Website contact form

Occasionally people contact us via our website (yay!) asking us to get in touch so they can share their marketing woes with us and ask us to help. In these circumstances we would normally create a record of their company and individual business contact details within our private database. We will keep these records for a year unless we are asked to delete them, in which case we will, within 72 hours (except where holidays or unavoidable time away from the office makes this impossible – but in general we will do it at the earliest possible opportunity).

We also receive approaches from individuals looking to work with us or (occasionally) gain work experience (usually students). We wish all these people the best of luck, (usually) send them a nice reply and leave the enquiry in our contact system until it’s time for us to cleanse the system. We do this once a year.

Third parties

As our workload grows, very occasionally we may (in future) use carefully-selected third party marketers who are part of the In The Box team but not direct employees. These people are well known to us and very, very carefully vetted; they simply must reach our standards or we wouldn’t work with them. We haven’t done this yet, but if and when we do, we may need to share client contact details with them only insomuch as it allows them to deliver our services to our clients. We will of course introduce clients to them, so the client will know who they are. They will only ever possess clients’ basic contact details and the knowledge they require in order to execute their job to our standards.

CRM records and Business Development

Obviously, our business has to come from somewhere. So if a potential client interacts with us in person, by phone, email, social media, through our site (or any other way we can’t think of right now) we might create a CRM record with their name, company, role and contact details plus a written record of why we had a conversation. We do this in the hope that we can go on to become a valued and trusted provider.

As above, we will of course remove anyone’s records at the earliest possible opportunity should they request it.

In order to win new clients we may occasionally use business (and strictly only business) contact details we find on websites, social media or in the public domain. More often we are asked to contact businesses by their own third party contacts who believe the business will benefit from our service. In this case we would be given the relevant contact details. (More often still, people contact us – which is very much appreciated, thank you).

In the above cases, if we establish that you’re interested in working with us, or ask us to keep in touch, your basic contact details (name, email, job title and a bit of narrative) will go onto our database until such as time as you ask us to remove it.

Nobody has ever asked us to remove their data, but should this happen, our process would normally be to keep someone’s name and company but make a note that you don’t wish to be contacted and remove your contact details (phone, email etc). If we don’t do this, we have no way of remembering not to contact you! (We won’t be able to anyway, because we won’t have your contact details any more, and we will honour any requests for us to remove absolutely all data, at the earliest possible convenience as above).

Google Analytics

Like many businesses we use Google Analytics to assess the traffic on our website and learn lessons about how best to tailor our own content. Google Analytics does not reveal any personal identification data about our site visitors, but it does use cookies which is, technically, personal data. We do nothing with Google Analytics beyond simply looking at how the traffic on our site behaves – that is, what pages are read the most, how long visitors stay on a page and so on. We don’t know who our visitors are and would never use analytics to try to pursue them or identify them.

Client Google Analytics

As part of our role, we administer content (and only content) on some of our clients’ websites. As such we can access their Google Analytics and we provide regular reports to them showing their website’s performance. As above, none of these reports reveal any personal identification data about their websites’ visitors beyond the fact that Google Analytics uses cookies which is, technically, personal data. (See above).

Client social media

As part of our role, we administer and manage our clients’ social media accounts. This means we communicate with third parties on behalf of our clients whilst providing a “white label” social media service. We normally only interact with these third parties via social media and gain no personal data about them at all, and their contact data remains strictly within the software we are using – e.g. we can see our clients’ Twitter followers from within their Twitter account or our social media management software, but that’s all. We never extract that information into a database or use it for our own ends.

Client email software

On occasion we are granted access into our client’s various software systems, in order to fulfil a marketing service such as designing email templates in Mailchimp. On these occasions we are bound by their data protection rules and our own, and would have no reason to extract or use their customer, and never do or will.

Recruitment

When and if we decide to engage in recruitment activity in our drive for world domination, we will need to receive, review and store CVs. These will contain the usual CV information – contact details, addresses, interests and so on. We will store these in a protected drive in order to evaluate candidates’ suitability for our roles and so that we can get in touch should suitable roles become available (or to ascertain whether the individual/s has applied for a role with us in the past). In each case, if the applicant does not become an employee, we will destroy their CVs and all related data after five years.

Future services

Email Marketing

We are currently too busy (or perhaps just don’t have enough staff) to produce our own regular client newsletter or send out regular email blasts, much as we’d love to. However, if and when we do get around to doing so, we will produce a “subscribe to our newsletter/marketing” signup which will collect the name and email address of subscribers. We will store these in our chosen email system (Mailchimp, Communigator etc) and our CRM system. We will not interpret “sign me up for your newsletter/marketing” as “I give you permission to bombard me with irrelevant sales messages” because we don’t, and won’t.

Nobody will ever be added to our bulk mailing list without their express consent, and every recipient will be able to unsubscribe via a link in each email.

Other

As and when we update our services or get involved in different marketing activities that impact on different segments of privacy law and GDPR, we will update this privacy policy accordingly.