Privacy Notice

Any personal information provided to or gathered by Making Waves is controlled by Making Waves Creative Limited (company number 09587945), registered in England & Wales and whose registered office and principal place of business is at 21 Silver Street, Ottery St. Mary, Devon, EX11 1DB (“we”, “us”, “our”).

We are committed to protecting and maintaining the privacy of those who use our services; this Privacy Notice describes how Making Waves Creative Ltd collects, processes and stores personal data, to include via our website: https://www.makingwavescreative.com, other sites and other online platforms. The data controller under applicable data protection legislation is the company mentioned above. All personally-identifiable information provided to or gathered by us, including through our website, will be treated as confidential and we will not abuse this trust by providing all or any part of your information to others unless you have consented to this, where this is in our legitimate interests or to meet a legal obligation, further outlined below. Your information will never be sold, licensed, loaned or otherwise distributed to any other organisation unless we are required to do so by applicable law. Subject to any overriding obligation to which we are subject, you have the right to object to the processing of your personal information, by a simple request that we stop such processing.

Collection of personal information

We may collect personal information in various ways, including in e-mail or written correspondence with you or to which we are copied, by the attendance of you and others at events, via third party services, through our website or otherwise directly from you. You have a choice whether to provide any information to us, except where this is necessary to fulfil any contract – such as in relation to the provision of our services (albeit recognising that such a decision may mean that we are unable to provide our services as you expect), or where we are required to do so by applicable law or a Government agency or law enforcement.

Certain information will be part and parcel of the data that we receive from our clients or other individuals; this may include names, addresses, e-mail addresses or other contact details, together with personal or sensitive information about individuals including, but not limited to images, photographs, personal details and other identifiable information.

We assess and document our processing activities on an ongoing basis and update our records, accordingly; our approach seeks to ensure good data governance and compliance with our data protection obligations.

We maintain records of consent, where we rely on active consent for the processing of personal data, and will ensure processing is limited or ceases where such consent is withdrawn.

Why we process your personal information

Our use of your personal information will at all times be in accordance with applicable data protection laws; we rely on the following grounds justifying our processing of personal data:

• Consent Explicit consent for us to do so.

• A Contract or Legal Obligation to fulfil our obligations under an existing contract or other legal obligation, in certain circumstances our right to process this information will override your right to object to us doing so.

• Legitimate Interests We may judge that we have legitimate grounds to process your personal information in certain ways and where that is the case, we will balance our own interests against your own or the relevant individual whose data is being processed, to ensure that the rights and interests of those individuals who interact with us are protected.

Where information is obtained through or as a result of your use of our Site, we use this information for the following purposes:

• To understand and appreciate your needs and requirements as a user of our site or our services generally;

• To keep in contact with you;

• For internal record keeping;

• To provide relevant information about our services or those that we may offer from time to time;

• To improve our products and services;

• For analysis in relation to the technical specification and user experience of our site, for the purposes of developing and improving our site and the services that we provide; and

• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.  We may use the information to customise the website according to your interests.

Data related to health or religious beliefs, for example, is known as ‘special category’ data within the meaning of relevant data protection laws; we only anticipate collecting and processing this information where it is incidental and forming part of any marketing material or information provided to us which is incidental to the marketing consultancy and work that we are undertaking for our clients but not further or otherwise.

We may process personal information, following anonymisation, to assess trends or for research or analysis; however, any particular individual will not be identifiable where we choose to undertake such activities.

Managing your preferences, including for marketing

In addition, we may process your information for marketing purposes (including offers, promotions and updates in relation to our services, that we believe may be of interest to you) that relate to similar goods or services, either where you are or have been a user of our services or have made an enquiry about them previously or where you have given your explicit consent.

You have the right to manage your preferences in relation to the kinds of information that we collect and the manner in which your information is processed – you can update these preferences at any time through our site; you can also withdraw your consent, either as a whole or in relation to particular kinds of information or delivery methods.  We encourage our users and clients to exercise these preferences so that they only receive the information that they wish from us and so that our use of their information is consistent with their own expectations.

You may ask us to erase information that we hold about you, except where there is some other reason requiring us to maintain the information, such as for insurance purposes, for example.  We monitor and will also delete information and data that we hold, where we reasonably consider this no longer to be required.

If you have accepted the relevant cookies, we may collect, store and process non-personal information about you automatically as a result of your use of this site, such as the type of internet or mobile browser that you are using to gain access and any website from which you linked to us, but you cannot be identified from this information. We will only use such non-personal information to help provide an effective and more relevant website offering.

Where your browser settings have been set to automatically accept cookies, by remaining on our site, we will take this to mean that you are happy to accept our use of cookies.  You can update these preferences at any time but please be aware that certain functions of the site may not work as well where cookies are blocked.

Information officer

Under GDPR (which, in this Privacy Notice, means EU Data Protection Regulation 2016/679 and laws implementing or supplementing GDPR as the data protection or privacy laws of any other country), the nature of the processing that we undertake does not require us to appoint a formal Data Protection Officer (DPO); however, we may maintain equivalent standards and the nominated representative for the purposes of compliance with our data protection obligations is our Managing Director.

Technical & organisational measures & security

The protection of our clients’ personal information is important to us and therefore we have and maintain appropriate technical and organisational measures to achieve these aims. These seek to protect personal information that we process from and against unauthorised or unlawful use, or accidental loss, damage or destruction and we review these measures, on a regular basis to ensure that they are appropriate.

These include encrypted access to our systems, only accessible by our personnel, utilising secure and regularly-updated passwords and access to and processing of information though our site, using secure HTTPS.

In relation to data security, you accept the risk that data transmitted to us through this site via electronic means may be intercepted before reaching us or may be accessed by unauthorised third parties, or exploited unlawfully. We do not assume any responsibility for guarding against the acts of third parties and shall not be liable for any direct, indirect or consequential losses or damages incurred or suffered as a result.

Sharing your personal information

We will never share your personal information with others for commercial gain or in ways that you would not reasonably expect of us.

Unless we have your explicit consent otherwise, we will only share your personal information where this is necessary to fulfil our contract with you or where we have a legal obligation to do so. You appreciate that in order to provide you with our services, it may be necessary or more efficient for us to engage other businesses that provide complementary services, allowing us to fulfil your needs or where such other services are necessary for us to operate our business; examples, without limiting this description, may include graphic designers, website designers and developers, or similar technology, event management or event provider businesses, accommodation and hospitality providers, IT and website backups, hosting providers, HR advice and consultancy, payroll and bookkeeping services, software and program providers, banking and financial provider and equipment suppliers.

In addition, we may process your information where we are required or permitted to do so under applicable law, where required to do so by any Government agency or law enforcement, where it is necessary in connection with the sale or potential sale of our business or where we conclude that we have and can show one or more legitimate interests for doing so.

Linking to other sites

To add value to visitors’ experiences when using our site, we may provide links to other websites or resources for you to access at your sole discretion, but you agree that we shall not be responsible or liable to you in respect of the availability or content of, or consequences of you linking to, any such external site and you should review the privacy notices of those sites before proceeding; although we welcome links to this site, we shall be entitled to demand that such links are broken if we consider the content or nature of the linking site to be unsuitable or unprofessional, as we see fit.

Service providers & third parties

We may on occasion have the need to transfer your data to suppliers located outside of the European Economic Area (“EEA”), including in the USA. We will only do so where the legal regimes of those territories outside of the EEA offer an equivalent standard of data protection to our own.

Where it is necessary to provide information to external service providers or partners in relation to services that they provide to us, in order to operate our business or to provide you with the services requested, we have adopted approved model data protection clauses in our arrangements with them, to ensure they meet the same high standards required in relation to the processing of your personal information under applicable data protection laws.

How long we store personal data

We maintain the data that we collect in providing our services to clients, for certain periods of time that we have determined; after which such data will generally be erased or securely destroyed.

Your rights and how to exercise them

You may request a copy of the information that we hold about you (known as a Subject Access Request).  In addition, under the GDPR, you may exercise the following rights:

A right of access to the information that we hold about you – as above.

A right to have your information corrected if it is inaccurate or incomplete.

A right to have information removed or deleted from our records and systems.

A right to block us from processing your personal data or to limit the way(s) in which we can use it.

A right of portability; to request that we move your personal information to someone else, in a machine- readable form.

Please contact us via a simple request, where you wish to exercise any of your above rights or if you wish to file a complaint about our collection, processing or use of your personal information.

Right to object to processing

Whatever justification we rely on, under GDPR you have a right to object to our processing of your personal information, unless we have a separate legal or regulatory obligation to do so, in which case our processing will only be limited to the extent to which we need to process your information. However, except for this, you may confirm your objection to the extent and kinds of processing being undertaken, by sending us a simple request, updating your preferences.

Disclosure of your information

We only transmit data to third parties in very limited circumstances and never for the purposes of marketing or to ‘sell’ the data we hold. Certain information may be available to essential organisations upon whom we rely to run our business; our contractual terms with those third parties provide the assurances under Article 28 of GDPR that they will abide by the requirements of GDPR in processing data, to the extent that we require, on our behalf.

We will never sell, transfer or disclose personal data for commercial gain or for any purpose outside of that strictly necessary to run our business and provide our services.

Your preferences about our use of your personal information

If we send you any information by way of marketing, this will be based on our having previously sold to you or responded to an enquiry for similar goods or services; all communications of this nature will include a simple means of unsubscribing. You may wish to update your preferences concerning what you receive and in what format that takes; to let us know about your preferences, to include if you wish to change them, please visit the relevant area of this Site or otherwise send us a simple request confirming those changes and we will update your preferences to reflect your wishes immediately.

Should you no longer wish to be contacted by us, please either confirm this in a simple request or by updating your preferences.

Retaining personal information

We will only keep your personal information for such period as we deem necessary to fulfil the purpose(s) for which it has been collected or in relation to legal obligations to which we are subject. We monitor and regularly delete information and data that we hold, where we reasonably consider this to be no longer required for any legitimate purpose.

Where we are able to fulfil a request to delete and erase your personal information, we will fulfil that request, unless there is some other obligation to which we are subject requiring us to retain your data, in which case we will retain it only for so long as is necessary to meet that other legal obligation.

Your information & keeping it up to date

You have the right to request details of the information that we hold about you. Should you wish to be provided with these details, please contact us with a simple request. We wish to keep any information that we hold about you accurate and up to date and therefore please contact us if the information we hold about you needs updating. If you have any questions or concerns regarding your privacy, or if you experience difficulties in accessing or viewing any site(s) operated by us, please contact us. We value your feedback in relation to our online presence and therefore welcome any comments or feedback which you may have.

Changes to this privacy notice 

We may change or modify this Privacy Notice at any time and we recommend that you check the latest version of this notice each time that you access the Site.  The date of the most recent update will appear below.  Any significant changes to this notice may be confirmed through direct communication with you, where we consider that such changes should specifically be brought to your attention.

This Privacy Notice was last updated on 21st January 2019