Investor in Customers Limited, registered at: c/o Myers & Co, Suite 204A, East Wing, Sterling House, Loughton, Essex IG10 3TS, registration number 5812683.
At Investor in Customers (IIC) we take data security extremely seriously, both with our own records, and those we work with on behalf of our valued clients.
In simple terms, companies handling data fall into categories:
- A Data Controller – a company that records personal data for its own use
- A Data Processor – a company that uses other organisations personal data of carrying out agreed work for that company
At IIC, we are both. The following notice explains how and why we collect data, our lawful bases for it, and how we use it. For complete clarity, we will NEVER sell or pass on your personal data to a third party.
Our lawful bases for processing data, in summary:
Personal data means any information that can be used to identify you. This includes your name, title, email address, telephone number and postal address. We collect, store and use personal data in accordance with all applicable laws, including the EU Data Protection Directive 95/46/EC.
We may obtain and collect personal data about you in the following ways:
As a data controller:
Cookies and Analytics
When someone visits our website, we use Google Analytics and A1WebStats to collect information about how our visitors are using the site. The cookies used by these tools gather your, and your Users’ IP address, browser type and operating system where available. If you do not wish to participate in this analysis, please click here to see how you can opt out. The lawful basis for collection of this data is to enable us to improve the website, by understanding our visitors’ needs, and protecting it against attack. The web analytic data we see does not include any personal data, and we can not track the IP addresses back to an individual.
If you register with us to join our mailing list, we ask for your personal data and your consent to use it. We will send you information and newsbriefs following your sign up, and hope that they will be useful and interesting to you.
If you contact us because you are interested in our services, we will use your information to respond to you. We view your enquiry as ‘opting in’ to receive contact from us. You can, of course, opt out of any further communication with us at any point. We won’t add you to mailing lists to receive ongoing information from us, unless you opt-in to this separately.
We use personal data for marketing communications, solely in a B2B context. We source data lists within relevant sectors, from third-party provider Artesian (www.artesian.co) who collect publicly available business contacts from Experian, Companies House, Dun & Bradstreet, Bluesheep and Fullcontact. For more information regarding their GDPR compliancy, please read their official GDPR statement here: www.artesian.co/news/artesian-general-data-protection-regulation/. Opting our or unsubscribing is a clear available option in all marketing messages.
Depending on your geographical location we may pass your details, with your permission, following an enquiry to our IIC partners so that you are served by someone more local to you. However, even if your account manager is from within a partner organisation, personal information contained in the assessment will only be available to the core IIC assessment team.
As a data processor:
At Investor in Customers we assess our clients’ customer experience delivery, by asking their customers, employees and managers questions. This means that we need temporary access to data that our clients’ hold on their customers to deliver our service.
Our procedures around the handling of this data are rigorous.
- Only those within our organisation with the appropriate access level can view the data, and we restrict access
- We use a bespoke, wholly owned, assessment appraisal system for the purposes of capturing responses and analysing data. The system was built and is hosted by Skyron and data is stored at a partner data centre, please refer to their privacy notice here.
- On occasion it may be necessary to use Smart Survey as the assessment tool, according to client requirements. Please refer to their privacy notice here.
- We only use the data for the purposes of running an IIC assessment, and only with the express permission of our clients, who sign a data transfer agreement with us at the start of the process. Data is transferred in a secure way, password protected, and never by email. We use the fully encrypted Microsoft Office 365 as our server. You can read more here.
- Personal data is deleted from the appraisal system, immediately upon closure of the assessment
- We never make contact before our client has attempted to do so first, explaining our role and why we will be in touch. Opting out or unsubscribing is an available option at every stage of the process.
How long do we keep personal data for, where do we store it, and how do we protect it?
We keep personal data, as a data controller, until you unsubscribe. As a data processor, we only keep personal data for the duration of the assessment process, and in accordance with the client contract. We store data on a secure server, in Mailing Manager, and in our secure Appraisal system. We also have rigorous data cleansing procedures.
Your consent, and your rights.
If you are contacted by us during an assessment, we have done so under contractual agreement with our client, and with their authorisation to do so with ‘legitimate interest’ – our clients need knowledge regarding their customer experience delivery in order to improve it. We do this, whilst implementing the rigorous data protection processes outlined above. You can opt out at any time, and have the right to ask us to erase your data.
You can find more detail on your rights here.
If you have any questions or concerns, or if you want to access or amend your data, please contact our Head of Operations, Beth Boxall at firstname.lastname@example.org or on 0800 024 8895.
In the unlikely event that you have a complaint about IIC and how we have used your personal data, that you don’t feel we can rectify, you have the right to contact the Information Commissioner’s Office.
Changes to the privacy notice.
This notice may be amended from time to time. If we change it, the alterations will be published on this page on our website.