Who we are
The purpose of this policy is to give you a clear explanation about how The Leith Agency collects and uses the personal data you provide to us and that we collect. We ensure that we use your information in accordance with all applicable laws concerning the protection of your personal data.
If you have any queries about this policy or your personal data please contact our Data Protection Officer:
Gary Coventry Coyle
The Leith Agency
86/2 Commercial Quay
Email: [email protected]
Call: +44 (0) 131 561 8600
- We collect your contact information such as full name, company name, email address, postal address and telephone number when you email or call us with an enquiry.
- We may also collect your details from publicly available sources such as LinkedIn, TendersDirect, PublicContractsScotland in order to send you information about our services.
- In addition to the above, we collect information automatically about your visit to our website. Please see our Cookies Section for more details.
The personal data we collect will be used for the following purposes:
- Dealing with enquiries and requests about the blog posts on this website submitted to us via the contact forms on each blog post.
- Dealing with enquiries and requests about our services submitted to us via email or call.
- Sending you information about our services which are applicable to you in your role.
- Requesting information about your services which are applicable to you, your company, our company and our clients.
Our legal basis for processing of your personal data is:
- Processing is necessary to meet contractual obligations entered into by you.
- Processing is necessary for purposes of our legitimate interests in relation to goods and services that you use in your role.
The legitimate interest pursued by us are as follows:
- In response to an enquiry from you about our blog content, goods and services.
- For the purpose of promoting our goods and service via direct marketing which are relevant to you in your role. We will always confirm how your personal data was obtained and always offer an opt out of direct marketing communications.
- Enquiring about your goods and services which are applicable to our company or our clients.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal or transactional information stored on our website and systems.
The security measures we’ve put in place include:
- the encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing
We believe in being open, honest and transparent with our clients and suppliers and want you to feel comfortable about your decision to give us your personal data and how we use it.
We will use the details you provide to us to communicate with you about how we can help you in your role and help your company achieve its objectives.
We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it’s quick and easy to let us know that you no longer want to hear from us by contacting the Data Protection Officer.
In certain instances, we collect and use your personal data by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from us, we have a legitimate organisational interest to use your personal data to respond to you and there is no overriding prejudice to you by using your personal data for this purpose. However, we will always provide you with the option to opt-out of hearing from us. This is the case, for example, where we seek to obtain your consent to receive email marketing from The Leith Agency.
We will only communicate to you in the way you have told us. For example:
If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to The Leith Agency emails or opting in to email communication from The Leith Agency, you grant us the right to use the email for email marketing.
If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. We also actively check telephone numbers against the Corporate Telephone Preference Service (CTPS) and will only make telephone calls to you where your telephone number is listed on the CTPS if you have specifically told us that you do not object to such calls and have consented to receive them from The Leith Agency.
You can also change any of your contact preferences at any time, including telling us that you don’t want us to contact you for marketing purposes by contacting the Data Protection Officer.
Leah Munting / Kate Howe
Data Protection Officer
Cello Signal Group
St James House
St James Square
Email: [email protected]
Call: 01242 534200
We will never pass your personal data on to other organisations for them to use for their own marketing purposes.
However, we may disclose your personal data in the following circumstances:
- To third parties who provide a service to us. These are mailing houses, email services providers and data processors. We require these third parties to comply strictly with our written instructions and data protection laws and we make sure that appropriate controls are in place. We enter into contracts with all our third parties and regularly monitor their activities to ensure they are complying with our policies and procedures.
- Where we are under duty to disclose your personal data in order to comply with law or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or we have your written consent.
Keeping your personal data
We keep your personal data for up to 6 years and 1 month after the creation date to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of in a secure manner.
- The right to access your personal data
- The right to rectification and update your personal data
- The right to request to have your personal data erased
- The right to restrict processing of your personal data
- The right to object
- The right to lodge a complaint with a supervisory authority
- The right to access your personal dataYou have a right to obtain confirmation that your personal data is being processed. You also have the right to request a copy of your personal data we hold.
We will provide a copy of your personal data within 30 days of receiving the written request. Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification (photo ID and proof of address such as utility bill). Please address requests to the DPO.
You can use this form: Subject Access Request Form. Alternatively, please ensure you provide us with all the requested information in an alternative format to help us locate your records.
We will respond within 28 days of your request.
- The right to rectify and update your personal dataThe accuracy of your personal data is important to us. You can rectify/update your personal data, including your address and contact details at any time. Please address requests to the Data Protection Officer.
Please provide as much information as possible about your request. We will investigate and confirm our decision within 28 days of the request.
- The right to request to have your personal data erasedYou have the right to request your personal data be erased. This is not an absolute right and we will review these on a case by case basis.
Should you wish to exercise these rights please address requests to the Data Protection Officer.
Please provide your reason for your request. We will consider this and advise you of our decision within 28 days of the request.
- The right to restrict processing of your personal dataYou have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future.
Should you wish to exercise these rights please address requests to the Data Protection Officer.
Please provide your reasons for us to restrict processing of your personal data. We will consider your request and respond with our decision within 28 days.
- The right to objectYou have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.
Alternatively, you can exercise this right by contacting the Data Protection Officer.
The Leith Agency will action your request within 28 days of receiving it.
- Your right to lodge a complaint with a supervisory authorityIf you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO).
The ICO is the UK’s independent body set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO can be contacted at:
The Office of the Information Commissioner
Cheshire SK9 5AF
Tel: +44 (0) 01625 545 745
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on www.allaboutcookies.org
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on www.allaboutcookies.org. Please note however that turning off cookies will restrict your use of our website.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
We use Google Analytics to provide this service, which uses first party cookies. The data collected is not shared with any other party.
The Analytics Tools we use are:
- __Google Analytics to record how a site is performing through visitor analysing visitor statistics;
- __Lead Forensics to help identify website traffic
- __Hotjar to record heatmaps tracking user behaviour, for example clicks and taps around our website
You can opt out of being tracked by Google Analytics using the Opt Out Browser Add-On from Google.
More information about Google Analytics
The information we get through the use of these cookies is anonymised and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies we will not be able to include your visit in our statistics.
If you have used a Do Not Track browser setting, we take this as a sign that you do not want to allow these cookies, and they will be blocked.
We use the following first-party cookies on our site:
- __utma stores the number of visits (for each visitor), the time of the first visit, the previous visit, and the current visit
- __utmb and __utmc are used to check approximately how fast people leave: when a visit starts, and approximately end
- __ utmz records whether the visitor came from a search engine (and if so, the search keyword used), a link, or from no previous page (e.g. a bookmark)
- __utmt Indicates the type of request, which is one of: event, transaction, item, or custom variable
- __utmv is used for user-custom variables in Analytics