Menu
Menu
Menu
At BeeLiked, we take the issue of your privacy very seriously, which is why we work diligently to ensure that we have policies and procedures in place, allowing us to continue our mission of helping create brilliant, engaging and bespoke marketing promotions for our customers. We want to know what appeals to them, so we can design fun, cutting-edge promotions, support our marketing strategy, and generate leads. For that, we need to know about people within the business – who makes the purchasing decisions, who is authorized to give instructions regarding the account, who should have access to the promotions platform to make changes or analyse audience data, and who pays the bills.
The following privacy policy was developed in accordance with the Data Protection Act 2018 and explains what personal information we collect or receive from you, how we process such personal information, and what we do to keep your personal information safe and secure.
Please carefully read the following to understand our views and practices regarding your personal information and how we will treat it.
While details about the end-users who enter the promotions we power are extremely useful for you, we don’t need it. We are your Data Processors when it comes to data end-users provide, like name and contact, or information observed or derived from data about their activity and engagement (‘Audience Data’). That means we don’t decide what to do how to collect it or how to use it. You do. And we support you by following your instructions.
Put simply, we don’t use what we don’t need, and we’ve put controls in place to enforce this. That means:When you choose to run a promotion using a BeeLiked-powered chatbot across various channels, e.g. Facebook messenger, the end-user using their own credentials gives it permission to share certain profile data or communicate with your promotions through BeeLiked using an API. BeeLiked doesn’t get that information. Users manage what information they want that platform to share with you through their privacy settings.
And no, we’re not building profiles of your end-users. We’ve put in controls to make sure Audience Data for each promotion is held separately, which means we don’t mingle or match Audience Data across BeeLiked promotions.
So, what do you tell end-users in your mandatory Privacy Notice? Everything you’re supposed to tell them under the Data Protection Act 2018 (DPA 2018) and UK GDPR and in particular what you collect and how you use it. And when you need to tell them about third parties like BeeLiked, feel free to use some of the information below.
What if I have questions or concerns?
If you ever have any questions or concerns about how we handle your Personal Data contact:
Email: Privacy@beeliked.comRegardless of where, why, or how we obtain or Process your Personal Data, we comply with Data Protection Act 2018 (DPA 2018). The DPA 2018 protects ‘Data Subjects’ in the UK and EU (that’s you) by imposing stricter obligations on ‘Data Controllers’ (that’s us when it comes to our clients) and ‘Data Processors’ (that’s us when we power our clients’ promotions, and the vendors support our business) when we ‘Process’ ‘Personal Data’. These capitalized terms are DPA 2018/UK GDPR-speak. To decode them, click here to see our glossary below: ‘Personal Data’, ‘Processing’, ‘Controller’, ‘Processor’? What do all these terms mean?
In a nutshell, the DPA 2018 applies to any data that might identify a living individual (i.e. you), wherever or however we got it (e.g. from you, from someone else, or by analyzing your activity), whatever we do with it and wherever we Process it, even if someone else Processes it on our behalf, and even if we send it outside the European Economic Area (EEA).
This means that whenever we Process your Personal Data, we do so
You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.
Email address, social media contact (if applicable), and telephone numbers.
Lists with Basic ID and Contact data of potential contacts occupying appropriate roles within companies we wish to target. We also scrape details from LinkedIn and LinkedIn Sales Navigator. This is all inputted into and managed through our Active Campaign CRM and Active Campaign Sales Hub.
Your preferences in receiving marketing from us – including do-not-call and unsubscribe requests (suppression lists).
We track emails read/unread and where (city) and email links clicked using Active Campaign Marketing Automation with a cookie that only gets dropped on your device if you enable images. You can adjust your settings to disable tracking pixels. We also manage our social media marketing through Active Campaign Marketing Automation (e.g. by sending out tweets on Twitter) or to connect socially with prospects even without access to their accounts. We can capture leads by filtering individual activity (e.g. by calls, requests for a demo, etc.) if a user clicks on a call to action button, e.g. ‘drop us a note’ or ‘schedule a call’. We use Slack to securely chat with existing, signed-in customers.Access level to your company’s client dashboard (e.g. superuser, admin, etc.).
BeeLiked’s proprietary web application (CMS for interactive promotions) for signed-in clients is hosted on Amazon AWS EU. It collects certain Internet protocol (IP) address, your login data (including when you last logged in), browser plug-in types and version, time zone setting and location, and other OS details applicable to the device you connect with to enable support.
Data related to logged-in users’ behavior on our website or your interactions with us through different communication channels (e.g. when you’ve read an email, where you’re logging on).Standard internet log information and visitor behavior patterns obtained using Google Analytics and other tools. We get aggregated statistics
Intercom and FullStory tracks which pages and campaigns logged-in clients visit. It also provides aggregated visitor behavior. This client information is channeled through Active Campaign to give us a fuller picture of our clients.
We use Amazon AWS to help maintain the security and performance of our website, which is hosted by Amazon AWS EU. BeeLiked develops its own website with internal developers and freelancers located in Germany, all of whom are bound by confidentiality under our contract.
Photos if you choose to share them, for example, if your email includes your photo or automatically makes it appear along with your message (you manage this through your own email platform’s preference settings).
We capture feedback you share with us directly or through our communication channels regarding our promotions and services. Testimonials you’ve given us permission to include on our website (thank you!).
You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
WHAT:
FROM WHOM:
LAWFUL BASES:
HOW LONG (MONTHS):
WITH WHOM:
We conduct Legitimate Interests Assessments (LIA’s) whenever we rely on Legitimate Interests and, where appropriate, Data Protection Impact Assessments (DPIAs).
For example, we do some limited profiling to target products and services to you that we’re quite confident your company will like and to avoid bombarding you with those you won’t. To do this, we need to learn more about you and your preferences, your role in the company, in addition to company data such as your company’s energy needs. We ensure we have appropriate safeguards to prevent this information from being misused and ensure we strike the right balance:When we need it… and only by those who need it….
Click unsubscribe or manage your marketing preferences by clicking the unsubscribe link in our emails. Tell us you no longer want to receive marketing calls or emails and we’ll remove you from our list immediately.
Special Data requires higher levels of protection. We don’t need to Process this type of data for our business, but if we did, we would ensure it receives a greater level of protection as required under DP Law.
If you click on a link to third-party content, or like or share specific content, this will either take you to those third-party sites or applications (e.g. Twitter) or send your Personal Data to that third party related to your click. We have no control over their use of your Personal Data in this regard. However, we do get aggregated data about clicks and shares which are not attributable to individual visitors. We encourage you to read the Data Privacy Notice of websites you visit.
Need-to-know is the default…
Within the company… Only those individuals within our company or the third parties listed under the ‘With Whom’ column of the At-a-Glance table can see or access your Personal Data, and they only Process the specific data they need to fulfil their tasks. We have implemented internal measures to enforce this need-to-know access and to ensure those who do Process it do so on our instructions and under a duty of confidentiality. These measures include:With our service providers and vendors… We do not allow our third-party service providers to use your Personal Data for their own purposes. Moreover, we’re selective. We’ve chosen providers that offer strong security and who understand their obligations when it comes to your privacy. For example, Slack has several third-party security certifications that provide additional assurance. You can learn about our key vendors by clicking the links in the chart under the heading ‘ The types of Personal Data we Process about you… ‘
Wherever we Process your Personal Data jointly with another Controller (Joint Controller), we establish clear lines of accountability to ensure your rights are respected and our obligations are met, and we adhere to the principles and approach we mentioned earlier to minimize how much Personal Data we use. In all cases, wherever possible, we require third parties to respect the security of your Personal Data and to treat it in accordance with DP Law through binding contracts. We minimize how much of your Personal Data needs to be transferred to ensure this objective is meant. We work with the following third parties and share your personal information with them to help us deliver the best possible service to you:If we sell or restructure all or part of the business, we will share some of your Personal Data with other third parties in the context of the transaction. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction and on the basis of Legitimate Interests. This ensures seamless service for you, regardless of who owns the business, and data due diligence by us. We will notify you in such circumstances and you may object to this transfer.
We may also need to share your Personal Data with a regulator or to otherwise comply with the law. This may include making returns to HMRC, disclosures to financial services regulators and disclosures to shareholders such as directors’ remuneration reporting requirements.
We primarily Process your Personal Data – including back-ups and archives – in the EEA and in countries the European Commission has recognised as providing adequate levels of protection (Adequate countries).
The personal information that we collect from you is stored on Amazon Web Service cloud servers within the European Economic Area (EEA). All information you provide to us is stored on these secure servers and any payment transactions are encrypted. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website; any transmission is undertaken at your own risk. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
On 31 December 2020, the Brexit transition period ended. The UK awaits an adequacy decision from the European Commission (EC) to allow transfers from the EU/EEA to the UK without the requirement of additional safeguards. The EU-UK Trade and Cooperation Agreement contains a bridging mechanism that permits the continued free flow of personal information from the EU/EEA to the UK after the transition period and until adequacy decisions to come into effect (for up to 6 months). Subject to the EC’s adequacy decision, this privacy policy will be updated accordingly.
Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We’ve implemented measures to prevent your Personal Data from accidental loss, unauthorised use, access, alteration or disclosure, some of which we’ve already discussed. We’ve implemented procedures and safeguards to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we mentioned in our At-a-Glance table, including to satisfy any legal, accounting, or reporting requirements. This will vary according to the Personal Data involved and the purpose.
We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we use it, whether we can achieve those purposes through other means, and the applicable legal requirements. To illustrate:In some circumstances, we may aggregate or anonymise your Personal Data so that it can no longer be associated with you, in which case we may use it without further notice to you. We do this for purchasing statistics, historical operations data, or to analyse sales and marketing trends. See the Your Data At-a-Glance Chart for a list of retention periods.
You have various rights with respect to your Personal Data:
Receive a copy of the Personal Data we hold about you and confirm we’re lawfully Processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive.
Ask us to update, complete or correct your Personal Data at any time if you detect an inaccuracy. In fact, we encourage you to do so.
Get any Personal Data you’ve given us in an electronic form based on Consent or Contractual Necessity in a common machine-readable format. We can also transfer it to a third party if you ask.
Ask us to delete or remove Personal Data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to Objection. We can refuse in certain circumstances. Find out more, here.
Object to any Processing we do based on Legitimate Interests. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Not to be subject to automated decision-making without human intervention that has significant legal or other effects.
Suspend the Processing of some of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it.
Withdraw consent at any time and we will stop Processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it.
We will need to confirm your identity to confirm your right to access the information or exercise any of your other rights. This is to prevent Personal Data being disclosed to anyone who has no right to receive it.
You can find out more about your rights by visiting the Information Commissioner’s Office website.
If you are unhappy with the way we handle your personal data, we encourage you to contact Privacy@beeliked.com
You may complain to the Information Commissioner’s Office. You can find the details here.
Withdraw consent at any time and we will stop Processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it.
A living individual. We’ll just say ‘you’, ‘your’ or ‘individuals’ in this Notice.
The person or entity that decides what, how and why to Process Personal Data. We’ll use ‘we’ ‘our’ and ‘us,’ since we’re the Data Controller.
The person or entity that Processes Personal Data on behalf of a Data Controller according to their instructions.
The General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulation 2003 (UK PECR), and other data protection legislation, as amended from time to time.
A person or entity that decides what, how and why to Process Personal Data jointly with another Data Controller.
Anything we do to Personal Data throughout its lifecycle: generating, scraping, collecting, sharing, storing, accessing, deleting, recording, organising – whether manually or using automation.
Any information relating to an identifiable individual, even if we don’t know their name. That means that any data that, alone or with other information, can be used to figure out who an individual is or to target or impact an individual – like location, IP address, ID number, image or voice, or identifiable cookies – is likely to be Personal Data. Even Personal Data that’s been ‘pseudonymised’ (i.e. identifiers have been stripped away but the pseudonym could be reverse-engineered or linked back to the individual) is Personal Data.
Unless data is truly anonymous, assume it’s Personal Data.
Special categories of more sensitive Personal Data that requires a higher level of protection, such as information about a person’s health or sexual orientation. Special Data is subject to more stringent safeguards, and we’re only allowed to Process it in certain cases.