2. The Types of Personal Data that We Collect
Personal data is information that relates to an identified or identifiable individual, and it could be as simple as a name or a number, or could include other identifiers such as an IP address, a cookie identifier, or other factors.
We collect personal data in order to provide our services to you; maintain communications with you; and/or in order to comply with applicable law. Please note that if we have requested personal data from you and you decide that you do not want to share certain personal data with us, then this may prevent us from: (i) providing our services to you; or (ii) entering into a contract to provide services to you. In these circumstances we will ensure we notify you when reasonably possible to do so.
We collect different types of personal data for different reasons, including:
- Customer Data: customer user names, email addresses, business contact details and passwords, with whom we communicate in order to provide our services and/or for general business management purposes.
- Support Data: in order to provide support services to customers that subscribe to Telmar’s services, we may process customer users’ names and contact details to allow us to communicate and provide our support services to you.
- Website Data: when you visit our website (and certain other portals and third-party platforms), we or third parties may place certain cookies on your device related to the performance of these websites and portals and analytics tools. For further details, please see our Websites & Cookies Notice.
- Dataset Data: Telmar’s services may be used to analyse third party datasets and customer proprietary datasets to gain insights into audiences. Personal data such as a unique identifier linked to an account held by the dataset provider (which may or may not be regarded as personal data), and other personal identifiers that may include special categories of data. The content of a dataset is determined by the dataset provider or our customer, should the customer provide its own data. As such, a dataset may contain any of the following types of personal data:
- Respondent ID.
- Sexual orientation.
- Race/Ethnic origin.
- Health conditions.
- IP address.
- Date of birth.
- Area/GPS location.
- Enumeration area number.
- Home address.
- Place of worship and address.
- Forename and surname.
- Phone number.
- Disability status.
- UK immigration status.
- UK benefits received.
- Employment details.
- Email address.
- Payment & Finance Data: we may collect and process credit card and/or corporate bank account details that may contain personal data and information we receive from a customer that is used and processed for the sole purpose of receiving payments.
- Marketing Data: in order to market to customers and potential customers, Telmar may collect and process names, contact details and marketing preferences in order to communicate with you.
- Recruitment Data: Telmar may also process personal data when you register for or apply for jobs either through third party recruitment agencies or portals or via Telmar’s website. In that case, the personal data that Telmar may process may include information that you provide, such as your name, mailing address, e-mail address, telephone number, fax number, and background information required to apply for a job. You will receive a privacy notice upon receipt of your application to Telmar setting out further details of how your personal data may be used.
- Biometric Data: to the extent permitted by applicable law, either with your consent or by notice where you attend our offices, we may collect and process recordings of your voice and physical appearance obtained from recorded material collected via video conference or close circuit television (CCTV) that may identify you.
- Any other data that you voluntarily provide to us.
3. How do we obtain Your Personal Data
Most of the personal data we process about you is provided to us directly by you for one of the following reasons:
- when you contact us on our website;
- when you complete a registration form on our website;
- when you register for one of our webinars;
- when you attend a meeting or video conference, event or webinar that we host or attend;
- when you contact us via social media sites such as LinkedIn;
- when you phone us;
- when you provide us with your details at an event;
- when you provide us with details in order to set up a contract for the provision of our services; and
- when you provide us with user details in order to set up user accounts to provide our services.
We may also receive personal data indirectly, from the following sources:
- from our dataset providers and data suppliers we partner with to provide our services. Although we do not specifically request personal data from such dataset and data providers, some of the data provided to us may in some cases and in some jurisdictions include personal data. Examples of the types of personal data that may be included in a dataset are described in section 2, above;
- from our third-party lead generation providers in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material; or (ii) where we have a legitimate interest in sending you our marketing material and our legitimate interest does not override your data protection interests or your fundamental rights and freedoms; and
- from our third party partners in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material, or (ii) where we have a legitimate interest in sending you our marketing material and our legitimate interest does not override your data protection interests or your fundamental rights and freedoms.
We take reasonable measures to ensure that when we receive personal data indirectly: (i) the third party providing your personal data has the necessary lawful basis to share your personal data with us; and (ii) we use any such data in compliance with terms and conditions set out by the third party providing it to us.
4. Why do we Have Your Personal Data
We use your personal data in order to, where applicable:
- respond to any questions or requests;
- communicate with you and provide any further information about our services;
- maintain a business relationship with you, particularly where you subscribe to Telmar’s services;
- undertake our contractual obligations to you, particularly where you subscribe to Telmar’s services;;
- provide our services to you;
- provide you with service support;
- manage any complaints or claims relating to services you provide to us, or our services we provide to you;
- include you in webinars;
- subject to applicable law and your marketing preferences, undertake direct marketing, advertising and public relations activities, in connection with Telmar and the Telmar Group’’s business activities, our packages and our services (including to make recommendations about our services, package updates, surveys, events and webinars), and to inform you about developments within Telmar and the Telmar Group;
- facilitate service improvement and development, to allow us to improve our packages and services or develop new packages and services for our customers;
- where necessary, comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of the Telmar group; and
- help us conduct our business more effectively and efficiently, or improve our packages and services.
In all circumstances we only use your personal data for the purpose it was collected unless we reasonably believe that we need to use such personal data for another, related purpose, and it is legally possible to do so. If we need to use your personal data for any other purpose we will notify you and let you know the lawful basis on which we propose to rely.
5. Sharing Your Personal Data
- the Telmar Group, for details on the locations please see Section 15 below;
- IT service providers, for example Amazon Web Services and GSuite;
- professional advisors, for example insurers, lawyers and other applicable professional bodies;
- CRM service providers, for example Salesforce; and
- marketing service providers;
- to any law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary, for example to exercise, establish or defend our legal rights, or we are compelled to disclose such personal data to comply with the law;
- to any other person you have consented to us to share personal data with.
6. Lawful Basis for Processing your Personal Data
Under the General Data Protection Regulation 2018 (“GDPR”), the lawful bases that we normally rely on for processing your personal data, detailed above, are:
- Consent. You are able to withdraw your consent at any time. You can do this by contacting email@example.com.
- Contractual Obligation. Where processing is necessary for the performance of our contractual obligations to you.
- Legitimate Interest. Where we have a legitimate interest in processing your personal data, if this is the case we will inform you of what our legitimate interest is at the time of collecting your personal data.
We may need to process your personal data in order to comply with applicable laws, in these circumstances we have a legal obligation to process your data, but we will inform you if this is the case.
In the unlikely event we store any Special Category Data (as defined by GDPR) the lawful basis for processing is determined by the category of personal data being processed. In the event this relates to Special Category Data contained in a dataset, we rely on your consent to process such personal data.
Where we undertake direct marketing, all of our direct marketing campaigns are conducted in accordance with applicable law; we only do so with your consent and/or where we have a legitimate interest to do so, but in any event, you have the option to opt out of any direct marketing at any time by clicking the unsubscribe link in our marketing material. Telmar has performed a legitimate interests assessment in respect of its direct marketing activities to former, existing, and prospective customers. In summary, Telmar has a legitimate interest to market its services to existing customers as they already receive services directly from Telmar and may benefit from other services that Telmar provides. Former customers may be likely to purchase Telmar services after receiving marketing materials as they become aware of the additional benefits that other services could bring them. In addition, Telmar has a legitimate interest in marketing its services to prospective customers to promote brand awareness and increase sales.
To the extent that Telmar records any video conferences/calls/meetings of your voice or image (biometric data), Telmar will only do so with your explicit consent before such recordings are made.
7. How we Store Your Personal Data and for How Long
Telmar will retain your personal data only as long as necessary for the purposes for which it was collected; to provide you with services in accordance with our contractual obligations to you; and where required or permitted under law. Generally, this means your personal data will be retained until the end of your contractual relationship with us. In addition, such data may also be retained whilst Telmar has a legitimate business need to do so.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.
In relation to direct marketing, we will retain personal data (only to the extent necessary) in order to ensure we respect your direct marketing opt-out preferences.
No service is completely secure, but we believe the security of your information is a serious issue and we are committed to maintaining commercially reasonable and appropriate security measures to ensure that your personal information is protected both online and offline. Telmar has a dedicated Information Security team that manages our framework, policies and procedures based on ISO27001 principles (with supplementary controls added for NIST framework alignment) to protect your personal information.
The framework includes (but not limited to) the following measures; employees and contractors being subject to background checks and bound by confidentiality, all receive training on data privacy and security. Those responsible for designing, managing and developing software and services do so applying secure development and privacy by design practices. Principles of least privilege are adopted using a role-based model for provisioning access to critical infrastructure and sensitive data. Data is encrypted in transit over public networks using both TLS, data encryption at rest is using Advanced Encryption Standard, pseudonymization. We also take measures to ensure third-party service providers that process personal data on our behalf also have appropriate security controls in place.
While we strive to protect your data, we cannot guarantee that unauthorized access to your data, data loss or a data breach will never occur.
9. International Data Transfers
In order to provide our services to you it may be necessary to transfer your personal data to a country that is different to the country in which we collected your personal data, and such country may not apply the same level of data protection.
As we are a global enterprise, and part of the Telmar Group, Telmar may transfer your personal data to Telmar Group companies (see section 15, below) and our third party services providers. To the extent required by applicable data protection law, any personal data that is transferred amongst Telmar Group companies shall be subject to an intra-group data transfer agreement (“IGDTA”) that applies the Standard Contractual Clauses approved by the European Commission, and the UK’s International Data Transfer Agreement and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses.
In addition to the IGDTA, Telmar performs transfer impact assessments (each a “TIA”) in respect of the transfer of personal data outside the European Economic Area to “third countries”. In this context, “third countries” are countries that the EU has not issued recognition of a country’s adequacy of its data protection laws to ensure that a data subject gains a similar level of protection that a person would receive under GDPR. The purpose of a TIA is to evaluate whether the legislation in the third country might prevent the non-EU Data importer of personal data from complying with GDPR requirements – especially regarding potential data access rights of intelligence agencies. A TIA requires a diligent assessment of all circumstances of the transfer in question, the laws and practices of the third country of destination and any relevant contractual, technical or organizational safeguards put in place.
10. CCPA Compliance (Applicable to California Residents Only)
When we act as a “Service Provider” (as defined in the CCPA) we may process “Personal Information” on behalf of our customers or dataset providers. “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, this includes but it not limited to:
- identifiers, for example your name, alias, postal address, email address or other similar identifiers;
- any categories of personal information described in Section 1798.80(e) of the CCPA, for example employment history, signature, or financial information;
- biometric information;
- geolocation data; and
- audio, electronic or visual data.
If we process your Personal Information it is because we are a Service Provider to a business that has provided your Personal Information to us. We do not Sell (as defined in the CCPA) your Personal Information to any third party.
If we process your Personal Information and we determine the purposes and means of the processing, for example when undertaking marketing activities, it is because we are a Business (as defined by the CCPA). In this circumstance we rely on the CCPA marketing exemption allowing us to: (i) store marketing data on third party systems, provided applicable terms are in place with our service provider; (ii) provide opt-outs from marketing communications, as opposed to requiring an opt-in; and (iii) follow applicable cookie consents on our website.
11. Your Data Protection Rights
When you subscribe to our services, you trust us with certain personal data. We understand that it is essential we work hard to protect your personal data and provide you with the access you need to feel in control of your personal data you provide to us.
Under data protection law, you have rights including:
- your right of access – you have the right to ask us for copies of your personal data;
- your right to rectification – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
- your right to erasure – you have the right to ask us to erase your personal data in certain circumstances;
- your right to restriction of processing – you have the right to ask us to restrict the processing of your personal data in certain circumstances;
- your right to object to processing – you have the right to object to the processing of your personal data in certain circumstances; and
- your right to data portability – you have the right to ask that we transfer your personal data you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you do make a request, we will respond to you within one month. Please contact us by email at firstname.lastname@example.org.
13. Our Contact Details
If you are resident in the European Economic Area or the United Kingdom our contact details are as follows:
|Name:||Telmar Communications Limited|
|Address:||Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX|
If you are resident anywhere other than the European Economic Area or the United Kingdom our contact details are as follows:
|Name:||Telmar Group, Inc.|
|Address:||75 Varick Street, 3rd Floor, New York, NY 10013|
|Phone Number:||+1 212 725 3000|
14. How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us by email at email@example.com or at:
For the attention of: Legal Team,
Telmar Communications Limited,
Fora, 35-41 Folgate Street,
You can also complain to the ICO if you are unhappy with how we have used your personal data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
15. Telmar Group Entities
We have set out below the Telmar Group Entities that we share personal data with in accordance with our intra-group data transfer agreement, further described in Section 9 above.
Telmar Group, Inc., a company incorporated in Delaware, with offices at 75 Varick Street, New York, NY 10013.
Telmar Information Services Corp., a company incorporated in New York, with offices at 75 Varick Street, New York, NY 10013.
Telmar HMS Limited, a company incorporated in Canada, with offices at 151 Yonge Street, Suite 1100, Toronto, Canada.
Telmar Europe Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.
Telmar Communications Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.
Telmar Peaktime SAS, a company incorporated in France, with offices at 15, place de la République, 3ème étage, 75003 Paris, France.
Telmar Peaktime B.V., a company incorporated in the Netherlands, with offices at Strawinskylaan 3051, 1077 ZX, in Amsterdam.
Telmar (Asia) Limited, a company incorporated in Hong Kong, with offices at Unit 46-106, 46/F, Lee Garden One, 33 Hysan Avenue, Causeway Bay, Hong Kong.
Telmar Software (Shanghai) Limited, a company incorporated in China, with offices at Unit Q-148, Room 501, 5/F, 700 Liyuan Road, Huangpu District, Shanghai, China.
Telmar Media Systems (Pty) Ltd, a company incorporated in South Africa, with offices at Building 26, 1st Floor, The Woodlands, 131 Western Service Road, Woodmead, 2052 Johannesburg, South Africa.
Helixa SRL, a company incorporated in Italy, with offices located at via Arcivescovo Calabiana 6 Milano, 20139.
Helixa, Inc., a company incorporated in Delaware, with offices at 75 Varick Street, New York, NY 10013.