We are Adestra Limited (“Adestra”), a company registered in England and Wales (Company No. 05267378) with its office at Holywell House, Osney Mead, Oxford, OX2 0ES. We are listed on the Information Commissioner’s register of data controllers under number: Z1130590.
Adestra has subsidiaries based abroad (Adestra Inc. and Adestra Pty Limited, based in the USA and Australia, respectively) who may access information where required in order to provide enhanced out-of-hours support. For further information, please see ‘International Transfers’ below.
What information we collect
If you purchase services from us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email, fax and telephone number of business contacts).
We also collect information provided if you fill in a form, complete a survey, etc., which may include contact information that we decide to use for marketing purposes (please see ‘Marketing’ below). We do not normally collect sensitive personal data. In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Most of the time this won’t be personal data (for example, we might obtain information about a company’s business and performance), though on occasion we may receive personal data (such as a person’s work email or telephone number, or details of their role within a business).
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
- for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these.
We will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using use personal data to the extent necessary to perform our contractual obligations (such as administering their accounts and providing them with services).
We will never sell your personal data or share it with third parties who might use it for their own purposes.
We use personal information (such as email addresses) to market and promote our services to other businesses.
You can choose to ‘opt out’ of Adestra’s marketing communications by clicking the ‘unsubscribe’ link at the bottom of our emails. If you wish to change your contact details or preferences please email us at email@example.com.
Information for email recipients
This policy primarily covers how we use data relating to our customers, prospects, website visitors and people who interact with or do business with us. In these cases we will be the “data controller” for the purposes of data protection law.
If you have received an email or marketing communication from a customer using our service, we will have acted as a data processor in respect of your information. This means we have no control of your personal information and our customer is simply using our service to send emails.
In these situations you should contact the Adestra customer who sent the email for details of how and why your personal information is used, or if you wish to exercise your rights as an individual in relation to your personal data.
We will only hold information about our customer’s contacts for the duration of their contract with us, after which all data will be removed. We may store logs of addresses we have sent email to for up to 12 months after that point for the purposes of compliance and system monitoring.
We provide web-based marketing applications which help companies manage and execute permission-based, multi-channel marketing campaigns. Our terms and conditions prevent our clients from using Adestra’s MessageFocus platform to send unsolicited ‘spam’ emails and our view is that ‘spam’ (unsolicited commercial email) has a negative impact on the Internet and those who use it. It squanders resources and wastes the time and money of recipients.
If you have a received an email or other communication sent by one of our customers that you believe is spam or in violation of our acceptable use policies, please contact our abuse team at firstname.lastname@example.org.
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it. We take our position as a digital marketing services provider seriously and believe part of being a leading supplier involves upholding and developing leading security practices. We are proud to maintain accreditations in DataSeal, ISO 9001:2015 and ISO 27001:2013.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
Clients who have purchased enhanced out-of-hours support in their contract or by an amendment may have personal data transferred outside the EEA. This is necessary because enhanced support (including that provided outside of normal UK working hours) may be provided by staff from companies in the Adestra group (Adestra Inc. and Adestra Pty Limited) located in the United States or Australia (respectively).
We remove most information provided to us by clients as soon as services are ceased, and data will cycle out of long-term backups up to 3 months later. We store logs of outbound emails for up to 12 months after the email is sent for the purposes handling abuse complaints and compliance monitoring.
We will continue to store limited information about the client (including transaction records) for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the transaction has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
• the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
• the right to have inaccurate data rectified; and
• the right to object to your data being used for marketing or profiling.
If you would like further information on your rights or wish to exercise them, please write to: The Data Protection Officer, Adestra Limited, Holywell House, Osney Mead, Oxford, OX2 0ES, or email email@example.com.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Links to other websites
Any questions about your personal data or this policy should be directed to the following address: The Data Protection Officer, Adestra Limited, Holywell House, Osney Mead, Oxford, OX2 0ES, alternatively you can email us at firstname.lastname@example.org.
Changes to this statement
Last modified: 06/11/2017