Privacy Policy

 

What is this, and why should I read it?

At BeeLiked, we take the issue of your privacy very seriously, which is why we work diligently to ensure that we have policies and procedures in place that allow us to continue our mission of helping create brilliant, engaging, and bespoke marketing promotions for our customers. We want to understand what appeals to them, so we can design engaging, cutting-edge promotions that support our marketing strategy and generate leads. For that, we need to know about people within the business – who makes the purchasing decisions, who is authorized to give instructions regarding the account, who should have access to the promotions platform to make changes or analyse audience data, and who pays the bills. This Data Privacy Notice should be read in conjunction with our Data Processing Addendum (DPA), particularly regarding data transfers outside the EEA or UK and the use of third-party service providers, to ensure consistent data protection practices and compliance with legal requirements.

The following privacy policy was developed in accordance with UK data protection laws, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), and explains what personal information we collect or receive from you, how we process such personal information, and what we do to keep your personal information safe and secure. This policy is aligned with our Data Processing Addendum (DPA) to ensure consistent data protection practices, including the roles of data controller and data processor, data retention periods, and the lawful bases for processing personal data.

Please carefully read the following to understand our views and practices regarding your personal information and how we will treat it.

Who we are and what we do

We are BeeLiked Media Limited, a company on a mission to help our clients grow by enabling them to create brilliant & interactive promotions that help their businesses grow. We are registered at the UK Companies House; our company number is 06795071, and our ICO registration number is Z3249632. We collect personal information from the following types of people to allow us to undertake our business:

  • Customers using our interactive marketing platform to create great promotions for their customers and employees;
  • Prospective customers browsing our website, and
  • Our own employees, contractors, freelancers, partners, and shareholders.


We collect information about you to carry out our core business and ancillary activities.

Important Notice Regarding Promotion Access Channels

BeeLiked promotions can be accessed through multiple channels, each involving different roles in personal data control and processing:

  • Client-Embedded Promotions:
    When a BeeLiked client embeds a promotion on their website or shares a direct URL (via social media, email, or other channels), the client acts as the data controller for any personal data collected via that promotion. BeeLiked Media Ltd. acts solely as a data processor, processing personal data strictly according to the client’s instructions and does not use or control the data beyond supporting the promotion.
  • Promotions Accessed via RunnyHoney:
    When a client shares their BeeLiked promotion through RunnyHoney, our consumer-facing game hub, the client remains the data controller for any personal data collected via the client’s game or promotion, even if accessed via RunnyHoney. BeeLiked Media Ltd. acts as a data processor for this client-controlled data.
  • User Registration or Data Shared with RunnyHoney Outside Client Promotions:
    Users may register or share personal information directly with RunnyHoney independently of any specific client promotion. In these cases, BeeLiked Media Ltd. is the data controller for that information. Any sharing of such data with a client occurs only with the explicit consent of the user/game player.

 

This privacy policy relates specifically to BeeLiked’s B2B SaaS platform role. If you are a user registering or playing games on RunnyHoney, please refer to the separate RunnyHoney Privacy Policy for information about how your personal data is collected, used, and protected.

What about audience data?

When we support our Customers by powering their promotions, we inevitably have access to some end-user data (‘Audience Data’). But we’ve taken steps to protect their privacy and rights.

While details about the end-users who enter the promotions we power are extremely useful for you, we don’t need them. We are your Data Processors when it comes to data end-users provide, like name and contact, or information observed or derived from data about their activity and engagement (‘Audience Data’). That means we don’t decide what to do, how to collect it, or how to use it. You do. And we support you by following your instructions.

Please note:

  • When a client embeds a promotion on their website or shares a direct URL (via social media, email, or other channels), the client acts as the data controller for any personal data collected via that embedded promotion. BeeLiked Media Ltd. acts strictly as a data processor in these cases.
  • When a promotion is accessed via RunnyHoney, our consumer-facing game hub, the client remains the data controller for any personal data collected within their promotion, even if accessed through RunnyHoney. BeeLiked acts as a processor for this client’s data.
  • RunnyHoney may also collect personal data independently of client promotions (such as user registration or platform activity). In these cases, BeeLiked Media Ltd. is the data controller for that information. Any sharing of such data with a client occurs only with the explicit consent of the user/game player.

 

Put simply, we don’t use what we don’t need, and we’ve put controls in place to enforce this. That means:

  • You can see the types of Audience Data you’ve selected from our templates and manage your settings. We can’t unless you instruct us to or give us temporary access for technical support.
  • We use strict access controls and an encrypted database to prevent anyone other than authorized account holders (i.e., with administrator access) from accessing Audience Data. So, BeeLiked won’t see your Personal Data except where necessary to support your campaign.

 

When you choose to run a promotion using a BeeLiked-powered chatbot across various channels, e.g., Meta Messenger, the end-user using their credentials gives it permission to share specific profile data or communicate with your promotions through BeeLiked utilizing an API. BeeLiked doesn’t get that information. Users manage what information they want that platform to share with you through their privacy settings.

  • If we do gain access to Audience Data, we only access what is necessary (for example, to assist with an Erasure request or Data Subject Access Request), and only those within BeeLiked with a strict need-to-know basis are granted access. We can’t export any Audience Data. Only you can (if you have Administrator access).
  • When the end-user signs into a promotion, a session cookie is generated that identifies the user, allowing them to re-enter the promotion without having to re-enter their information.

 

And no, we’re not building profiles of your end-users. We’ve put in controls to ensure Audience Data for each promotion is held separately, which means we don’t mingle or match Audience Data across BeeLiked promotions.

So, what do you tell end-users in your mandatory Privacy Notice? Everything you’re supposed to tell them under the Data Protection Act 2018 (DPA 2018) and UK GDPR and in particular, what you collect and how you use it. And when you need to tell them about third parties like BeeLiked, feel free to use some of the information below.

What if I have questions or concerns?

If you ever have any questions or concerns about how we handle your Personal Data, contact:

Email: Privacy@beeliked.com

Our commitment to your privacy (personal data processing principles)

Regardless of where, why, or how we obtain or process your Personal Data, we comply with Data Protection Laws. The Data Protection Laws protects ‘Data Subjects’ in the UK and EU (that’s you) by imposing stricter obligations on ‘Data Controllers’ (that’s us when it comes to our clients) and ‘Data Processors’ (that’s us when we power our clients’ promotions, and the vendors support our business) when we ‘Process’ ‘Personal Data’. These capitalized terms are Data Protection Law-speak. To decode them, see our glossary below: ‘Personal Data,’ ‘Processing,’ ‘Controller,’ and ‘Processor’. What do all these terms mean?

In a nutshell, the DPA 2018 applies to any data that might identify a living individual (i.e., you), wherever or however we got it (e.g., from you, from someone else, or by analyzing your activity), whatever we do with it and wherever we Process it, even if someone else Processes it on our behalf. For data transfers outside the European Economic Area (EEA) and the UK, please refer to our Data Processing Addendum (DPA) for specific details on the safeguards in place.

This means that whenever we process your Personal Data, we do so

    • Lawfully: Only if we can justify it on one of the following Lawful Bases:
      • Consent
        You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.
  • Legitimate Interests

To help fulfil a legitimate business objective (see the ‘Why’ column of the Your Data At-a-Glance chart below), after confirming we’ve only used what’s reasonably necessary and proportionate to meet that objective and struck the right balance between our interests and yours (Legitimate Interests Assessment (LIA)). We have a Legitimate Interest in Processing Personal Data to operate our business, generate leads and sales, support our marketing campaigns, make sure our relationship with you runs smoothly, and protect the Personal Data and commercial data we hold by securing our network and information systems. This processing is conducted in compliance with our Data Processing Addendum (DPA), ensuring adherence to data protection laws and established safeguards.

  • Contractual Necessity
    To enter into or fulfil our contract, including generating a quote.
  • Legal Obligation

To comply with the law (e.g., tax reporting, Data Protection Laws).

  • Vital Interests
    In rare instances where one of the others doesn’t apply, we need your Personal Data to protect your vital interests or those of another person. It’s highly unlikely we would ever need to rely on this Lawful Basis.
  • Fairly and transparently: we strike the right balance between our interests and yours and tell you what we do with your Personal Data.
  • For a specific purpose: we won’t use your Personal Data for another incompatible purpose unless the law permits or requires us to.
  • Using the least amount reasonably necessary.
  • Ensuring it is accuratecomplete, and up-to-date.
  • For a limited time: Only for as long as reasonably necessary, and then we either destroy it or de-identify it so it can’t be linked back to you.
  • Securely: managing our people and designing our processes and technology to ensure end-to-end confidentiality, integrity, and availability.
  • Within the UK/EEA: we do not transfer your Personal Data outside the EEA or the UK except as permitted under Data Protection Law, the Data Processing Addendum (DPA), and with appropriate safeguards. These safeguards ensure consistent protection, and we verify that third parties we rely on adhere to these standards as well. For transfers outside the UK/EEA, we rely on mechanisms detailed in our DPA, including Standard Contractual Clauses or ensuring the recipient country has an adequacy decision. All third-party service providers are thoroughly vetted to ensure their data processing activities align with the commitments outlined in our Data Processing Agreement (DPA).
  • With your rights in mind, we make it easy for you to exercise your rights as detailed in this notice and under applicable Data Protection Law (see Your Rights below).

 

The lawful bases we rely on depend on the nature of our relationship with you and the role BeeLiked plays when processing your personal data:

  • For our clients and their promotion data:
    When BeeLiked powers promotions on behalf of our clients, we act as a data processor, processing data strictly on your (the client’s) instructions. The lawful basis for processing this data is typically contractual necessity (to deliver the service) or your legitimate interests as the data controller of that information.
  • For users registering or interacting via RunnyHoney outside of client promotions:
    BeeLiked Media Ltd. acts as the data controller for personal data collected through RunnyHoney during user registration, verification or platform activity. The lawful basis for processing this data is primarily explicit consent or, where applicable, contractual necessity.
  • When RunnyHoney shares user data with clients:
    Any personal data shared with clients from RunnyHoney occurs only after the user has provided explicit consent. At that point, the client assumes the role of a data controller and is responsible for processing that data further under their own lawful basis.

 

The types of personal data we process about you are grouped under the following categories, in accordance with data minimization principles:

Basic ID: Includes your name, job title, and company affiliation.

You have given us permission, which you can withdraw at any time as described in this notice. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA or the UK where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. These transfers are also governed by the Data Processing Addendum (DPA), which includes Standard Contractual Clauses or other appropriate safeguards. We currently don’t process Special Data or conduct ADM, and if we do, we will ensure it is compliant with the DPA and applicable law.

Contact: Includes email address, social media contact (if applicable), and telephone numbers.

Email address, social media contact (if applicable), and telephone numbers.

Prospects: Includes lists with Basic ID and Contact data of potential contacts occupying appropriate roles within companies we wish to target.

Lists with Basic ID and Contact data of potential contacts occupying appropriate roles within companies we wish to target. We also scrape details from LinkedIn and LinkedIn Sales Navigator. This information is inputted into and managed through our CRM, HubSpot, ensuring compliance with HubSpot’s privacy policies and data protection measures.

Marketing and Communications: Includes your preferences in receiving marketing from us, including do-not-call and unsubscribe requests (suppression lists).

Your preferences in receiving marketing from us, including do-not-call and unsubscribe requests (suppression lists).

We track emails read/unread and where (city) and email links clicked using Hubspot with a cookie that only gets dropped on your device if you enable images. You can adjust your settings to disable tracking pixels, and we ensure this tracking is compliant with PECR.

We use Slack to chat securely with existing, signed-in customers, ensuring all communications adhere to data protection standards.

Account & Billing: Includes contract details, details of services you have purchased from us or for which you have sought a quote.

Contract details, details of services you have purchased from us or for which you have sought a quote. Bank account and payment card details. Billing address, invoices, and payment history. This is inputted into and managed through our Hubspot CRM and our accounting system, Xero, ensuring secure handling of financial data.

Access: Includes access level to your company’s client dashboard (e.g., superuser, admin, etc.).

Access level to your company’s client dashboard (e.g., superuser, admin, etc.).

Customer Service & Profile Data: Includes customer service interactions, complaints, correspondence, and notes we input into our databases relating to your interactions with us.

Customer service interactions, complaints, correspondence, and notes we input into our databases relating to your interactions with us are stored in our Hubspot CRM, which is linked to our company Gmail account and calendar (G Suite), ensuring secure data management and accessibility.

Our online chats with clients, inbound inquiries, and automated marketing emails and messages are powered by Hubspot. The contact information you input is captured in Hubspot and Typeform and stored in our CRM in Hubspot to make it easier for us to communicate with you and market to you (if you consent), in accordance with data protection laws.

Voice recordings: For clients communicating with us, (VOIP), calls are automatically recorded for quality assurance and training purposes, with appropriate consent where required.

Technical data: Includes data related to your device and interactions with our services.

BeeLiked’s proprietary web application (CMS for interactive promotions) for signed-in clients is hosted on Amazon AWS EU, ensuring data residency within the EEA. It collects certain Internet protocol (IP) addresses, your login data (including the date and time of your last login), browser plug-in types and versions, time zone settings and locations, and other operating system (OS) details applicable to the device you connect with to enable support.

Data related to logged-in users’ behavior on our website or your interactions with us through different communication channels (e.g., when you’ve read an email, when you’re logging in), ensuring this data is used in accordance with this notice.

Cookies: Includes data collected through cookies on our website to enhance user experience.

Our website uses cookies to distinguish you from other website users. This helps us provide you with a positive and tailored experience when you browse our website, and it also enables us to improve our website. For detailed information regarding the cookies we use and the purposes for which we use them, see our Cookie Policy, ensuring transparency and user control.

Web analytics: Includes standard internet log information and visitor behavior patterns obtained using Google Analytics and other tools. These analytics are managed in accordance with our Data Processing Addendum (DPA).

Standard internet log information and visitor behavior patterns obtained using Google Analytics and other tools. We get aggregated statistics, ensuring no individual is identified. These processes are further detailed in our Data Processing Addendum (DPA).

  • pages visited
  • time on page
  • interactions/clicks and related information
  • traffic and exits

Hubspot and Posthog track which pages and campaigns logged-in clients visit. It also provides aggregated and individual visitor behavior. This client information is channeled through Hubspot and Posthog to provide us with a more comprehensive picture, ensuring that data is used for the legitimate business purposes of our clients.

Website security & performance (web security): Includes measures to protect our website and your data from unauthorized access. These measures are detailed further in our Data Processing Addendum (DPA).

We use Amazon AWS to help maintain the security and performance of our website, which is hosted on Amazon AWS EU (Europe) hosts. BeeLiked develops its own website with internal developers and freelancers worldwide, all of whom are bound by confidentiality under our contract and data protection agreements. As detailed in our Data Processing Addendum (DPA), we ensure that appropriate safeguards are in place for any data transfers, including those related to website development and maintenance.

Images: Includes photos if you choose to share them, for example, if your email includes your photo or automatically makes it appear along with your message.

Photos if you choose to share them, for example, if your email includes your photo or automatically makes it appear along with your message (you manage this through your own email platform’s preference settings). Please refer to our Data Processing Addendum (DPA) for details on how we handle and protect your data, including images, particularly if data transfers outside the EEA or UK are involved.

Feedback / Testimonials: Includes feedback you share directly or through our communication channels regarding our promotions and services.

We capture feedback you share directly or through our communication channels regarding our promotions and services, and any testimonials you’ve permitted us to include on our website (thank you!), ensuring we have your consent to use them. Our data processing activities, including the handling of feedback and testimonials, are conducted in accordance with our Data Processing Addendum (DPA), which outlines our obligations and safeguards for your personal data.

Your data a glance

You have given us permission, which you can withdraw at any time as detailed in this notice. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM, and if we do, we will ensure it is compliant with the DPA and applicable law. All data processing activities are conducted in accordance with our Data Processing Addendum (DPA).

Purpose

What

From Whom

Lawful Basis

Retention (Months)

Shared With

Generate B2B leads and marketing

Prospects, Marketing & Comms Preferences

You, LinkedIn, Twitter, event signups, scraped data

Legitimate Interests (B2B soft opt-in), Consent (B2C)

24

Marketing & Sales, Vendors

Set up a demo / contact request

Basic ID, Contact, Tech Data, Engagement Data

You, engagement tools

Contractual Necessity, Legitimate Interests

24

Marketing, Vendors

Analyze engagement and optimize campaigns

Web Analytics, Tech Data, Marketing Data, Cookies, Feedback

You, analytics tools (e.g., Hubspot, Posthog)

Legitimate Interests

24

Marketing, Analytics Vendors

Compliance with marketing & cookie rules

Contact, Consent Logs, Cookie Preferences

You, your browser/device

Legal Obligation (PECR, DPA)

24

Marketing, Compliance Tools

Register you as a customer

Basic ID, Contact, Billing, Customer Profile

You / Your company

Contractual Necessity

84

Sales, Support

Manage access and user roles

Contact, Role Info, Access Level

You

Contractual Necessity

84

Support, Admins

Respond to inquiries / fulfill requests

Basic ID, Contact, Tech Data, Feedback, VOIP logs

You

Contractual Necessity, Legitimate Interests

24

Support, Tech, Vendors

Customer service & feedback

Interaction notes, Complaint history, Testimonials

You

Legitimate Interests

24

Support, Product

Manage finance and invoicing

Billing Info, Account Data, Payment History

You

Contractual Necessity, Legal Obligation

84

CFO, Xero, Accountants

Improve our services

Web Analytics, Customer Profile, Feedback

You

Legitimate Interests

24

Product, Vendors

Ensure platform security (NIS compliance)

Login logs, IP address, Access Patterns

You, security tools

Legal Obligation, Legitimate Interests

84

CTO, Security Team

Legal obligations (e.g., regulators)

Any data we hold about you that is relevant to the request

You, internal systems

Legal Obligation

84

Regulators, Legal Team

Rare: Assist law enforcement / criminal investigations

Any relevant personal data, incl. logs or communications

You, public info, subpoena

Legal Obligation, Legitimate Interests

84

Legal Counsel, Law Enforcement



How do you strike the right balance when you rely on legitimate interests?

We conduct Legitimate Interests Assessments (LIAs) whenever we rely on Legitimate Interests and, where appropriate, Data Protection Impact Assessments (DPIAs), as further detailed in our Data Processing Addendum (DPA).

For example, we do some limited profiling to target products and services that we’re pretty confident your company will like and avoid bombarding you with those you won’t. To do this, we need to learn more about you and your preferences, including your role in the company and your specific usage needs. We ensure we have appropriate safeguards, as detailed in our Data Processing Addendum (DPA), including those regarding data transfers outside the EEA or UK, to prevent this information from being misused and ensure we strike the right balance:

  • Only what we need… Then, we use Marketing & Communications and Customer Profile data (if you’re already a client) or other information you provide directly or indirectly to us, e.g., through an online chat, or a call to action to identify campaigns, products, and services that are likely to be of greatest interest to you, and determine when (or if) to contact you for business development purposes.

 

When we need it… and only by those who need it….

  • Our Customer Service, Sales, and tech support teams only see what they need to answer your billing and customer service queries. We use granular access control to manage access to your platform centrally and Customer Profile information on HubSpot CRM, etc., to those with a need-to-know basis. We limit ‘superuser’ access to our CEO, COO, and CTO, who have override and greater access. To ensure this access is used appropriately and in accordance with data protection principles, and as further detailed in our Data Processing Addendum (DPA), we have implemented the following controls. These controls include regular audits of access logs, mandatory training on data protection for superusers, and documented justifications for any override access.
  • We never let third parties use your information for their own purposes, and we prevent this by providing them only with the necessary information and as little Personal Data as possible.

 

Click unsubscribe or manage your marketing preferences by clicking the unsubscribe link in our emails. Tell us you no longer want to receive marketing calls or emails, and we’ll remove you from our list immediately.

What about sensitive personal data (special data) and criminal records data?

Special Data requires higher levels of protection. We don’t need to process this type of data for our business, but if we did, we would ensure it receives a greater level of protection as required under DP Law.

What about third-party links, plug-ins, content or cookies on your website?

If you click on a link to third-party content or like or share specific content, this will either take you to those third-party sites or applications (e.g., Twitter) or send your Personal Data to that third party related to your click. We have no control over their use of your Personal Data in this regard. However, we get aggregated data about clicks and shares that are not attributable to individual visitors. We encourage you to read the Data Privacy Notice of the websites you visit.

Who else can see my personal data?

Need-to-know is the default…

‍Within the company

Only those individuals within our company or the third parties listed under the ‘With Whom’ column of the At-a-Glance table can see or access your Personal Data, and they only process the specific data they need to fulfil their tasks. 

Personal data collected by RunnyHoney is accessible only to BeeLiked employees and contractors who require access to manage the platform and provide user support. Access is strictly controlled under confidentiality agreements and role-based permissions to ensure your privacy is protected.

We have implemented internal measures to enforce this need-to-know access and to ensure those who do process it do so on our instructions and under a duty of confidentiality. These measures include:

  • Granular access to tools: we use LastPass Vault (enterprise version) to control access to the tools and accounts used as a team. We can centrally disable an individual employee’s access once it’s no longer necessary to enforce a need-to-know. We can also see what they’ve accessed and when (audit logs) to address any unusual behavior.
  • Centralized security policy enforcement: we can centrally enforce secure access by our employees, for example, to monitor and enforce our password policy or suspend access if training isn’t up to date.
  • Data Leakage Protection: what goes into Hubspot stays in Hubspot. We’ve blocked our team (other than the senior team) from exporting or downloading data from Hubspot CRM.
  • Optional two-factor authentication: to further protect your account, you can enable two-factor authentication. This prevents individuals who may have obtained your credentials from logging into your account without additional authentication (e.g., a single-use code).
  • Technical Data is used to prevent multiple logins (e.g., if someone else attempts to log in from another IP address or on a different device in a different city) and to enhance security measures in accordance with our Data Protection Agreement (DPA) and Customer Terms of Service.

With our service providers and vendors

We do not allow our third-party service providers to use your Personal Data for their own purposes. Moreover, we’re selective. We’ve chosen providers that offer strong security and who understand their obligations when it comes to your privacy. For example, Slack has several third-party security certifications that provide additional assurance. You can learn about our key vendors by clicking the links in the chart under the heading ‘ The types of Personal Data we Process about you… ‘

Wherever we process your Personal Data jointly with another Controller (Joint Controller), we establish clear lines of accountability to ensure your rights are respected and our obligations are met. We adhere to the aforementioned principles and approach to minimize how much Personal Data we use.

In all cases, wherever possible, we require third parties to respect the security of your Personal Data and treat it in accordance with data protection law through binding contracts. We minimize the amount of your Personal Data that needs to be transferred to ensure this objective is met.

We work with the following third parties and share your personal information with them to help us deliver the best possible service to you:

 

Do you share my personal data with other third parties?

If we sell or restructure all or part of the business, we will share some of your Personal Data with other third parties in the transaction’s context. In this situation, we will, as far as possible, share anonymized data with the other parties prior to the transaction’s completion. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction and on the basis of Legitimate Interests. This ensures seamless service for you, regardless of who owns the business, and data due diligence by us. We will notify you in such circumstances, and you may object to this transfer.

We may also need to share your Personal Data with a regulator or otherwise comply with the law. This may include making returns to HMRC, disclosures to financial services regulators, and disclosures to shareholders, such as directors’ remuneration reporting requirements.

Do you transfer my personal data outside the EEA?

We primarily process your Personal Data – including backups and archives – in the European Economic Area (EEA) and in countries that the European Commission has recognized as providing adequate levels of protection (Adequate countries). These processing activities are further governed by our Data Processing Addendum (DPA), ensuring compliance with data protection laws.

BeeLiked Media Ltd. acts in different roles when processing personal data, and international transfer safeguards depend on that role:

  • When acting as a data processor on behalf of clients (e.g., processing client promotion data collected via embedded promotions), international data transfers are governed by the safeguards and contractual protections outlined in our Data Processing Addendum (DPA).
  • When acting as a data controller (e.g., for personal data collected directly via RunnyHoney during user registration and platform interaction), appropriate safeguards are applied as described in the separate RunnyHoney Privacy Policy.

 

Where we store and process your personal information, as further detailed in our Data Processing Addendum (DPA).

The personal information that we collect from you is stored on Amazon Web Services cloud servers within the European Economic Area (EEA).  All information you provide to us is stored on these secure servers, and any payment transactions are encrypted.  Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone. These practices are further detailed and governed by our Data Processing Addendum (DPA).

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website; any transmission is undertaken at your own risk.  We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed, altered, or disclosed without authorization. Additionally, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a legitimate business need to know.  They will only process your personal information on our instructions and are subject to a duty of confidentiality. These security measures are further detailed in our Data Processing Addendum (DPA).

On 31 December 2020, the Brexit transition period ended. The UK received an adequacy decision from the European Commission (EC) on 28 June 2021, allowing transfers from the EU/EEA to the UK without requiring additional safeguards. This privacy policy will be updated as needed to reflect any changes to this adequacy decision. These safeguards and updates are managed in accordance with our Data Processing Addendum (DPA).

Whenever we transfer your personal information out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented, as further detailed in our Data Processing Addendum (DPA):

  • We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the UK or the EU; or, as further detailed in our Data Processing Addendum (DPA).
  • Where we use certain service providers, we may use specific contracts approved for use in the UK that give personal information the same protection it has in the UK, as further detailed in our Data Processing Addendum (DPA).

 

Is my personal data secure?

We’ve implemented measures to prevent your Personal Data from accidental loss, unauthorized use, access, alteration, or disclosure, some of which we’ve already discussed. We’ve implemented procedures and safeguards to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request.

How long will you use my personal data?

We will only retain your Personal Data for as long as necessary to fulfil the purposes we mentioned in our At-a-Glance table and satisfy any legal, accounting, or reporting requirements. 

Please note:
The retention period depends on whether BeeLiked acts as a data processor or data controller in each context:

  • For personal data collected through BeeLiked’s B2B SaaS platform (e.g., client contact details, participant data uploaded by clients, and promotion audience data), the client acts as the data controller and is responsible for managing retention periods. BeeLiked Media Ltd. retains and processes this data only to fulfill client instructions and legal obligations.
  • For personal data collected directly via RunnyHoney (such as user registrations, consents, and platform activity outside of client promotions), BeeLiked Media Ltd. acts as the data controller and retains data according to RunnyHoney’s own retention policies and applicable law.

 

We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we use it, whether we can achieve those purposes through other means, and the applicable legal requirements. To illustrate:

  • We generally hold onto Financial Data for 6 years to satisfy tax and corporate reporting requirements.
  • We generally hold onto identifiable Prospects and Marketing Data for 6 months to align with the sales cycle.
  • We retain our suppression lists (do-not-call / unsubscribe) because we have an ongoing legal obligation under Direct Marketing rules.
  • We keep customer records and contact details in our CRM for the duration of our relationship and for 7 years after our relationship to resolve any contractual disputes and, unless you object, for 24 months based on Legitimate Interests in case we restart our business relationship.

 

In some circumstances, we may aggregate or anonymize your Personal Data so that it can no longer be associated with you, in which case we may use it without further notice to you. We do this for purchasing statistics, historical operations data, or to analyze sales and marketing trends. See the Your Data At-a-Glance Chart for a list of retention periods. This is also in accordance with our DPA.

What rights do I have over my personal data?

You have various rights with respect to your Personal Data:

Access

Receive a copy of the Personal Data we hold about you and confirm we’re lawfully processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive. This aligns with Data Protection Laws.

Rectification

Ask us to update, complete, or correct your Personal Data at any time if you detect an inaccuracy. In fact, we encourage you to do so. This aligns with Data Protection Laws.

Portability

Get any Personal Data you’ve given us in an electronic form based on Consent or Contractual Necessity in a common machine-readable format. We can also transfer it to a third party if you ask.

Erasure

Ask us to delete or remove Personal Data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to objection. We can refuse in certain circumstances as defined by Data Protection Laws. 

Objection

Object to any Processing we do based on Legitimate Interests. You also have the right to object where we are processing your Personal Data for direct marketing purposes, as defined by Data Protection Laws.

Automated processing

Not to be subject to automated decision-making without human intervention that has significant legal or other effects, as defined by Data Protection Laws.

Restriction

Suspend the Processing of some of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it, as defined by Data Protection Laws.

Withdrawal of consent

Withdraw consent at any time, and we will stop processing it unless we have another legitimate basis for doing so in law, as defined by Data Protection Laws. Where we rely on your consent, we also explain how you can easily withdraw it.

We will need to confirm your identity to confirm your right to access the information or exercise any of your other rights. This is to prevent Personal Data from being disclosed to anyone who has no right to receive it.

This is in accordance with Data Protection Laws.

You can find out more about your rights by visiting your local data protection authority’s website.

If you are a user of the RunnyHoney platform, please note that BeeLiked Media Ltd. acts as the data controller for personal data collected during registration and platform use on RunnyHoney. For detailed information on your rights and how to exercise them with respect to data collected via RunnyHoney, please refer to the separate RunnyHoney Privacy Policy.

How can I make a complaint?

If you are unhappy with the way we handle your personal data, we encourage you to contact us at Privacy@beeliked.com. This is in accordance with Data Protection Laws.

If you are a user of the RunnyHoney platform and you have concerns or complaints about how your personal data is handled on RunnyHoney, please refer to the separate RunnyHoney Privacy Policy for information on how to contact the data protection officer and exercise your rights.

You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your data properly.

Glossary

Withdrawal of consent

Withdraw consent at any time, and we will stop processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it. This is in accordance with Data Protection Laws.

Data Subject

A living individual. We’ll just say ‘you,’ ‘your,’ or ‘individuals’ in this Notice.

Data Controller

The person or entity that decides what, how, and why to Process Personal Data. We’ll use ‘we,’ ‘our,’ and ‘us’ since we’re the Data Controller.

Data Processor

The person or entity that Processes Personal Data on behalf of a Data Controller according to their instructions.

Data Protection Law (DP Law)

The General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulations 2003 (UK PECR), and other data protection legislation, as amended and superseded from time to time.

Joint Controller

A person or entity that decides what, how, and why to Process Personal Data jointly with another Data Controller. This arrangement is further detailed in our Data Processing Addendum (DPA), which outlines the responsibilities and data protection measures for each party. Specifically, the DPA ensures that the obligations and liabilities of each Joint Controller are clearly defined, maintaining alignment with the Data Privacy Notice regarding data processing activities, legal requirements, data retention, and the rights of data subjects.

Process or Processing

Anything we do to Personal Data throughout its lifecycle: generating, scraping, collecting, sharing, storing, accessing, deleting, recording, organizing – whether manually or using automation. This processing is conducted in accordance with our Data Processing Addendum (DPA), ensuring compliance with data protection laws.

Personal Data

Any information relating to an identifiable individual, even if we don’t know their name. That means that any data that, alone or with other information, can be used to figure out who an individual is or to target or impact an individual–like location, IP address, ID number, image or voice, or identifiable cookies–is likely to be Personal Data. Even Personal Data that’s been ‘pseudonymized’ (i.e., identifiers have been stripped away, but the pseudonym could be reverse-engineered or linked back to the individual) is Personal Data. Our Data Processing Addendum (DPA) further specifies how we handle and protect personal data, especially when processed by third-party service providers.

Unless data is truly anonymous, assume it’s Personal Data.

Special Data

Special categories of more sensitive Personal Data require a higher level of protection, such as information about a person’s health or sexual orientation. Special Data is subject to more stringent safeguards, and we’re only allowed to process it in certain cases as defined by Data Protection Laws. These safeguards are also detailed in our Data Processing Addendum (DPA), ensuring comprehensive protection.



Get ready for a brand new BeeLiked launching September 2023

Sign up to be first in line and a have a chance of winning a free Premium Annual Plan