Adstream (“We”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Adstream (UK) Limited of 7th Floor, Berkshire House, 168-173 High Holborn, London, WC1V 7AA (registration number Z1247101) and Adstream Limited of St Andrews House, 18-20 St Andrew Street, London, EC4A 3AY(registration number Z9963018).
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
• Information that you provide by filling in forms on our site (http://www.adstream.com) (our site). This includes information provided at the time of registering to use our site or parts of it (as the case may be), subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of transactions you carry out through our site and of the fulfilment of your orders.
• Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
• Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide goods and services.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
USES MADE OF THE INFORMATION
We may use the information held about you for the following purposes:
• to help us identify you and any accounts you hold with us.
• statistical analysis.
• customer profiling and analysing your purchasing preferences.
• fraud prevention and detection.
• billing and order fulfilment.
• credit scoring and credit checking.
• customising this website and its content to your particular preferences.
• to notify you any changes to this website or our services which may affect you.
• security vetting.
• improving our services.
In particular, we may use the information held about you:
• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To notify you about changes to our service.
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email, SMS, post or telephone.
If you are an existing client, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new client, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the order form) or contact us at firstname.lastname@example.org.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If Adstream (UK) Limited or Adstream Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of (specify, e.g. quality assurance, training, fraud prevention and compliance).
To enable us to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other businesses with which you are financially linked. Other credit grantors may use this information to make credit decisions about you and the businesses with which you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this.
ACCESS TO INFORMATION
You have the right, subject to the payment of a small fee (currently £10) to request access to personal data which we may process about you. If you wish to exercise this right you should:
• put your request in writing.
• include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill).
• attach a cheque in the amount of £10 made payable to Finance, 3rd Floor, Berkshire House, 168-173 High Holborn, WC1V 7AA – London .
• specify the personal data you want access to, including any account or reference numbers where applicable.
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right you should:
• put your request in writing
• provide us with enough information to identify you.
• specify the information that is incorrect and what it should be replaced with.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right you should:
• put your request in writing (an email sent to firstname.lastname@example.org with a header that says ‘Unsubscribe’ is acceptable).
• provide us with enough information to identify you.
• if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email or telephone) please specify the channel you are objecting to.
UK Quality and Security Policy
The Quality Policy (ISO9001)
It is our policy to provide our customers with a reliable, and fault free service at a competitive cost. To achieve this objective, it is essential that our Quality Management System be maintained to ensure its effectiveness and the procedures and practices outlined in our quality manual are there for that purpose and to satisfy the requirements of BS EN ISO 9001:2008.
This policy provides a framework for establishing and reviewing quality objectives, and also includes a commitment to comply with requirements e.g. customer, statutory and regulatory and to continually improve the effectiveness of the quality management system.
This Quality Management System is to help us provide confidence to our customers and therefore the implementation and communication of the quality policy is mandatory for all our employees, this is also to ensure staff understanding, implementation and maintenance.
Copies of both the Quality Manual and the Procedures are available for customers to read at any time. We shall review this policy regularly to ensure its continued suitability and in-line with our commitment to continual improvement.
Information Security Policy (ISO27001)
1. The Information Security Management System (ISMS) ensures the confidentiality, integrity and availability of all Information at Adstream. It is realised through the policies, procedures and controls within the ISMS manual.
2. The management at Adstream are committed to continued review and improvement in order to reduce the risk of security incidents and ensure continued contractual, and legal, compliance.
3. A risk assessment framework, defined by 4.2.1c) Risk Assessment Methodology, in the ISMS manual, has been created for setting and reviewing objectives to achieve the company’s over all aim of reducing business risk.
4. Adstream operates a business risk approach to the controls that are implemented in the business. A risk methodology can be found in the ISMS manual 4.2.1c) Risk Assessment Methodology, which defines the method of risk assessment and the acceptable levels of risk. Through a risk treatment plan, the company will implement relevant controls.
To ensure that all staff, customers and third parties are aware of the company’s Information Security Management System, and their particular responsibilities within it, this policy is displayed and communicated publicly with awareness training is provided.
5. The management gives complete approval and commitment to this policy.