to website usage or marketing preferences
3.2 Special Category Data
Data requiring heightened protections, such as:
- Racial or ethnic origin
- Health information or biometric data
- Religious or political beliefs
3.3 Data Processing
Any operation performed on personal data, including but not limited to:
- Collection, storage, access, modification, analysis, transfer, or deletion
3.4 Roles and Responsibilities
- Data Controller: The Local Marketing Team Ltd, when determining the purposes and means of processing personal data (e.g., for marketing campaigns).
- Data Processor: The Local Marketing Team Ltd, when processing data on behalf of clients (e.g., for website analytics or hosting services).
- Data Protection Officer (DPO): The designated individual responsible for monitoring GDPR compliance and acting as a point of contact for the ICO and data subjects.
- Principles of Data Protection
We commit to processing personal data in accordance with the following principles:
- Lawfulness, Fairness, and Transparency: All processing activities will be justified under a valid legal basis and clearly communicated to the data subject.
- Purpose Limitation: Personal data will be processed only for legitimate purposes explicitly stated at the point of collection.
- Data Minimisation: Processing will be limited to data that is adequate, relevant, and necessary.
- Accuracy: Personal data will be kept accurate and up to date.
- Storage Limitation: Data will not be retained longer than necessary for its intended purposes.
- Integrity and Confidentiality: Appropriate technical and organisational measures will safeguard personal data against unauthorised access, loss, or damage.
- Legal Bases for Processing
We process personal data based on one or more of the following lawful bases under Article 6 of the UK GDPR:
- Consent: Explicit consent provided by the data subject for specific purposes (e.g., marketing newsletters).
- Contractual Necessity: Where processing is required to fulfil a contractual obligation (e.g., delivering website development services).
- Legal Obligation: Compliance with statutory obligations (e.g., record-keeping for tax purposes).
- Legitimate Interests: Pursuing legitimate business interests (e.g., enhancing website functionality), provided they do not override the rights and freedoms of data subjects.
- Data Collection and Processing Activities
6.1 Categories of Data Collected
We may collect the following data categories:
- Marketing Activities: Names, email addresses, preferences, and interaction history.
- Website Analytics: IP addresses, geolocation, session data, and behavioural metrics.
- Website Development Services: User credentials, content, and site-specific data.
6.2 Collection Methods
- Direct Collection: Data provided voluntarily by clients, website visitors, or newsletter subscribers.
- Automated Collection: Data captured through cookies, analytics tools, and other tracking technologies.
- Third-Party Sources: Data provided by authorised partners or publicly available sources.
- Data Sharing and Transfers
7.1 Internal Sharing
Data may be accessed by authorised employees or contractors strictly for legitimate business purposes.
7.2 External Sharing
We may share personal data with:
- Service Providers: Cloud hosting providers, email platforms, and analytics services.
- Clients: As part of contracted website development deliverables.
- Legal Authorities: Upon lawful request or in compliance with legal obligations.
7.3 International Transfers
Where data is transferred outside the UK or EEA, we will:
- Rely on adequacy decisions from the UK government.
- Implement Standard Contractual Clauses (SCCs).
- Obtain explicit consent where required.
- Data Subject Rights
Under the UK GDPR, data subjects are entitled to:
- Right to Access: Request a copy of their personal data and details of processing.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request the deletion of data (subject to legal exemptions).
- Right to Restrict Processing: Limit data processing under certain circumstances.
- Right to Data Portability: Obtain and reuse their data for personal use.
- Right to Object: Oppose processing for marketing or profiling purposes.
- Rights Related to Automated Decision-Making: Request human review of automated decisions.
Requests can be submitted to [email protected]. Responses will be provided within 30 days, extendable under certain conditions.
- Data Retention Policy
We retain personal data only for as long as necessary:
- Marketing Data: Retained for 24 months post-last interaction.
- Website Development Data: Retained for 7 years to comply with contractual and legal obligations.
- Cookies and Analytics: Retention per browser settings or consent expiry.
Expired data will be securely deleted or anonymised.
- Data Security Measures
To safeguard personal data, we implement:
- Access Control: Role-based access restrictions.
- Encryption: Secure encryption for data in transit and at rest.
- Regular Audits: Periodic reviews of data security protocols.
- Incident Response: A detailed breach response plan, including ICO notification within 72 hours if required.
- Cookies Policy
Cookies are small files stored on your device to collect information about your interaction with our website. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies
Cookies are used to enhance user experience and analyse website performance. Users may manage preferences through our cookie consent tool. For further details, refer to our [Cookies Policy] (Insert Link).
- Third-Party Processors
Third-party processors are contractually obligated to:
- Process data solely as per our instructions.
- Implement robust security measures.
- Notify us of any data breaches.
- Data Breaches
In the event of a breach:
- Notification to ICO: Within 72 hours, if required.
- Communication to Affected Individuals: When there is a high risk to their rights.
- Documentation: All incidents will be logged and reviewed to prevent recurrence.
- Complaints Handling
Complaints can be addressed to:
- Email: [email protected]
- Phone: 01255 446117
Alternatively, complaints may be lodged with the Information Commissioner’s Office (ICO):
- Website: https://ico.org.uk
- Phone: 0303 123 1113
- Policy Review
This policy is reviewed annually or in response to significant operational changes. Updates will be published on our website and communicated to stakeholders.
The Local Marketing Team Ltd
Crossways Corner,
Main Road,
Frating,
CO7 7DJ
Registered number: 11061142
Registered VAT number: 257582864