Our Data Privacy Commitment

As the Behavioural Planning agency we create media plans built around knowledge of people’s behaviours, and try to understand why people think, feel and act the way they do. To feed this understanding we use a variety of different research and information sources, from ethnography to neuroscience, to behavioural economics, to data analytics. It’s this detailed understanding that helps us to improve the way we communicate to our clients’ customers and potential customers. 

As data provides the backbone of this understanding, we have a company commitment to always act responsibly with all the data that we hold and have a commitment to only use this data to improve the way we communicate relevant and helpful messages to people. 

We treat as a priority the protection and secure storage of our data and below our data privacy policy is designed to guide you through how we use and store this data.

It is very important to us that any guests, clients, media owners and employees feel completely comfortable with the way we use data; so please do not hesitate to contact us if you have any questions or would like further assurances on our data privacy commitment.”

Lucas Brown Chief Strategy Officer for Total Media Group

To contact us about our data privacy policy please email us on datapolicyteam@totalmedia.co.uk

Please note that your email address will be kept only for as long as we process your enquiry.

 

Our Data Privacy Policy

Introduction

Our Data Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us or when you supply information to us; either as guests to our website and offices, as clients or media owners who work with us, or as employees working across our group of companies. It explains how and why we store and handle that data, and the security processes around keeping it safe.

We hope the following information will answer any questions you have but if not, please do get in touch with us at datapolicyteam@totalmedia.co.uk

Please note that your email address will be kept only for as long as we process your enquiry.

 

1.  AS A GUEST OF TOTAL MEDIA

     1.1  WEBSITE GUESTS

 

1.  WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE COLLECT IT?

We collect and maintain personal information that you voluntarily submit to us during your use of the website. If you contact us, we may collect your name, email address and additional personal information from you such as your opinion on our service.

Through our use of cookies, we may also collect personal information regarding your mobile device or the computer hardware and software used to access the Service. This may include the following:

  • browser type;
  • operating system and device type;
  • approximate location (e.g. London);
  • access times and dates; and
  • referring website addresses.

Please see our cookie policy below for further information about the cookies we use and how to manage your cookies.

2.  HOW DO WE USE YOUR PERSONAL INFORMATION?

Our primary goal in collecting personal information from you is to help us improve our website and provide relevant content and services to our guests. We also use this information to communicate with you, as well as carrying out any request made on the site, such as requests for support. 

  • Information Requests and Feedback. 

Our Service contains various user interfaces to allow visitors to request more information about our products and services, to use the functionalities of the site, or to provide us with feedback about them. Contact information may be requested in each case, along with relevant information about you and/or industry, and details of your request or reported feedback. This information is used in order to allow us to respond to your requests or feedback.

  • Service administration. 

We may use your personal information to:

    • develop and improve the Service;
    • send you administrative e-mails about the Service; and
    • contact you to answer any queries you may have.
  • Website user data analysis. 

Our web pages and e-mails contain tracking pixels which trigger a small text file known as “cookie” to your computer or device. The cookie stores select pieces of information based on your visit. This allows us to track the number of users that have visited a web page and receipt or opening of an e-mail. By using this information, we are able to measure the effectiveness of our content and how visitors use our site. 

If you click on an e-mail marketing message from us containing tracking pixels, your contact information may subsequently be cross-referenced to the source e-mail together with any relevant information.

In some of our e-mail messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.

3.  HOW DO WE OBTAIN YOUR CONSENT?

Where our use of your personal information requires your consent, you can provide such consent: at the time we collect your personal information following the instructions provided; or by informing us by e-mail, post or phone using the contact details set out in this privacy policy. 

4.  THIRD PARTY LINKS AND SERVICES 

Our website may contain links to third party websites and services. Please remember that when you use a link to go from our Service to another website this privacy notice no longer applies.

Your browsing and interaction on any other website, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.  

We do not monitor, control, or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.

This privacy policy applies solely to personal information collected by us through our website and does not apply to these third party websites and third party service providers

5.  HOW LONG DO WE HOLD PERSONAL DATA FOR? 

Please see Section 5: Retention below.

6.  SHARING INFORMATION

We will not share any of your personal and corporate information captured from our website without prior written consent from yourself, unless:

    • We are legally obliged to do so in order to comply with any applicable law, court order, other judicial process, or the requirements of a regulator.
    • We need to perform investigative security analysis on the site and this data is required for this purpose.

 

2.  AS A GUEST OF TOTAL MEDIA

     1.2  GUEST TO OUR OFFICES

 

1.  WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE COLLECT IT?

We will ask for your name and company details as you enter one of our offices. This is recorded in an electronic interface at the reception desk or written down by one of our receptionists or another helpful member of staff.

As a guest of our company you will be advised via notices of the use CCTV in our office premises for security and crime prevention purposes. 

2.  HOW DO WE USE YOUR PERSONAL INFORMATION?

Your name and company details are used solely to direct our guests to the relevant Total Media host and are not stored beyond this introduction. 

CCTV footage is used to protect our business from fraud and we only keep our CCTV footage for a period of 30 days unless required otherwise by law.

3.  SHARING INFORMATION

We will not share any of your personal and corporate information captured from our offices, unless we are legally obliged to do so in order to comply with any applicable law, court order, other judicial process, or the requirements of a regulator.

 

2.  WORKING WITH OUR CLIENTS DATA

1.  IS TOTAL MEDIA ACTING AS THE DATA PROCESSOR OR THE DATA CONTROLLER?

 

In most occasions we will act as the data processor, in relation to our clients personal data.

In our agreed scope of work and our service contracts with our clients it is presumed that this will always be the case, unless otherwise notified and agreed by both parties. 

However, when Total Media are determining the purposes for which and the manner in which any personal data is being processed, we will act as joint data controllers. This change in our relationship will be communicated in writing on agreement with the project or scope of work.

2.  WHAT DATA DO WE HOLD FOR OUR CLIENTS AND WHY?

In order to optimise the campaigns and marketing activities for our clients, we will at times need to process their personal data. This data will be generated directly from our clients businesses, which are required by law to ensure that the correct consent to retain this information and to share it with relevant third parties has been obtained. 

The reason we require this data is to understand the behaviour of people engaging with our clients businesses, so we can optimise their marketing budgets by ensuring a greater level of relevancy when serving advertising messages to their existing and potential customers.

The data we use may include the following:

  • Name and address
  • Email address
  • Social handles / usernames
  • IP address
  • Geography
  • Access times and dates
  • Referring website addresses.
  • Website analytics and pixel based tracking data

If you are concerned that we hold any of your personal data and would rather have it removed please email us on dataprivacyteam@totalmedia.co.uk and request a personal data check and removal. We will screen our database for your personal data and if found we will delete it accordingly. On completion of this check, we will inform you if we have found any records that relate to you and confirm deletion of it. We will also inform our client to whom your data belongs about this request who may contact you directly. However, we also strongly advise you to contact the client directly and request that they delete your personal records from their database. 

3.  HOW LONG DO WE HOLD PERSONAL DATA FOR?

Please see Section 5: Retention below.

4.  SHARING INFORMATION

We may need to share our clients’ data containing some personally identifiable information with subsidiaries, affiliates and other related companies for purposes of improving the way we communicate to our clients’ customers and potential customers enhancing. 

  • To enable them to process your personal information on our behalf in order to optimise our clients activities in a manner consistent with this privacy policy.
  • To comply with our legal obligations.

The personal data of our clients may also be shared with prospective buyers if we go through a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets. 

Any other purposes for which we wish to use your personal information will be notified to you either by updating our privacy notice.

 

3.  WORKING WITH MEDIA OWNERS

1.  IS TOTAL MEDIA ACTING AS THE DATA PROCESSOR OR THE DATA CONTROLLER?

In most occasions when dealing with personal data with media owners we will act as the data controller as we will be determining the purposes for which and the manner in which any personal data is being processed.

2.  WHAT DATA DO WE SHARE WITH MEDIA OWNERS?

We will at times share personally identifiable information from our clients’ data with media owners to help us improve the efficiency and relevancy of our communications.

The data we will use may include the following:

  • Name and address
  • Email address
  • Social handles / usernames
  • IP address
  • Geography
  • Access times and dates
  • Referring website addresses.
  • Website analytics and pixel based tracking data

If you are concerned that we hold any of your personal data and would rather have it removed please email us on dataprivacyteam@totalmedia.co.uk and request a personal data check and removal. We will screen our database for your personal data and if found we will delete it accordingly. On completion of this check, we will inform you if we have found any records that relate to you and confirm deletion of it. We will also inform our client to whom your data belongs about this request who may contact you directly. However, we also strongly advise you to contact the client directly and request that they delete your personal records from their database.

3.  GDPR COMPLIANT PARTNERS

We always carry out appropriate due diligence when selecting our media partners and suppliers to ensure as much as possible that our media partners manage the data supplied by us, ethically and in compliance with the General Data Protection Regulation.

4.  SHARING INFORMATION

We may need to share our clients’ personal information with media owners to enable them to process your personal information on our behalf in order to optimise our clients’ activities in a manner consistent with this privacy policy.

Any other purposes for which we wish to use your personal information will be notified to you either by updating our privacy policy.

We do not transfer your personal information to media owners outside of the EEA.

 

4.  OUR TOTAL MEDIA EMPLOYEES

      4.1  Where the data comes from and who gets to see it

Some of the personal data that we process about you comes from you.  For example, you tell us your contact and banking details.  During the course of employment you may be required to provide us with information for other purposes such as sick pay (and SSP) and family rights (e.g. maternity pay). 

Other personal data about you is generated in the course of your work, for example, from your managers, colleagues and customers or others outside our organisation with whom you deal. 

Your personal data will be seen internally by managers, People and Culture and, in some circumstances, colleagues.  We may also pass your data outside the organisation, if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.  

We may disclose your data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy).  We may also disclose your personal data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.  

Specific circumstances in which your personal data may be disclosed include:

  • Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data; 
  • Disclosure to external recipients of electronic communications (such as emails) which contain your personal data;
  • For the purposes of seeking legal advice. 
  • Disclosure on a confidential basis to a potential buyer of our business or company for the purposes of evaluation – but only if we were to contemplate selling;

If you do not provide information that you are required by statute or contract to give us, you may lose benefits or we may decide not to employ you or to end your contract.  This is because we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

 

     4.2  How long do we keep your personal data?

We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes.  In general, we will keep your personal data for the duration of your employment and for a period afterwards. In considering how long to keep it, we will take into account its relevance to our business and your employment either as a record or in the event of a legal claim. If your data is only useful for a short period (for example, CCTV), we may delete it. 

 

     4.3  The data we process and our purposes

Examples of the data and the grounds on which we process data are in the table below. They are not exhaustive. 

Purpose Examples of personal data that may be processed Grounds for processing
Recruitment
  • Information concerning your application and our assessment of it
  • Your references, any checks we may make to verify information provided or background checks and any information connected with your right to work in the UK.  
  • We may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.
Contract

Legal obligation

Legitimate interests

Your employment contract including entering it, performing it and changing it.
  • Personal contact details such as name, address and personal e-mail address.
  • Employment records (including job titles, work history and working hours).
  • Recruitment records (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Providing certain benefits to employees.  For example, this might involve liaising with your agency’s pension or private healthcare provider.
Contract

Legal obligation

Legitimate interests

Contacting  you or others on your behalf
  • Contact details such as listed above and telephone numbers.
Contract

Legitimate interests

Payroll administration
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
Contract

Legal obligation

Legitimate interests

Supporting and managing your work and performance and any health concerns
  •  Performance information including appraisal records
  • Work history, working hours, holiday and training records.
  • Health and sickness records.
  • Ascertaining an employee’s fitness to work.
  • Managing sickness absence.
Contract

Legal obligation

Legitimate interests

Changing or ending your working arrangements
  • Flexible working requests
  • Resignation / termination documentation
Contract

Legitimate interests

Physical and system security
  •  CCTV footage and other information obtained through electronic means such as swipecard records.
  • Information about an employee’s use of your communications systems.
Legal obligation

Legitimate interests

Providing references in connection with your finding new employment
  • Salary information, job titles and work history.
Consent

Legitimate interests

Providing information to third parties in connection with transactions that we contemplate or carry out
  • National insurance number.
  • Bank account information.
  • Benefits information.
Legitimate interests
Monitoring of diversity and equal opportunities 
  • Equal opportunities monitoring forms.
Legitimate interests
Monitoring and investigating compliance with policies and rules – both generally and specifically 
  • Disciplinary information.
  • Information about an employee’s use of the agency’s information and communications systems.
Legitimate interests
Disputes and legal proceedings
  •  Recruitment information.
  • Employment records.
  • Performance information.
  • Disciplinary and grievance information.
Legitimate interests

Legal obligation

Day to day business operations including marketing and customer/client relations
  •  Photographs.
  • Names.
  • Location of employment/workplace.
  • Career biographies.
Contract
Maintaining appropriate business records during and after your employment 
  •  Work history.
  • Training records.
  • Professional memberships.
  • Emergency contact information.
Legitimate interests

 

     4.4  SHARING INFORMATION

We will not share any of your personal employee data held by Total Media without prior written consent from yourself, unless:

  • We have a legitimate business interest as outlined in the employee data we process and our purpose section of this policy.
  • We are legally obliged to do so in order to comply with any applicable law, court order, other judicial process, or the requirements of a regulator.

 

5.  DATA RETENTION

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Our data storage times

  • Visitors to the company – 1 day.
  • Storage time of CCTV footage – 30 days.
  • Encrypted files transferred from clients to our SFTP or FTPS sites – 7 days.
  • Back up of our FTPS or SFTP sites – 3 weeks.
  • Cookie data – maximum of 2 years.
  • Server based storage of client or media owner personally identifiable information – maximum of 2 years.
  • Employee data – the duration of employment and then for a period of 7 years post-employment.
  • Electronic correspondence provided to any Total Media employee during the course of their employment – maximum of 7 years. 

We do not allow people to hold personal identifiable information on PC’s or portable devices in order to minimise the chance of it be lost or stolen. However, any device that is lost or stolen will be blocked or wiped remotely.

 

6.  CONFIDENTIALITY AND SECURITY

We are committed to keeping the personal information you provide us secure and we will take all reasonable precautions to protect your personal information from loss, misuse or alteration.  

We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

  • Unauthorised access
  • Improper use or disclosure
  • Unauthorised modification
  • Unlawful destruction or accidental loss

All our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information.

For all file transfers we will be using encrypted file transfers, ensuring all client data is upload with a password, or via API to a SFTP.

For automated file transfers which have on a schedule, we will use SFTP, which enables us to strip out any non-relevant personally identifiable data at the earliest technical opportunity; we will only hold the personally identifiable information which has a defined purpose for up to 2 years.

For all manual transfers via our FTPS service we will automatically delete all copies from our servers in 7 days, with backups of these FTPS files deleted within a further 2 weeks. 

Once non relevant personally identifiable data has been stripped out of the data transfer files we will look to process the files in an Amazon Web Services environment, allowing high levels of security of data including 2 step verification logins, other security features can be found here.

 

7. COOKIE POLICY

1.  COOKIES ON OUR WEBSITE

We use techniques to enhance user-friendliness and to make the site as interesting and as relevant as possible for each visitor.

2.  WHAT ARE COOKIES?

Like most sites, totalmedia.co.uk sends small text (.txt) files known as “cookies” to your computer or device. A cookie stores select pieces of information based on your visit to our site. Examples of data stored within cookie files would be information on your behaviour and include the following:

  • browser type
  • operating system and device type
  • approximate location (e.g. London)
  • access times and dates
  • referring website addresses

These cookies either last for the length of time you use the website, or may stay on your computer for a limited period of time to allow totalmedia.co.uk to recognise you if you return.

We use cookies to provide you with an easier and more customised service on totalmedia.co.uk, as well as tracking how visitors use totalmedia.co.uk.

3.  HOW TO CONTROL OR DELETE COOKIES

You can easily block or delete cookies on totalmedia.co.uk, or any other website through your browser.

You can reject all or certain cookies. You can also configure your browser to get notifications when a cookie is offered.

You can stop our website triggering tacking cookies to your computer or device by going to https://tools.google.com/dlpage/gaoptout Please be aware, though, that if you reject cookies your experience of totalmedia.co.uk may not reach its full potential.

4.  COOKIES WE USE

Cookies enable us to tailor particular parts of the site to your needs. See the table below for more information about the cookies we use.

List of cookies on totalmedia.co.uk

Type of cookies Cookie names Description Data stored Expiration
Google

Preferences

NID These cookies allow our websites to remember information that changes the way the site behaves or looks, such as your preferred language or the region you are in.   The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English). 6 months
Google

Analytics

_gid

_ga

_gac_

_gat

1P_JAR

These cookies help our website to understand how our visitors engage with our properties.  The cookies report website usage statistics without personally identifying individual visitors to Google. 24h

2 years

36days

1 minute

1 week

 

 

8.  RIGHTS OF ACCESS

You have the following rights in relation to the personal information:

  • Your right of access. 

If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information along with any relevant information which might help in provide further clarity, (for example the data source: where the data originated from if not establish by Total Media and contact details of that source)

  • Your right to rectification. 

If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If we need to share your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly. 

  • Your right to erasure. 

You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or you withdraw your consent (where applicable). If we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

  • Your right to restrict processing.

You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or object to us processing it. It won’t stop us from storing your personal information though. We’ll tell you before we lift any restriction. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly. 

  • Your right to data portability. 

You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or ask us to transfer this to a third party of your choice.

  • Your right to object. 

You can ask us to stop processing your personal information, and we will do so, if we’re:

  1. Relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing.
  2. Processing your personal information for direct marketing.
  3. Processing your personal information for research unless such processing is necessary for the performance of a task carried out in the public interest. 
  • Your right to withdraw consent. 

If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.

  • Your right to lodge a complaint with the supervisory authority. 

If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the UK Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

 

9.  CONTACT INFORMATION

Contacting Total Media

We hope the following information will answer any questions you have but if not, please do get in touch with us at datapolicyteam@totalmedia.co.uk

Please note that your email address will be kept only for as long as we process your enquiry.

Total Media is registered at the UK Information Commissioner’s Office with registration: ZA262621

Contacting the regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns  (opens in a new window; please note we can’t be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.