1.

INTRODUCTION

Nimble Media Limited (“Nimble Media”, “we”, “us” and “our”) is a limited company by guarantee registered in England and Wales (Registration no. 08741853), whose registered office is at Registered office: Fraser Ross House, 24 Broad Street, Stamford, Lincolnshire, PE9 1PJ

We are a “data controller” for the purposes of the General Data Protection Regulation 2016/679 (“GDPR”). We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the GDPR.

In the course of our activities we may need to gather and use “Personal Data” about you, by which we mean any information about you from which you can be identified, such as your name and contact details. The purpose of this privacy policy (“Privacy Policy”) is to inform you of how we will process your Personal Data and the measures and processes we have put in place to ensure its adequate protection.

In using our websites/receiving our services/contracting with us you consent to the collection, use, disclosure and transfer of your Personal Data as set out in this Privacy Policy.

This covers all projects and services including:

(a)

Publications: Discover Rutland Visitor Guide (“DR”); and/or any other Discover Rutland literature; Stamford Endowed Schools’ Alumni and Parent Magazine (“Alumni”); Disabled Motoring UK Magazine (“DMUK”); Hooked! Guide (“Hooked!”); Invest SK Visitor Guide (“Invest SK”); and/or any other publication where the advertising sales and/or production are administrated by Nimble Media;

(b)

Events: Big Rail Diversity Challenge (“Big Rail”); Women in Rail Awards (“WR Awards”); Railway Benefit Fund Steam Celebration (“RBFSC”); and/or any other event where the sales, organisation and/or production are administrated by Nimble Media. And/or;

(c)

Any other service or project that may be of interest to you as deemed by Nimble Media.

2.

FAIR AND LAWFUL PROCESSING

We will process your Personal Data only, where:

(a)

you have given your consent to such processing (which you may withdraw at any time, as detailed at section 9 below);

(b)

the processing is necessary to provide our services;

(c)

the processing is necessary for compliance with our legal obligations; and/or

(d)

the processing is necessary for our legitimate interests or those of any third-party recipients that receive your personal data (as detailed in clauses 7 and 9 below).

By “processing”, we mean the collection, recording, storage, use, disclosure and any other form of operations or dealings with your Personal Data.

3.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU

3.1.

We typically process the following types of Personal Data about you:

(a)

Your name, work email address and other work contact details;

(b)

Your role, position and/or job title within your employment;

(c)

Details of your preferences for types of marketing events;

(d)

Details of your visits to our premises and events; and

(e)

Your career history, ambitions and aspirations (for WR Awards and/or any other awards event where the sales, organisation and/or production are administrated by Nimble Media.

3.2.

In certain circumstances it will be necessary for you to provide us with your Personal Data, to enable us to manage our operations, to provide services to you and/or your employer or to comply with our statutory obligations. In other circumstances, it will be at your discretion whether you provide us with Personal Data or not. However, failure to supply any of the Personal Data we request may mean that we are unable to maintain or provide services or products to you and/or your employer.

3.3.

We make every effort to maintain the accuracy and completeness of your Personal Data which we store and to ensure all of your Personal Data is up to date. However, you can assist us with this considerably by contacting us promptly if there are any changes to your Personal Data or if you become aware that we have inaccurate Personal Data relating to you (see section 11 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.

4.

FINANCIAL DATA

4.1.

In addition to your personal data, we will also hold financial data that you provide on the online FreeAgent system. Examples of your financial data held in this system include any invoices raised by Nimble Media to your company for services agreed; transaction history of payments made or outstanding from your company; receipts for payments made by your company; details of contacts from your company to whom invoices are addressed.

4.2.

In addition, for those who choose to pay by card, financial data may also be held on the Stripe payment system. Examples of your financial data held in this system include invoice reference for any invoices raised by Nimble Media to your company for services agreed; card details including card type, expiry date and last four digits of the card used to carry out the transaction; transaction history of payments made from your company by card; receipts for payments made by your company.

4.3.

Nimble Media have strict access policies in place for these systems; whereby only the company Director and members of the Accounts team have access to this information. Any information stored on either system can be provided to only those to whom the information is relevant. For more information, please see clause 11 of this document.

4.4.

Any financial information held by Nimble Media will never be disclosed to any other party; with the exception of;

(a)

to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;

(b)

to comply with court orders and exercise and/or defend our legal rights; and

(c)

as otherwise permitted or required by any applicable law or regulation.

5.

HOW WE COLLECT PERSONAL DATA

We usually collect your Personal Data from the information you submit during the course of your relationship with us. This will typically be through you sending us emails and other correspondence, business cards, the forms and documents used when you sign up to our events, when you are named as an authorised person to trade on behalf of your employer, the sign-up information you use to access any of our products or services either on your own behalf or on behalf of your employer.

6.

Cookie Notice

We use cookies to operate our website, to understand how visitors use our website and to track your interaction with our emailing marketing.

6.1.

What is a cookie?

Cookies are text files which contain information about your internet usage that is held in your browser or on your computer’s hard drive. There are different types of cookie: some are essential for the site to operate properly, whereas others are aimed at enhancing and personalising your user experience. Cookies can help us to understand how consumers are interacting with our website, which helps us to improve our site and to deliver a better service to you.

6.2.

What types of cookies do we use?

Cookies are text files which contain information about your internet usage that is held in your browser or on your computer’s hard drive. There are different types of cookie: some are essential for the site to operate properly, whereas others are aimed at enhancing and personalising your user experience. Cookies can help us to understand how consumers are interacting with our website, which helps us to improve our site and to deliver a better service to you.

(a)

Strictly Necessary Cookies – These cookies are essential to enable you to move around the website and use its features. Without these cookies, we cannot provide some of the basic functionalities of our website.

(b)

Performance Cookies – These cookies generally collect information about how visitors use our website, for instance which pages visitors go to most often, and the pages that they don’t. This helps us to understand and improve the site, so it is easy to use and includes helpful content. They also allow us to fix bugs or glitches on the website. These cookies don’t collect information that identifies visitors, so we can’t identify you individually. We use Google Analytics to track usage of our websites and interaction with our contact forms. For example, to see what content you click on, so we can analyse what content is of most interest to our audience.

(c)

Functionality Cookies – These cookies allow our website to remember the choices you make as you browse the site. They provide more enhanced and personal features. The information collected is anonymised and they cannot track your browsing activity on other sites once you leave our site.

6.3.

How to turn off cookies

You can turn cookies off at any time, by going into your browser settings, however this may have a detrimental effect on your user experience. If you are happy to continue letting us use cookies in the ways set out in this Notice, to help us guide our work, then you need not do anything. If you have any concerns about the cookies we use, please contact: Geena Blades- 01780 432930 – geena@nimblemedia.co.uk

7.

HOW WE USE PERSONAL DATA

We will process your Personal Data in connection with the management of our relationship with you for the following purposes:

(a)

for monitoring and assessing compliance with our policies and standards;

(b)

for promotional and marketing materials and activities, including photos and videos;

(c)

to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;

(d)

to provide you or your employer with requested products or services;

(e)

for administrative purposes in relation to the security and access of our systems, premises, platforms and secured websites and applications;

(f)

to contact you about the services and products we offer (where we have received your consent to do so, or we believe that you may be interested in the material as it relates to similar products or services you have previously acquired, or indicated your interest in acquiring, from us);

(g)

to invite you to participate in events, including those that may involve fundraising, that we organise;

(h)

to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;

(i)

to comply with court orders and exercise and/or defend our legal rights;

(j)

for any other legitimate business purpose; and

(k)

as otherwise permitted or required by any applicable law or regulation.

8.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Personal Data we collect from you may be transferred to (including being accessed in or stored in) a country or territory outside the European Economic Area (“EEA”), including to countries whose laws may not offer levels of protection of Personal Data the same as are those enjoyed within the EEA. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR.

9.

WHEN WE MAY DISCLOSE YOUR PERSONAL DATA

We do not and will not sell, rent out or trade your Personal Data. We will disclose your Personal Data only in the ways set out in this policy and, in particular, to the following recipients:

(a)

to any of the organisations we provide services to as disclosed in section 1(a) and 1(b) in this policy.

(b)

to third parties who process your Personal Data on our behalf (such as our systems providers including cloud providers) to include;

(c)

Salesforce (please see Salesforce Privacy Policy here)

(d)

FreeAgent (please see FreeAgent Privacy Policy here)

(e)

Stripe (please see Stripe Privacy Policy here)

(f)

Mailchimp (please see Mailchimp Privacy Policy here)

(g)

to companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;

(h)

to any third party to whom we assign or novate any of our rights or obligations;

(i)

to any prospective buyer in the event we sell any part of our business or assets; and/or

(j)

to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.

10.

HOW WE PROTECT YOUR PERSONAL DATA

We are committed to safeguarding and protecting Personal Data and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any Personal Data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

11.

YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT

11.1.

If you wish to:

(a)

update, modify, delete or obtain a copy of the Personal Data that we hold on you;

(b)

restrict or stop us from using any of the Personal Data which we hold on you, including by withdrawing any consent you have previously given to the processing of such data; or

(c)

where any Personal Data has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such Personal Data in a suitable format.

you can request this by emailing us at the address set out in section 13 below. We endeavour to respond to such requests within 30 days or less, although we reserve the right to extend this period for complex requests.

11.2.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
11.3.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your Personal Data, and for any additional copies of the Personal Data you request from us.
12.

FOR HOW LONG WE WILL HOLD YOUR PERSONAL DATA

We will retain your Personal Data only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
13.
HOW WE UPDATE OR CHANGE THIS PRIVACY POLICY
13.1.
We may change or update parts of this Privacy Policy in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Privacy Policy on our company websites. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Privacy Policy, so you are fully aware of any changes or updates.
13.2.
This Privacy Policy was last updated on 18 May 2018.
14.

HOW YOU CAN CONTACT US

If you have any queries about the contents of this Privacy Policy, or wish to inform us of a change or correction to your Personal Data, would like a copy of the data we collect on you or would like to raise a complaint or comment, please contact us using the details set out below:

Email: vicky@nimblemedia.co.uk

Post: Nimble Media Ltd, 40 Melton Road, Oakham, Rutland LE15 6AY.

15.

HOW TO LODGE A COMPLAINT TO THE REGULATOR

You are entitled to lodge a complaint with our data protection regulator if you consider that we have breached your data protection rights. Our data protection regulator is the Information Commissioner’s Office, which can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.