Who we are
We are The Spark Agency, part of the Sleeping Giant Group. We’re a digital marketing agency aimed at working with SMEs on a packaged basis. We work with a lot of businesses, a lot of people, and funnily enough – we’re people ourselves. So we know how important data protection and privacy is to everyone. We’ve set up this Privacy Notice to let you know just what data we’re collecting, why, who else might see it, and how we’re going to use it. So, if you’re into this sort of thing, grab a cup of something, put your feet up, and enjoy this bedtime read.
Types of data we collect
What are cookies, and what are you doing with my data from them?
Yes – a delicious treat. Oats and chocolate chips preferable. But in terms of computers, cookies are small data files that are popped on your computer/mobile/tablet/other device as you browse a website. They remember your device and when it accessed the website, and helps inform what happens when you’re on the site and after you leave it. For example – I’m sure all of us at some point have put something in the basket on a retail site, only to leave and come back to it later to find the 6 inch red stilettos you had in there earlier are still there? Ok, that might not apply to everyone, but that’s the work of cookies! They’re important for the effective running of a website, and we can use them to tailor the service offered to you.
What information do they collect, and why?
The cookies we have on our site collect information on things like which pages you visit, which device you’re on, your IP address, and publicly available information, including details you might have shared through a public platform like Facebook or Twitter or any other platform who have consent to share your data. Then it pops it over to Google Analytics, Adwords, Google Tag Manager, and SharpSpring so they and us can do things like show you targeted ads, banner ads, collect information to monitor the success of campaigns, competitions etc., and trigger automations for us to get in touch with you (if we think you’d be interested in hearing more!). It’s also pretty important for us to effectively run our website, especially when it comes to things like site navigation, market research, and customer service. It sounds like a lot, but all this does is help tailor our communication to you and let us know the kind of stuff you might like to know more about. We may also keep an eye on the data coming through for crime and fraud prevention, detection, and related purposes, or if we have a legal right or duty to disclose your information, but we’re hoping everyone visiting our websites are upstanding gentlefolk who have no nefarious intentions. No data is passed on to third party marketers – it stays between us, our Giant Family (Sleeping Giant Media and Giant Campus), and the lovely software companies above.
So, what are these cookies?
We’re glad you asked! Different cookies do different things in different ways. If you want to find out exactly what, have a look at this full list of cookies used across all giant things here.
How are cookies managed?
The cookies stored on your computer or other device when you access our websites are designed by:
– The Spark Agency, or on behalf of The Spark Agency;
– third parties who participate with us in marketing programmes; and
– third parties who broadcast web banner advertisements on behalf of The Spark Agency.
How do I disable cookies, and what happens if I do?
If all of the above sounds like too much, and you want to browse from the shadows, that’s no problem – but you might need to go to your browser settings to change it from there. You’ll still see ads, but they’ll be less tailored to you, and it’ll stop us from seeing things like if you’ve encountered a problem on our site. From a personal perspective, it also automatically logs you out of things like emails and online accounts, as it doesn’t save the data.
The Easy Way (you’ll have seen this in our Cookie Banner)
Browse in Incognito/InPrivate/Private mode!
- Google Chrome Incognito (CTRL+SHIFT+N)
- Mozilla Firefox in Private Browsing with Tracking Protection (CTRL+SHIFT+P)
- Microsoft Edge in InPrivate browsing – tap the “Settings and more” button in the top-right corner, choose “New InPrivate window.”
- Opera in Private Browsing (CTRL+SHIFT+N)
- Internet Explorer in InPrivate browsing (CTRL+SHIFT+P)
For Google Chrome:
- Choose Settings> Advanced
- Under “Privacy and security,” click “Content settings”.
- Click “Cookies”
Change the settings according to what you’d like from there!
For Microsoft Internet Explorer (probably the first and last time you’ve used them!):
- Click on “Tools”, and then “Internet Options”
- Click on the “privacy” tab
- Go mad, and choose the settings you’d like from there!
For Safari (we’re not judging you…):
- Choose Preferences > Privacy
- Click on “Remove all Website Data”
This will get rid of cookies!
For Mozilla firefox:
- Choose the menu “tools” then “Options”
- Click on the icon “privacy”
- Find the menu “cookie” and pick what you’d like to do from there
For Opera 6.0 and further:
- Choose the menu Files”> “Preferences”
It’s all laid out there for you to choose!
So, you’ve come for a visit, but don’t have unlimited data and can’t tether to your other devices. You’ll probably want to borrow some of our internet through our Wifi! Just so you know, this does collect some data from you – including your device, what websites and apps you’ve been on, how much data you’ve used, and where/when/how often you’ve used the Wifi. This helps us keep things secure in our offices, as well as make sure the basics of our internet are working properly. If you’re not a security risk, you shouldn’t have to worry about this, as we will only use the information to build a general report. It’s only if there’s a problem that we will process your data further, and let’s face it if you are a security risk, you might have bigger problems than us collecting your data…
You’ve signed up for our mailing list! You love us after all! We’ve loads of stuff to talk about, but first, let’s explain what information we’ve collected, and how and why we use it.
When you first sign up, we collect your information for things like your name and email address, what you’d like to be signed up for (obviously), your business name, and occasionally your business address. We do that because you’ve asked us to give our wisdom to you – whether you’ve chosen a white-paper option, to get included in competitions, to get newsletters, to keep up to date with digital marketing, or anything else we provide that you’ve opted into. So we’ll stick to that in terms of contacting you, unless we need to get in touch to get some more information from you or make sure you’re happy and that your details are up to date.
We do use SharpSpring (as mentioned above), which means you might receive some emails from us even if you haven’t signed up, but that will be because you’ve shown an interest in us – we’re not needy, we just want to make sure you know what you’re missing out on… SharpSpring are all above board, but if you want to double check for yourself, check out their own Privacy Notice here. Rest assured, if you want us to stop, you can unsubscribe or just let us know by emailing Nell Sanders (our poor Data Protection Office) at firstname.lastname@example.org. Just put [CONTACT PREFERENCES] in your subject line, let us know what you’d like, and we’ll sort the rest out from there. Ultimately, you won’t be bombarded by emails, and you’ll stop getting them if you don’t show interest, because although we want to keep in touch, we deserve more than the cold shoulder.
You’ve committed to learning more about Digital Marketing (to be honest, just reading through this notice is giving you a bit more knowledge than anyone thought they needed, right?), and so you’re off on an adventure over to Giant Campus! You’ve bought your tickets, you know the date, you know where you’re going, you’ve got a rough idea of what you’re in for – you’re set. But what about the data we’ve collected to get you on the course? You won’t actually receive a ticket – your name’s on the list – but we have got your data somehow. When you book yourself onto the course, the details you’ve input (name, address, email, phone number) will be stored in our internal system. We’ll get in touch with you if we think you’ll be interested in another course, but like with everything else, we won’t chase you – if you’re not interested you can let us know, and we’ll stop it! And if all else fails, if you’re not getting back to us, we’ll just stop emailing you. We’ll miss you, though.
The Spark Agency will (with your say so) send you funky updates on things from the Sleeping Giant Group, things such as; free digital marketing training and events, digital skill share, information on our other company’s services, special offers, newsletters, and other fun stuff we’ve already run through with you -when you signed up (and if you haven’t signed up, we’d totally recommend doing it here!). It’s all stuff we think you’ll find relevant, but if you don’t like it, you can always unsubscribe by the emails or contacting us in the email listed below!
We also might send out a banner ad on another website after you’ve visited our website. Sorry, but it’s a part of cookies (see above), and who knows – you might actually want to see our smiling faces everywhere. If not, have a look at our cookies section above for how to not see us!
People who contact us via social media
We use social media management tools to manage our social media interactions. Because these things exist, and they’re awesome. They take a lot of the leg-work out of managing social media! If you want to find out more, get in touch with us – we can train you on this! It does mean that these tools and platforms have their own cookies, data that they send us, and data we can access. Have a look at our Cookie matrix to find out more!
We share (and likely get some of) your information with Third Parties. Damn, that sounds bad.
Let’s get it straight – if you’ve opted into getting information from our trusted third parties, we’ll only share the information that’s relevant, and they’ll only contact you for purposes that might serve you well. So, if you’ve said to us “I’d like to learn more about Digital Marketing”, or “I need another agency to build my website”, or “I’m going to one of your events and I want to network” that’s the kind of example that shows you what we mean! We never sell data (terrible practise), and we always hold our Third Parties to the standards of GDPR.
Our Trusted Third Parties include people like our teams in Sleeping Giant Media and Giant Campus, other agencies that we work with that might be able to help you, and – of course – anyone that you want to speak to at our events. Depending on if you say cookies, software, and tools are third parties, we also share data with those, but that’s for the purpose of processing your information, rather than giving them your information for their own purposes! If you’re a client, we also might share your information with financial or credit reference agencies, and any third party that’s needed to perform the contract we hold with you. Other cases may be where we need to share your information could be with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we need to, comply with our legal obligations or exercise our legal rights or for the prevention, detection, investigation of crime or prosecution of offenders, and for the protection of our employees and customers.
How and why do we use your Data?
There are three main reasons, and a couple of sub-reasons we collect and process your data:
- Consent – you’ve given us a clear “YES!” on what you want from us, and we’ll contact you in line with that!
- Contract – you’ve signed up to work with us (thanks again ), and so we need to use your data to actually fulfill that contract. OR you want to work with us, and so we need to get in touch with you to hopefully turn that maybe into a yes. Because ultimately, we want to work with you. It’ll be great.
- Legitimate Interests. This one’s a long one. Here we go….
- If it’s going to cause you minimal impact, if we think you’ll benefit from what we’re offering, or if you’ve been in touch before and fallen off the radar, if processing your data is necessary to serve those interests – then we’ll get in touch. It could be for selling our services to you; protecting our team or you for health, safety and welfare purposes; promoting, marketing, or advertising our services; sending personalised marketing (you lucky things, you); understanding client needs, behaviours, preferences, needs, activities; improving our services; again, for crime and fraud prevention, detection, and related purposes; handling client complaints, queries, disputes etc.; and generally fulfilling our duties to our clients, team, and data subjects! We’re not going to overwhelm you with “LOOK AT THIS KITTEN! SO CUTE!” emails, We will only get in touch if our Legitimate Interests Assessment (fancy GDPR process) lets us – we’re not in the spamming game. And if it’s really not wanted, you can always tell us to stop through the email already stated, or through unsubscribe buttons where applicable! (Phew! Told you that was a long one!)
- Legal obligation – just in case you think we’ll evade the law to protect your data, I’m really sorry, but that’s just not going to happen. If we’re required to process it by law, we’ll do that.
How do we keep your data safe?
We are committed to keeping your data safe! This is through:
- Online and IT security protocols and protection
- Organisational and property security protocols
- A “Privacy by Design” approach to your data
- Regular internal audits
- Internal policies setting out data security
- Training for all our staff on proper process
How can YOU keep your data safe?
It would be nice if there was a lock and key system… Our office would look like the end of Indiana Jones: Raiders of the Lost Ark.
This may not be feasible, but there are some things that you can do to protect your data. Firstly – we don’t take credit card payments, so you can be damn sure if someone contacts you asking for these – it’s not us. Don’t do it. I learned this the hard way when a Nigerian Prince got in touch with me…
Secondly, if we do send an email asking for payment, and it looks a little dodgy, our finance team of two don’t mind answering the phone to client queries. Give us a call and check. This goes for other dodgy looking emails from us – if you’re not sure, just give us a call. We’re always happy to help!
It goes without saying, but if you’re on a public network out and about, it’s unlikely to be very safe. Don’t submit personal details if you’re not on a trusted network! And in that same vein, you’ll have passwords to access certain information (like on your emails if we’re sending you reports or cool information). Don’t give them out to people, please – it’s just not safe.
After all of this – what are your rights?
(a technical look at the GDPR…)
So you’ve given your details to us at The Spark Agency! You’re in good hands, but you may be wondering what rights YOU have. In regards to all the rights below, you can get in touch with our Data Protection Officer – Nell Sanders – at email@example.com. Pop “[MY DATA – MY RIGHT] in the subject line, let us know what you’d like, and we’ll get back to you as soon as we can and in line with GDPR requirements.
- If you’ve given us consent, you have the right to withdraw it! This seems fairly obvious. You’re not married to us, and even if you were, you’d still have the option to divorce us! If you don’t want us to get in touch any more, just unsubscribe or get in touch with our Data Protection Officer
- You can lodge a complaint with a supervisory authority. We’re a friendly bunch, here, and you can talk to us about anything, but if you’d like to lodge a complaint with a higher power, you can! You can get in touch with the Information Commissioner’s Office. Have a look here for more details: https://ico.org.uk/for-the-public/raising-concerns/
- You’ve got the right to be informed about the collection and use of personal data. This is the Privacy Notice you’re reading at the moment!
- If you want to see the data we have for you, you can ask for it.
- If the data we have on file for you is outdated, incomplete, or just plain wrong, you also have the right to change that too! It may be that you have changed your name to Princess Consuela Banana Hammock – we won’t judge, we will just change it!
- You can ask to be forgotten. It feels like prom all over again, left there to dance alone. But if you want us to forget you, you can ask us to do that – just see this guidance from the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
- You can ask for us to “restrict processing” of your data. If it’s wrong, if it’s not been processed in line with the GDPR, if you need it for legal reasons (but we don’t need it any more), or if you’ve asked us to stop processing your information altogether – while we consider stopping processing it, you can ask to restrict it. Blimey, that’s a head twister.
- You’ve got the right to ask for your data in a portable way (like through a USB). This applies to when you’ve given us consent to use your data, or when you’re in a contract with us.
- You can ask us to stop! If we’re marketing to you, or if we’re processing your data on the grounds of legitimate interests, you can ask us to just quit doing that.
- You also have rights related to automated decision making and profiling, where serious decisions made by automated processing (all systematic, no human interaction), where you can ask us not to automate any decision making process, and you can ask us for the information we’ve used to make that processing possible.
On very very rare occasions (as in, we haven’t encountered this yet), we may possibly have to share your data outside of the European Economic area (EEA). You should rest easy, though, it’s subject to special rules under GDPR. If we do have to do this, we’ll make sure it’s done in line and compliantly with data protection laws to make sure it is secure. If we ever need to do it, we’ll make sure the standard data protection contract clauses here are signed or at the very least covered by their own data protection terms.
How long do we keep your data?
We hope you’ll be working with us forever, and so we hope we’ll keep your data forever! But that’s not how it works. We’ll not keep your data any longer than is needed under this notice, and the longest we’ll hold onto any personal data after the purpose has been completed is 6 years.
Hello! You might be wondering why you’ve been directed to this page, you might have skipped past this entire thread just to find this part, you might just be reading through the entire privacy notice. It’s fun, right? It’s taken days to write…
As a Client of The Spark Agency, you’ve signed an arrangement with terms and conditions, or at least read through the terms and conditions before you signed up, you’ve given us your data, and we’re hopefully cracking on with what we need to do for you this very moment (although, not if you’re reading this at Midnight on a Saturday. In which case – what are you still doing up?! Get to bed with you! Unless this is a bedtime read? In which case, we totally understand, this isn’t the most riveting piece of content we’ve written…)
Back to the matter at hand. You might be wondering what, where, how, why, when, we use your data. Lucky for you, there’s this whole Privacy Notice and a handy list of things right here for you to read:
Data we collect as a part of a contractual obligation:
In contracting with us, we’ll need some data from you so that we can effectively perform the services for you and your business. This will be confirmed with you in the terms and conditions and any emails you’ve received from us, but will include things like the following :
Life of Lead
Ways we receive this information:
- Directly from you
- From your website
- From one of our team
- From our website
- At an event
Experian Credit Check
How and why is it processed?
According to your contract, you’ve asked us to do something for you! Whether this is SEO, PPC, Social, Video – we’ll use your information in line with this purpose so that we can actually perform the contract. This is how we’ll process your data. Below are the ways in which we could process this data as per your contract.
Direct Contact – Email
Direct Contact – Telephone
Direct Contact – Meeting
Internal Strategy Development
Search Engine Optimisation
Where is it stored?
Now that we’ve got your information, where is it stored? Again, depending on what we’re doing for you, this could be in:
Mobile Storage Devices
Other Cloud Storage
Digital Marketing Tools
Where and how do we send this information?
We’ve already covered that we’ll never sell your details, but we may share your details with other Third Parties (see “Third Parties” below). In terms of processing your information, though, in addition to the above, this is how and where else your data could be sent:
- Awards Houses
- Google Adwords
- Google Drive
- Hard Copies
- Instant Messaging Services
- Press Release
- Project Management Systems
- Social Media
- We Transfer
- Working Arrangement
You have a lot of rights as a data subject, so if you want to find out more, just have a look at our section – “After all of this – what are your rights?”.
Current Giants, Former Giants, and Potential Giants
(Staff, former staff, and recruitment)
The Spark Agency and The Sleeping Giant Group work with external parties (LinkedIn, KentJobs.co.uk, and JobsinKent.com) to collect details from applicants, that they then send to us. We’re the controller for the information, so if you want to chat about how we use the information, just let us know!
What do we do with your information?
To start with, we take the information you’ve given us, and process your application! We only ask for the information that’s needed to see who you are and whether you’d be right for the company. You don’t have to give us the information if you don’t want to, but it may affect your application. We use your CV to assess whether you should be invited to a phone interview, your data to contact you if you’re successful to that phone interview, and then further process your details if you’re successful in getting a place on our recruitment day! Simple steps, there! We’ll then be in touch to let you know if you’re successful or not. We do keep CVs on file to refer back to – either for quality management or future positions, but data is kept for a maximum of 6 years. So basically, we’ll use your data to progress your application or to fulfil legal/regulatory requirements. Nothing much to it.
We don’t share this data with third parties for marketing, nor do we send it out of the EEA (you can breathe a sigh of relief), and it’ll stay in our hands (unless we think you’d be good for a role in one of our other Giant Things businesses – Sleeping Giant Media or Giant Campus – but we’ll ask you if this is ok first!).
If you get through the phone interview round, you’ll be invited to a recruitment day! Here we set up named folders to which only you and the recruitment team will have access. In here, there’ll be a personality test, role specific tests, tasks, and eventually your presentation (that you’ve created). Any notes made by you or by us will only be kept by those involved in your recruitment, and won’t be farmed out to anyone else.
Congratulations! You’ve been offered a role! What now? You’ll be asked for a lot of information from us (sorry, but it’s necessary), so that we can make sure you’re entitled to work in the country, that you’re entitled to work with us, that we can pay you, that you’ve not hidden some severe “I definitely shouldn’t have been offered the job” red flags, who to get in touch with if there’s an emergency (we advise against chopping off your finger at work, but you know… just in case…), and other bits of information needed to offer you the job. So, all in all, this would be:
- Proof of identity (original documents, please!)
- Referee information
- Bank details (so we can pay you for doing your job)
- Emergency contact details (for emergencies…)
- Next of Kin details
- National Insurance Number
- P45 (or we’ll get you to sign a “New Starter” form)
- Full Name, Address, Date of Birth
How we make decisions about recruitment?
We tally up your scores from the day (based on finite test results and subjective interview scores), we ask a select group of our team for feedback (just in case they saw you steal a laptop or something. Could be less severe, don’t get me wrong, but that would be a definite no!), and we gather up all available information before the Associate Research and Development Director makes a final decision. Whether you get the role or not, we won’t leave you guessing – we’ll get in touch to let you know.
If you want to find out more about applications (whether it’s your specific one, or just in general), email firstname.lastname@example.org
Current and Former Giants
All of the information (as under “Potential Giants”) and anything further that we acquire in your time here will be kept on file after you leave, but for no longer than 6 years after the information is no longer required. The additional data can include (but let’s face it, definitely isn’t limited to) things like:
- Holiday Use
- Sick time
- Involvement in any Human Resource related situations
- Records of work
- Personal information that may have been discussed in the workplace
- Information on health
Changes to this Privacy Notice
We’ve reviewed this Privacy Notice in May 2018 (GDPR!), but we’ll amend it from time to time according to legislation changes, changes in branding, changes in policy, or anything else that may need us to review it at least once a year.