Don’t be Shy understands that Your privacy is important to You and that You care about how Your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.dontbeshy.com (“Our Site”), and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and Your rights under the law.
You can read the simplified version of this Policy here.
In this Policy, the following terms shall have the following meanings:
Account: means an account required to access and/or use certain areas and features of Our Site;
Cookie Law: means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
Personal data: means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that You give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”);
We/Us/Our: means Don’t be Shy, a limited company registered in England under company number 09912974, whose registered address is 8 Brewer St, Manchester, M1 2EU, and whose main trading address is 8 Brewer St, Manchester, M1 2EU.Back to top
2.1: Our Site is owned and operated by Don’t be Shy, a limited company registered in England under company number 09912974, whose registered address is 8 Brewer St, Manchester, M1 2EU, and whose main trading address is 8 Brewer St, Manchester, M1 2E.
2.2: Our VAT number is 231 5711 38.
2.3: Our Data Protection Officer is Joe Davies, and can be contacted by email at firstname.lastname@example.org, by telephone on 0161 883 2119, or by post at 8 Brewer St, Manchester, M1 2EU.
2.4: We are registered with and regulated by the ICO.Back to top
4.1: As a data subject, You have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
4.1.1: The right to be informed about Our collection and use of personal data;
4.1.2: The right of access to the personal data We hold about You (see section 15);
4.1.3: The right to rectification, if any personal data We hold about You is inaccurate or incomplete, and you would like it to be updated, please contact Us;
4.1.4: The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about You (We only hold Your personal data for as long as is necessary, but if You would like Us to delete it, please contact Us);
4.1.5: The right to restrict (i.e. prevent) the processing of Your personal data;
4.1.6: The right to data portability (obtaining a copy of Your personal data to re-use with another service or organisation);
4.1.7: The right to object to Us using Your personal data for particular purposes; and
4.1.8: Rights with respect to automated decision making and profiling.
4.2: If You have any cause for complaint about Our use of Your personal data, or would like to exercise any of your rights as a data subject, please contact Us using the details provided in section 17 and We will do Our best to solve the problem for You.
4.3: We will attempt to handle all requests without delay, and at the latest within one month of receipt. Please note, We will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, We must inform You within one month of the receipt of the request with a suitable explanation as to why the extension is necessary.
4.4: If We are unable to help, You also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office here.
4.5: For further information about Your rights, please contact the Information Commissioner’s Office or Your local Citizens Advice Bureau.
5.2: Job title;
5.3: Job function;
5.5: Business/company name;
5.6: Company size;
5.7: Company budget;
5.8: Workplace contact information such as email addresses and telephone numbers;
5.9: professional / job role / career related information such as business challenges, preferences, and interests;
5.10: Other business/company information;
5.11: IP address;
5.12: Web browser type and version;
5.13: Operating system;
5.14: A list of URLs starting with a referring site, Your activity on Our Site, and the site You exit to;
5.15: You can exercise any or all of Your rights regarding the collection of Your personal data by contacting Us using the information or the form provided in section 17.Back to top
6: Where does Your Data come from?
6.1: Currently all of Our database comprises of personal contacts of Don’t be Shy and/or it’s Directors or Employees, or have been researched as part of Our sales or marketing activities, to uncover contacts at organisations We deem to be relevant for Our prospect database, with a likely interest in Our products or services.
6.2: We do not currently purchase any third party data lists, but may do so in the future, with similar targeting criteria to the research described in 6.1. Should this occur, all appropriate compliance and security measures would be put in place, and data only purchased from trusted sources.
6.3: Any future sources of purchased data would be made available to you, on request, should You wish to contact the supplier to have yourself removed.Back to top
Don’t be Shy only looks to process data relating to data subjects in their roles as business employees, and of the organisations they work for. Sensitive personal information is not something We collect knowingly, unless required by law, and the only processing We would undertake with such data were it discovered, should it have been erroneously submitted to Our website or databases, would be to promptly delete it.Back to top
When hiring for new positions We will store the personal data provided in Your application, and that of Your provided references, for as long as is necessary or if there is a continued potential opportunity for Us or yourself. If We hold an application of yours in any form and You would like to exercise any of Your rights as a data subject, please use the contact details provided in section 17.Back to top
9.1: All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard Your rights under the General Data Protection Regulation at all times. For more details on security see section 11, below.
9.2 Our use of Your personal data will always have a lawful basis, either because it is necessary for Our performance in fulfilling a contract with you, because You have consented to Our use of Your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests to do so. Specifically, We may use Your data for the following purposes:
9.2.1: Providing and managing Your functional access to Our Site;
9.2.2: Personalising and tailoring Your experience on Our Site;
9.2.3: Supplying Our content, products and/orservices to You (please note that We require Your personal data in order to enter into a contract with you);
9.2.4: Personalising and tailoring Our content, products and/or services for you;
9.2.5: Individually replying to emails or form submission requests from you;
9.2.6: Sending You individual one-to-one emails as part of Our business development activities
9.2.7: Market research;
9.2.8: Analysing Your use of Our Site, and in some cases gathering feedback, to enable Us to continually improve Our Site and Your user experience;
9.2.9: For profiling purposes through Your use of Our Site, ie the pages You visit and the forms You submit, and thedata We collect or You provide us, such as job role or industry, in order to create a persona profile. This enables Us to personalise and deliver content to You that Your actions have indicated to be most interesting and relevant to Your role, business interests and preferences. All of this is low level, and done purely for segmentation and persona targeting, based on perceived likely interests, due to Your corporate profile. No profiling or automated decision making is made that could affect you negatively in ways, such as financially or legally, or in a way that would dictate the type of service You may receive from us;
9.3: Our use of data for direct marketing purposes: With Your permission and/or where permitted by law, as in the applicable lawful grounds for processing. We may also use Your data for marketing purposes which may include contacting You by email, telephone,text message social media advertising, and/or post, where appropriate and permitted, with relevant content, information, news and offers on Our productsand/or services, and done so with full attempts to minimise any impact on Your privacy. We will take all reasonable steps to ensure that We fully protect Your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
If You have received an email You did not sign up for, or would like to withdraw Your consent for, You may unsubscribe or opt-out at any time via the footer of one of Our emails, or by letting Us know here.
Please review the dedicated section on Our Legitimate Interests to process data for marketing purposes in Section 13, or to object to the processing of Your data in this manner please use one of the options in section 17.
9.4: You have the right to withdraw Your consent, object, or restrict Our using of Your personal data at any time, and to request that We delete it (We may need to keep Your email address alone for suppression purposes, in order to ensure We do not contact You against Your will). Learn more about Your rights as a data subject in section 4.Back to top
10.1: We do not keep Your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We do not have a specific ‘expiry date’ for the personal data We collect, but will periodically clean Our databases for accuracy and to remove information from contacts who have expressly opted out. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
10.1.2: Data held for B2B marketing purposes will be held for no longer than is appropriate without engagement, and deleted if unresponsive to a re-engagement program;
10.1.3: Data held for Customers will be held for the duration of Our contracted period together, should the contract come to it’s end, any highly personal data will be removed, leaving just that necessary for section 9.9.2, should further contact potentially be of interest to either party, unless specifically requested otherwise;Back to top
11.1: We only keep Your personal data for as long as We need to in order to use it as described above in sections 9 and 10, and/or for as long as We have Your permission to keep it.
11.2: Some or all of Your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using Our Site and submitting information to Us. If We do store data outside the EEA, We will take all reasonable steps to ensure that Your data is treated as safely and securely as it would be within the UK and under the GDPRincluding:
11.2.1: Ensuring the EU-US Privacy Shield Framework Participation of Our Third-Party Providers based in the United States;
11.2.2: A GDPR compliant Data Processing Agreement with all Third-Party Partners, Data Processors and Sub-Processors with visibility of any personally identifiable data;
11.3: Data security is very important to Us, and to protect Your data We have taken suitable measures to safeguard and secure data collected through Our Site.
11.4: Steps We take to secure and protect Your data and its privacy include:
11.4.1: Ensure all staff, processors, and sub-processors, including contractors, have signed a GDPR compliant Data Processing Agreement and have undergone training where appropriate, ensuring security and compliancy;
11.4.2: Ensure all staff and sub-processors, including contractors, have personal passwords of significant security, with a minimum of 8 alphanumerical characters, including both higher and lower-case letters;
11.4.3: Storing all personally identifiable data securely in the cloud, in password protected repositories, and only ever on physical devices for as long as is necessary to complete the processing required;
11.4.4: Ensure all staff and sub-processors, including contractors, carry out a Data Processing Actions Record, to ensure appropriate actions are completed securely and at minimal risk to the data subjects, while maintaining accountability;
11.4.5: When transferring personally identifiable data, all files are password protected, with passwords delivered separately;
11.4.6: If You opt-out or unsubscribe from communications with us, We will store Your data on specific opt-out lists, to ensure that You are not contacted again erroneously. If You wish to exercise one of Your data subject rights, including the Right to be Forgotten, please contact Us using one of the options available in section 17. Please be aware that We may need to keep Your email address alone on these specific opt-out lists.
11.4.7: Our opt-out data is periodically stripped of all additional data fields regardless of requests, in order to maintain Your security, and keep Our lists clean.Back to top
12.1: We may sometimes contract third parties to supply products and/or services to Us or You on Our behalf. These may include payment processing, delivery of goods, search engine facilities, analytics, social functions, tracking, advertising, and marketing. In some cases, the third parties may require access to some or all of Your data. Where any of Your data is required for such a purpose, We will take all reasonable steps to ensure that Your data will be handled safely, securely, and in accordance with Your rights, Our obligations, and the obligations of the third party under the law.
12.2: We have strict data processing agreements with Our third party providers to maintain the levels of security and privacy that We uphold ourselves, none of the data We collect or that You provide Us is ever owned by any of these third parties and the processing they undertake is strictly for the purpose of providing their service, and no more.
12.3: Your data will never be sold by Don’t be shy to any other parties.
12.4: We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
12.5: We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that Your data is treated as safely and securely as it would be within the UK and under the GDPR including:
12.5.1: HubSpot, Google Analytics, LinkedIn, Facebook, Twitter;
12.5.2: Ensuring the EU-US Privacy Shield Framework Participation of Our Third-Party Providers based in the United States;
A GDPR compliant Data Processing Agreement with all Third-Party Partners, Data Processors and Sub-Processors with visibility of any personally identifiable data;
12.6: In certain circumstances, We may be legally required to share certain data held by Us, which may include Your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.Back to top
As a solely B2B organisation, only looking to process data, the specific types of data, and doing so in the methods described in this policy, We are using the lawful grounds for processing data “Legitimate Interests”. We are doing so because We have a Legitimate Interests to process data in order to grow and maintain Our business, by driving sales of our services through Our marketing activities. Due to the nature of the data captured, and the measured and best practice use of what we do capture, the impact on Your privacy is minimal. With the security measures in place, in the very unlikely situation of a breach, the potential risk to yourself is minimal, as We do not aim to process any data deemed to be sensitive or with the potential for abuse, personally or financially.
13.2: To ensure this method of processing is applicable, appropriate, necessary for Us as a business and considered in regards to Your privacy as an individual, We have undertaken a Legitimate Interests Assessment, as a balancing test. We will review and update this regularly and as necessary, as time passes or Our marketing activities change. If You would like more information on Our use of Legitimate Interests, please contact Us using one of the options in Section 17.
13.3: We may also process Your data where it is necessary for the provision of a contract We have with You or Your business, or because We have been asked to take specific steps prior to entering a contract.
13.4: In certain circumstances We may be legally required to process data in order to comply with the law.Back to top
14.1: Please contact Us using one of the options in Section 17 to tell Us what type of data You would like Us to stop processing, or if You would like Us to change any of the methods of processing Your data. Where realistic We will assist You in ensuring Your data is only processed in a method You are comfortable with.
14.2: You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent You receiving unsolicited marketing. Please note, however, that these services will not prevent You from receiving marketing communications that You have consented to receiving.
You have the right to ask for a copy of any of Your personal data held by Us (where such data is held), or control what kind of data We hold on you. Under the GDPR, no fee is payable and We will provide any and all information in response to Your request free of charge. We will do Our best to solve the problem for You without delay, and at the latest within one month of receipt. Please note, We will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, We must inform You within one month of the receipt of the request with a suitable explanation as to why the extension is necessary. Please contact Us for more details at email@example.com, or using the contact details below in section 17.Back to top
If You have received an email You did not sign up for, or would like to withdraw Your consent for email marketing, You may unsubscribe or opt-out at any time via the footer of one of Our emails, or by letting Us know here.
You can read the simplified version of this Policy here.Back to top
18.2: In the event that any of Your data is to be transferred in such a manner, You will be contacted in advance and informed of the changes. When contacted You will be given the choice to have Your data deleted or withheld from the new owner or controller.Back to top