Last updated 02.06.20
Version number 2
This privacy notice explains how we, PARAGON DIGITAL SERVICES LIMITED (Regent’s Place, 10 Triton Street, London, NW1 3BF) together with our group companies (we, us, our, Paragon) process your personal information (you, your).
This notice applies to visitors of our websites including www.paragondigitalservices.com, individuals who interact with our content and services, and individuals who contact us or receive our communications.
California residents should also read our section about “Your California Rights”.
Individuals in the European Economic Area (EEA) and the UK should also read our section about “Your EEA & UK Rights”.
1. Information we collect
The type of personal information we collect will depend on the circumstances and the content or services you are using. Generally, “personal information”, “personal data” or similar terms refers to any information that identifies you or relates to you. However, the exact meaning of personal information will be determined by the law of the country of your residence.
Specifically, we will collect the following personal information about you:
- Information which you provide to us
- We will process your name, contact details, job title, employer, professional or employment details and other personal information when you send us a query or ask for information about our content or services.
- You may input personal information when you interact with our content or services, or if you participate in our competitions, promotions, surveys, events, research or other activities.
- We will receive personal information if you use our chat tools, comment and feedback and other online functionalities.
- All such personal information will be necessary to assist with your queries and delivering our content and services to you.
- Information about you from third parties
- Third parties may provide to us information about you if you work for a supplier or client and they contact us and offer your details as a point of contact.
- Technical data
- We collect information about the device you use to access our content or services. This includes collecting unique mobile device ID, internet protocol (IP) address, cookie ID or online identifiers, which are numbers that can uniquely identify a specific device on the internet, geolocation data, operating system, browser, time zone setting, clickstream data, page interaction information (such as scrolling, clicks, and mouse-overs), your preferences (including country and language), and methods used to browse away from our content or services.
- We collect information about the pages you visit on our website and the links and content or services you choose to access.
- When we send you emails, we may collect technical information about your interaction with the email, such as open rates and if you clicked on any content.
- You may find more information on the cookies we use and the purpose for which we use them on our Cookies Notice.
Our websites are not intended for children and we do not seek to collect information about children. If you have any concerns about your child’s privacy in relation to our content or services or if you believe that your child may have entered personal information in relation to our content or services, please contact us at firstname.lastname@example.org.
2. How we use your information
Generally, we will use your personal information to (i) deliver our content and services; (ii) respond to your queries; (iii) develop and promote our organisation, content and services; (iv) ensure the security and technical availability of our content and services; and (v) for recruitment purposes.
We would need your personal data for a contractual requirement, in order to enter into a contract for our services or for employment with us. If you fail to provide us with your personal data, we may not be able to provide our services or engage with you for recruitment purposes.
Particularly, we will use your personal information for the following purposes:
* If you are an individual in the EEA or the UK, we have to inform you about the “lawful basis” or “legal ground” for us to use your “personal data”. This will normally be your consent to our use of your personal data or our legitimate interest to use your personal data to ensure that our content and services are provided properly, efficiently and securely, as is further explained in the table below.
|Purpose||Personal information||Legal ground for processing*
(for individuals in the EEA and UK only)
|To keep you informed about matters relevant to your use of our content or services and to your engagement with our organisation, such as activities, events, surveys, changes in terms, etc.||
||Necessary for our legitimate interest to satisfy your requests, organise and deliver our content and services and to resolve any complaints.|
|To send you information which you have requested about our services||
||Necessary for our legitimate interest to satisfy your requests and to resolve any complaints.|
|To provide you with our services which you have requested||
||Necessary for the performance of a contract with you or in order to take steps at your request to enter into a contract with you.|
|To improve and develop our website functionality, including:
to enable you to use our content and services and to interact with our organisation;for engaging and sharing data with third party suppliers who fulfil functions in relation to our content and services; and conduct statistical analysis
||Necessary for our legitimate interest to properly and efficiently deliver our content and services and manage our organisation and our activities.
We will use information obtained through cookies and similar technologies if you provided your consent.
|Sending you promotional information through various marketing channels including email, social media, etc. about our services and our organisation and profiling your information for direct marketing purposes.||
||Where you have requested information from us, we may send you newsletters, publications, event invitations, etc. based on our legitimate interest to satisfy your requests, to understand your interests based on the information available to us and to provide you with relevant content and services.
If legally required, we will obtain your consent to provide you with such information.
We may use information obtained through cookies and similar technologies if you provided consent.
You can opt-out at any time and we will stop all activities (including profiling) concerning your personal information carried out for direct marketing.
|To monitor our networks, websites and systems for suspicious activities and deploy security measures.||
||Necessary for our legitimate interest to ensure the security of our organisation and people, preventing and detecting fraud or illegal conduct.|
|To share information within our offices, departments, business units and our group companies.||
||Necessary for our legitimate business interest to use our group’s resources to organise, develop and deliver our content and services, run our organisation and decide on future strategies.|
|To share information with other third parties, such as regulator, law enforcement agencies or where this is mandatory under a court order.||
||We share your data as necessary for compliance with any legal obligation to which we are subject or, where appropriate and proportionate, in order to satisfy our legitimate business interest to comply with best practice or applicable laws, necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.|
We will update you about any new purposes of processing of your personal information from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.
3. How long we will keep your information
We will keep your personal information for as long as is necessary for the purposes listed above or longer, as may be required by law. Please contact us for further details of applicable retention periods.
After the retention period, your personal information will either be securely deleted or de-identified and it may be used for analytical purposes.
4. How we secure your personal information
We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of personal information. We also seek to ensure our suppliers do the same.
We will endeavour to use the least amount of personal information as is required for each purpose. We will employ pseudonymisation and anonymisation, where appropriate.
Our staff will access your personal information on a need to know basis.
We are ISO 27001:2013 certified.
5. Information sharing and disclosure
We will generally not share your information except with our offices, departments, business units and our group companies as is required for the purposes set out above.
However, we may also disclose or are compelled to disclose your personal information to third parties in the following scenarios:
- to our suppliers, service providers or vendors to facilitate the provision of our services and the fulfilment of essential service functions, such as web hosting, analytics, engagement tools, plugin providers, communications providers, accounting/payroll, security tools, survey tools, consultants, CRM, content management and others;
- to successor or partner legal entities or potential acquirers for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation or similar event relating to our business;
- to courts, authorities (e.g. tax, audit), law enforcement, or other third parties where we are required by law to do so;
- our professional advisers such as our accountants, auditors, lawyers, bankers, insurers and other advisers; and
- other third parties where you have provided your consent.
6. International transfer of your personal information
We are a global media group consisting of multiple group companies around the world and we may transfer your personal information to our group companies in countries different to your country of residence. We may handle your data in the UK, in the US, or in India where our servers are stored.
Where we transfer your personal data to our group companies, suppliers or other third parties outside the EEA or UK, we will only do so, where we are satisfied that your data protection rights are adequately protected by appropriate technical, organisational, legal and contractual safeguards in accordance with data protection laws.
These safeguards may include the standard contractual clauses adopted by the European Commission and where transfers are to the United States of America, the EU-US Privacy Shield and Swiss-US Privacy Shield.
7. Your right to opt-out
If you would like us to stop sending you marketing communications and to process your personal information for direct marketing purposes, please let us know.
You can stop our communications at any time by clicking on the unsubscribe link at the bottom of the message.
This privacy notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. You should regularly check for updates, as indicated by the “Last updated” date at the top.
If you do not agree to the changes, please do not continue to use our content or services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.
9. Contact us
If you have any questions about this privacy notice, our approach to privacy or would like to exercise any of the rights mentioned in this privacy notice or find out if they apply to you, you can contact our Data Protection Officer by email to DPO@dentsuaegis.com.
10. Your California Rights
This section provides further disclosures and describes the rights in relation to your personal information that you may have under The California Consumer Privacy Act of 2018 (“CCPA”) if you are a resident of California.
A. Personal Information
For the purposes of this notice, your “personal information” is any information that relates to you or your household or from which you or your household can be identified.
B. Your CCPA Rights
Where provided under the CCPA, you will have the following rights:
- You have the right to be informed about your personal information processed by us over the last 12 months including the categories of personal information, categories of sources, our commercial purpose for collecting that personal information and the categories of third party recipients of your information.
- You have the right to request copies of the specific pieces of personal information collected about you.
- You have the right to opt out of the sale of your information. However, we do not sell or lease any personal information about you to any third party and have not done so within the past 12 months.
- You have the right to revoke your prior opt-in consent at any time, where applicable.
- You have the right to request deletion of your personal information, subject to certain exceptions. Upon valid request, we will delete (and direct our service providers to delete) your personal information, save for any de-identified or aggregated or information necessary for us or our service provider(s) to comply with our obligations under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.
- You have the right not to be discriminated for exercising any of your CCPA rights. Accordingly, we will not discriminate against you by:
- denying you goods or services;
- charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- providing you a different level or quality of goods or services;
- suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
C. Exercising your rights
To exercise your rights, please:
- submit a request to us by emailing us at Americas.DPO@dentsuaegis.com or via the following toll-free number 1-877-570-5939;
- include your contact information, adequate information to verify your identity that can be related to the personal information we hold about you and describe your request with sufficient detail that reasonably enables us to locate and verify personal information that we may maintain;
- explain if you are acting on behalf of yourself, your minor child or another person, and provide evidence of your authority, where applicable. Only a person or business entity registered with the California Secretary of State authorized by another can make a request on their behalf; and
- note that we will be unable to comply if you fail to prove your identity or authority and we will not make any disclosure more than twice in a 12-month period.
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
If we cannot comply with a request in full or in part, we will explain our reasons.
Your EEA&UK Rights
This section provides further disclosures and describes the rights in relation to your personal data that you may have under The General Data Protection Regulation (“GDPR”) if you are an individual in the EEA or the UK.
A. Personal data
“Personal data” means any information relating to an identified or identifiable natural person; such person is known as a ‘data subject’. In practice, almost all information relating to you will be your personal data.
We have implemented appropriate policies and procedures to ensure that your personal data is processed in accordance with the data protection principles under GDPR.
B. Data subject rights
Subject to certain exemptions, limitations and appropriate proof of identity, as a data subject, you will generally have numerous rights in relation to your personal data, including the following:
- Right to information about matters set out in this notice.
- Right to make an access request to receive copies of personal data.
- Right to rectification of any inaccurate or incomplete personal data.
- Right to withdraw consent previously provided.
- Right to object to processing including automated processing and profiling.
- Right to erasure of personal data, within limited circumstances.
- Restriction on the processing of personal data.
- Right to data portability from one service provider to another, where applicable.
- Right to lodge a complaint with your country’s supervisory authority, such as the Information Commissioner’s Office in the UK.
If you would like to access the rights listed above, or any other legal rights you have over your data under applicable laws, please get in touch with us at DPO@dentsuaegis.com.