Privacy Policy

Data Privacy Notice

What is this and why should I read it?

We know your data is important to you, and when you share it with us you trust us to use it appropriately and respect your choices.

As a B2B business, BeeLiked’s key focus is company data. We want to learn how we can help our clients run brilliant promotions that help them engage with their customers and attract new ones. We want to know what appeals to them, so we can design fun, cutting-edge promotions, support our marketing strategy, and generate leads. For that, we need to know about people within the business – who makes the purchasing decisions, who is authorized to give instructions regarding the account, who should have access to the promotions platform to make changes or analyze audience data, and who pays the bills.

Our commitment, your rights

We don’t process a lot of Personal Data to run our business. But when we do, BeeLiked is committed to protecting the privacy and security of that Personal Data, and we want to ensure you understand your rights and our responsibilities. This Data Privacy Notice (‘Privacy Notice’ or ‘Notice’) describes how we handle your Personal Data throughout our relationship, whether you are a client or prospect, a potential business partner, or just a member of the public who visits our website.

Our services are not typically intended for minors. If a promotion is targeted at minors, then the guardian email system will be turned on and an email will be sent seeking parental consent for the minor to enter the promotion. We may update this Notice at any time but will let you know if we make important changes.

What about audience data? Won’t somebody think about the end-user?! And what do we tell them?

You’re probably wondering, “What do you do with the data of the end-users who enter the promotions you power on our site? If one end-user enters promotions you power for different clients, are you building profiles of them across them? What do we tell them in our Privacy Notice?”

When we support our clients by powering their promotions, we inevitably have access to some end-user data (‘Audience Data’). But we’ve taken steps to protect their privacy and rights.

HEAR NO DATA, SEE NO DATA.

While details about the end-users who enter the promotions we power are extremely useful for you, we don’t need it. We are your Data Processors when it comes to data end-users provide, like name and contact, or information observed or derived from data about their activity and engagement (‘Audience Data’). That means we don’t decide what to do collect or how to use it. You do. And we support you by following your instructions.

Put simply, we don’t use what we don’t need, and we’ve put controls in place to enforce this. That means:

  • You can see the types of Audience Data you’ve selected from our templates and manage your settings. We can’t unless you instruct us to or give us temporary access for technical support.
  • We use strict access controls and an encrypted database to prevent anyone other than authorised account holders (i.e. with administrator access) from accessing Audience Data. So BeeLiked won’t see your Personal Data except where necessary to support your campaign.

When you choose to run a promotion using a BeeLiked-powered chatbot across various channels, e.g. Facebook messenger, the end-user using their own credentials gives it permission to share certain profile data or communicate with your promotions through BeeLiked using an API. BeeLiked doesn’t get that information. Users manage what information they want that platform to share with you through their privacy settings.

  • If we do get access to Audience Data, we only access what we need (for example to assist with an Erasure request or Data Subject Access Request), and only those within BeeLiked with a strict need-to-know get access. We can’t export any Audience Data. Only you can (if you have Administrator access).
  • When end-user signs into a promotion, a session cookie is generated that identifies the user so they can re-enter the promotion without having to re-enter the information.

And no, we’re not building profiles of your end-users. We’ve put in controls to make sure Audience Data for each promotion is held separately, which means we don’t mingle or match Audience Data across BeeLiked promotions.

So, what do you tell end-users in your mandatory Privacy Notice? Everything you’re supposed to tell them under the GDPR, and in particular what you collect and how you use it. And when you need to tell them about third parties like BeeLiked, feel free to use some of the information below.

WHAT IF I HAVE QUESTIONS OR CONCERNS?

If you ever have any questions or concerns about how we handle your Personal Data contact:

Email: Privacy@beeliked.com

Our commitment to your privacy (personal data processing principles)

Regardless of where, why or how we obtain or Process your Personal Data, we comply with the Data Protection Law (DP Law). DP Law protects ‘Data Subjects’ in the UK and EU (that’s you) by imposing stricter obligations on ‘Data Controllers’ (that’s us when it comes to our clients) and ‘Data Processors’ (that’s us when we power our clients’ promotions, and the vendors support our business) when we ‘Process’ ‘Personal Data’. These capitalized terms are GDPR-speak. To decode them, click here to see our glossary below: ‘Personal Data’, ‘Processing’, ‘Controller’, ‘Processor’? What do all these terms mean?

In a nutshell, DP Law applies to any data that might identify a living individual (i.e. you), wherever or however we got it (e.g. from you, from someone else, or by analyzing your activity), whatever we do with it and wherever we Process it, even if someone else Processes it on our behalf, and even if we send it outside the European Economic Area (EEA).

This means that whenever we Process your Personal Data, we do so

  • Lawfully: Only if we can justify it on one of the following Lawful Bases:
    • Consent
      You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM
    • Legitimate Interests
      To help fulfill a legitimate business objective (see the ‘Why’ column of the Your Data At-a-Glance chart, below) after confirming we’ve only used what’s reasonably necessary and proportionate to meet that objective and struck the right balance between our interests and yours (Legitimate Interests Assessment (LIA)). We have a Legitimate Interest in Processing Personal Data to operate our business, generate leads and sales, support our marketing campaigns, make sure our relationship with you runs smoothly, and protect the Personal Data and commercial data we hold by securing our network and information systems.
    • Contractual Necessity
      To enter into or fulfill our contract, including to generate a quote.
    • Legal Obligation
      To comply with the law (e.g. tax reporting, DP Law).
    • Vital Interests
      In rare instances where one of the others doesn’t apply but we need your Personal Data to protect your vital interests or those of another person. It’s highly unlikely we would ever need to rely on this Lawful Basis.
  • Fairly and transparently: we strike the right balance between our interests and yours and we tell you what we do with your Personal Data.
  • For a specific purpose: we won’t use your Personal Data for another incompatible purpose unless the law permits or requires us to.
  • Using the least amount reasonably necessary.
  • Ensuring it is accuratecomplete and up– to– date.
  • For a limited time: Only for as long as reasonably necessary, and then we either destroy it or de-identify it so it can’t be linked back to you.
  • Securely: managing our people and designing our processes and technology to ensure end-to-end confidentiality, integrity, and availability.
  • Within the UK/EEA: we don’t transfer your Personal Data outside the EEA except as permitted under DP Law. We use appropriate safeguards for consistent protection and ensure third parties we rely on do so as well.
  • With your rights in mind: We make it easy for you to exercise your rights (see Your Rights, below).

The types of personal data we process about you are grouped under the following categories:

Basic ID

You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.

Contact

Email address, social media contact (if applicable), and telephone numbers.

Prospects

Lists with Basic ID and Contact data of potential contacts occupying appropriate roles within companies we wish to target. We use a number of third-party services to create company lists for companies we wish to target and engage freelancers who find Basic ID and Contact data for the companies we wish to target. We also scrape details from LinkedIn and LinkedIn Sales Navigator. This is all inputted into and managed through our Hubspot CRM and Hubspot Sales Hub.

Marketing and Communications

Your preferences in receiving marketing from us – including do-not-call and unsubscribe requests (suppression lists). We use a Belgian company, Prospect.io, to manage our email marketing and your preferences and gather engagement metrics (e.g. number read/unread, number of unsubscribes, the percentage of contacts who request a demo for a particular promotion, etc.).

We track emails read/unread and where (city) and email links clicked using Hubspot Marketing Hub with a cookie that only gets dropped on your device if you enable images. You can adjust your settings to disable tracking pixels. We also manage our social media marketing through Hubspot Marketing Hub (e.g. by sending out tweets on Twitter) or to connect socially with prospects even without access to their accounts. We can capture leads by filtering individual activity (e.g. by calls, requests for a demo, etc.) if a user clicks on a call to action button, e.g. ‘drop us a note’ or ‘schedule a call’.

We use Slack to securely chat with existing, signed-in customers.

Account & Billing

Contract details, details of services you have purchased from us or for which you have sought a quote. Bank account and payment card details. Billing address, invoices, payment history. This is inputted into and managed through our Hubspot CRM and our accounting system Xero.

Access

Access level to your company’s client dashboard (e.g. superuser, admin, etc.).

Customer Service & Profile Data

Customer service interactions, complaints, correspondence, notes we input into our databases relating to your interactions with us are inputted into our Hubspot CRM, which is linked to our company Gmail account and calendar ( G-Suite).

Our online chats with clients and inbound inquiries are powered by the Intercom messaging platform as well are automated emails and messages. The contact information you input is captured in Intercom and Typeform and stored in our CRM in Hubspot to make it easier for us to communicate with you and market to you (if you consent).

Voice recordings: For clients communicating with us Hubspot’s Voice-Over IP (VOIP), calls are automatically recorded

Technical data

BeeLiked’s proprietary web application (CMS for interactive promotions) for signed-in clients is hosted on Amazon AWS EU. It collects certain Internet protocol (IP) address, your login data (including when you last logged in), browser plug-in types and version, time zone setting and location and other OS details applicable to the device you connect with to enable support.

Data related to logged-in users’ behavior on our website or your interactions with us through different communication channels (e.g. when you’ve read an email, where you’re logging on).

Cookies

We use a cookie tool on our website powered by Hubspot which by default requires an explicit action by website visitors to opt-in to the cookies they choose except for strictly necessary cookies. We use cookies for various purposes.

Web analytics

Standard internet log information and visitor behavior patterns obtained using Google Analytics and other tools. We get aggregated statistics

  • pages visited
  • time on page
  • interactions/clicks and related information
  • traffic and exits

Intercom tracks which pages and campaigns logged-in clients visit. It also provides aggregated visitor behavior. This client information is channeled through Hubspot to give us a fuller picture of our clients.

Website security & performance (web security)

We use Amazon AWS to help maintain the security and performance of our website, which is hosted by Amazon AWS EU. BeeLiked develops its own website with internal developers and freelancers located in Germany, all of whom are bound by confidentiality under our contract.

Images

Photos if you choose to share them, for example, if your email includes your photo or automatically makes it appear along with your message (you manage this through your own email platform’s preference settings).

Feedback / Testimonials

We capture feedback you share with us directly or through our communication channels regarding our promotions and services. Testimonials you’ve given us permission to include on our website (thank you!).

Your data at-a-glance

You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.

To generate possible leads to support B2B marketing campaigns, deliver great promotions & get in touch

WHAT:

  • Prospects
  • Marketing & Communications

FROM WHOM:

  • You (inquiry)
  • You (LinkedIn, Twitter, Facebook, Instagram followers, business cards, email queries, chats)
  • Web & LinkedIn ‘scraping’, your company profile, conference attendee lists
  • Your contacts (referrals)
  • Vendors & freelancers who support us

LAWFUL BASES:

  • Consent (B2C)
  • Legitimate Interests – soft opt-in; solicited; B2B (to support responsible, targeted Direct Marketing)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Marketing & Sales Personnel
  • Senior management
  • Vendors who support us
To set up a demo or start a conversation

WHAT:

  • Basic ID
  • Contact
  • Customer Profile
  • Marketing & Communications
  • Tech data
  • Web analytics

FROM WHOM:

  • You (call to action)
  • Marketing Personnel, Freelancers
  • Information about you (engagement data)

LAWFUL BASES:

  • Contractual Necessity
  • Legitimate Interests (Direct Marketing)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Marketing personnel
  • Vendors who support our services
To analyze audience & customer engagement & conversion to measure campaign effectiveness, improve products & services, identify leads to contact & monitor conversion rates

WHAT:

  • Prospects
  • Contact
  • Marketing & Communications
  • Customer Profile
  • Cookies
  • Web analytics
  • Tech data
  • Feedback / Testimonials

FROM WHOM:

  • You
  • Marketing, Sales & Customer Service personnel
  • Vendors who support our communications & analytics
  • Legitimate Interests (to grow our business & inform our marketing strategy)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Marketing & Sales personnel
  • Vendors who support our communications & analytics
To comply with marketing and cookie rules

WHAT:

  • Basic ID
  • Contact
  • Marketing & Communications
  • Customer Profile
  • Tech data
  • Cookies

FROM WHOM:

  • You
  • Marketing platform
  • Legal Obligation

LAWFUL BASES:

  • (PECR rules on direct marketing and cookies)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Marketing personnel
  • Vendors who support our services & analytics
To register you as a customer

WHAT:

  • Basic ID
  • Contact
  • Account & Billing
  • Customer Profile
  • Prospecting
  • Marketing & Communications

FROM WHOM:

  • You
  • Your company
  • Information we generate about you

LAWFUL BASES:

  • Contractual Necessity

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Customer Service & Sales Personnel
To determine and configure user access levels and controls

WHAT:

  • Basic ID
  • Contact
  • Access
  • Account & Billing
  • Customer Profile

FROM WHOM:

  • You
  • Information we’ve generated about you

LAWFUL BASES:

  • Contractual Necessity

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Customer Service & Sales Personnel
Engage freelancers to support our marketing

WHAT:

  •  

FROM WHOM:

  • You

LAWFUL BASES:

  • Contractual Necessity

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Sales & Marketing Personnel
  • Vendors / Suppliers
Performance of our contract

WHAT:

  • Basic ID
  • Contact
  • Billing & Account

FROM WHOM:

  • You (Sales, Customer Service)
  • Company website

LAWFUL BASES:

  • Contractual Necessity

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Senior management (MD, CTO)
To respond to an inquiry, process your order, finalize a transaction

WHAT:

  • Basic ID
  • Contact
  • Billing & Account
  • Access
  • Tech data
  • Customer Profile
  • Voice (VOIP)

FROM WHOM:

  • You
  • Us derived from our interactions with you

LAWFUL BASES:

  • Contractual Necessity
  • Legitimate Interests (recover payments; protect our business; meet client needs)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Customer Service, Sales, account managers, CTO, tech support (need-to-know basis)
  • Vendors who help deliver our services
To understand and fulfill your needs & preferences & deliver our services

WHAT:

  • Basic ID
  • Contact
  • Customer Profile
  • Tech data
  • Web analytics
  • Feedback / Testimonials

FROM WHOM:

  • You (directly)

LAWFUL BASES:

  • Contractual Necessity

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Customer Service, CTO, developers
  • Vendors who help deliver our services
To manage our finances, generate and manage invoices, produce accounting, audit and sales reports, and manage credit

WHAT:

  • Basic ID
  • Contact
  • Account & Billing
  • Customer Profile
  • (mostly aggregated)

FROM WHOM:

  • You
  • Us (internal reports, spreadsheets, email)
  • Us derived from our interactions with you Us.

LAWFUL BASES:

  • Contractual Necessity (to ensure we get paid)
  • Legitimate Interests (to optimise our finances, set prices, forecast)

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • CFO
  • External Accountants / auditors
  • Insurers
  • Financial Institutions (to process payment)
  • Customer Service
To improve our services and products

WHAT:

  • Basic ID
  • Contact
  • Customer Profile
  • Tech data
  • Web analytics
  • Feedback / Testimonials

FROM WHOM:

  • You
  • Customer Service (call notes, chats, recorded calls, etc)

LAWFUL BASES:

  • Legitimate Interests (define customer segments, respond to demand, study how customers or visitors use our products & services, develop them)

HOW LONG (MONTHS):

  • 24

WITH WHOM:

  • Customer Service
  • Vendors that support our activities
To administer & protect our business, facilities & the security of our Network and Information Systems (NIS), including this website

WHAT:

  • Identity
  • Contact
  • Billing & Account
  • Access
  • Tech data
  • Web security

FROM WHOM:

  • You
  • Technical data derived from your use of our NIS (to monitor suspicious activity & data leakage, not people. We only consider individual activity if further action/investigation required)
  • Alerts from third-party Cybersecurity tools (Data Leakage Protection, anti-malware tools) to suspicious activity
  • Rarely: review server logs to investigate possible unauthorised access.

LAWFUL BASES:

  • Legitimate Interests (establish baseline activity; identify abnormal activity, etc.).
  • Legal Obligation (GDPR, DPA 2018)

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • CTO
  • Managing director
  • Cybersecurity services providers
Collect information required or permitted by law

WHAT:

  • Any of the categories of information we already have about you, depending on the regulator concerned.

FROM WHOM:

  • You
  • Sources mentioned above

LAWFUL BASES:

  • Legal Obligation
  • (GDPR, DPA 2018)

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Regulators (ICO)
  • Senior management
Rarely: To investigate criminal wrongdoing or assist law enforcement

WHAT:

  • Any of the categories of information we already have about you.
  • Publicly available information
  • Court-ordered or regulator-ordered disclosure

FROM WHOM:

  • You
  • Publicly available information
  • Third parties permitted by law to share the information, e.g. in response to a subpoena or court order

LAWFUL BASES:

  • Legal Obligation
  • Legitimate Interests

HOW LONG (MONTHS):

  • 84

WITH WHOM:

  • Strictly need-to-know personnel & third parties involved (law enforcement, internal & external legal counsel, forensics experts, auditors, external investigators).

How do you strike the right balance when you rely on legitimate interests?

We conduct Legitimate Interests Assessments (LIA’s) whenever we rely on Legitimate Interests and, where appropriate, Data Protection Impact Assessments (DPIAs).

For example, we do some limited profiling to target products and services to you that we’re quite confident your company will like and to avoid bombarding you with those you won’t. To do this, we need to learn more about you and your preferences, your role in the company, in addition to company data such as your company’s energy needs. We ensure we have appropriate safeguards to prevent this information from being misused and ensure we strike the right balance:

  • Only what we need… Then, we use Marketing & Communications and Customer Profile data (if you’re already a client) or other information you provide directly or indirectly to us, e.g. through an online chat on Slack, or a call to action to identify campaigns, products and services that are likely to be of greatest interest to you, and determine when (or if) to contact you for business development purposes.

When we need it… and only by those who need it….

  • Our Customer Service, Sales, and tech support teams only see what they need to answer your billing and customer service queries. We use granular access control to centrally manage access to your platform, Customer Profile information on Hubspot CRM, etc to those with a need-to-know. We limit ‘superuser’ access to our CEO, COO and CTO, who have an override and greater access, but we have implemented the following controls to ensure this is only used in appropriate circumstances
  • We never let third parties use your information for their own purposes, and we prevent this by giving them only what they need and as little Personal Data as possible

Click unsubscribe or manage your marketing preferences by clicking the unsubscribe link in our emails. Tell us you no longer want to receive marketing calls or emails and we’ll remove you from our list immediately.

What about sensitive personal data (special data) and criminal records data?

Special Data requires higher levels of protection. We don’t need to Process this type of data for our business, but if we did, we would ensure it receives a greater level of protection as required under DP Law.

What about third-party links, plug-ins, content or cookies on your website:

If you click on a link to third-party content, or like or share specific content, this will either take you to those third-party sites or applications (e.g. Twitter) or send your Personal Data to that third party related to your click. We have no control over their use of your Personal Data in this regard. However, we do get aggregated data about clicks and shares which are not attributable to individual visitors. We encourage you to read the Data Privacy Notice of websites you visit.

Who else can see my personal data?

Need-to-know is the default…

Within the company… Only those individuals within our company or the third parties listed under the ‘With Whom’ column of the At-a-Glance table can see or access your Personal Data, and they only Process the specific data they need to fulfil their tasks. We have implemented internal measures to enforce this need-to-know access and to ensure those who do Process it do so on our instructions and under a duty of confidentiality. These measures include:

  • Granular access to tools: we use LastPass Vault (enterprise version) to control access to the tools and accounts used as a team. We can centrally disable an individual employee’s access once it’s no longer necessary, to enforce a need-to-know. We can also see what they’ve accessed and when (audit logs) to address any unusual behaviour.
  • Centralised security policy enforcement: we can centrally enforce secure access by our employees, for example, to monitor and enforce our password policy, or suspend access if training isn’t up to date.
  • Data Leakage Protection: What goes into Hubspot, stays in Hubspot. We’ve blocked the ability for our team to export or download data from Hubspot CRM.
  • Optional two-factor authentication: To further protect your account you can enable two-factor authentication. This prevents individuals who may have obtained your credentials from logging into your account without additional authentication (e.g. a single-use code).
  • Technical Data: is used to prevent multiple logins (e.g. if someone else tries to log in from another IP address or on a different device in a different city).

With our service providers and vendors… We do not allow our third-party service providers to use your Personal Data for their own purposes. Moreover, we’re selective. We’ve chosen providers that offer strong security and who understand their obligations when it comes to your privacy. For example, Slack has several third-party security certifications that provide additional assurance. You can learn about our key vendors by clicking the links in the chart under the heading ‘ The types of Personal Data we Process about you… ‘

Wherever we Process your Personal Data jointly with another Controller (Joint Controller), we establish clear lines of accountability to ensure your rights are respected and our obligations are met, and we adhere to the principles and approach we mentioned earlier to minimise how much Personal Data we use.

In all cases, wherever possible, we require third parties to respect the security of your Personal Data and to treat it in accordance with DP Law through binding contracts. We minimise how much of your Personal Data needs to be transferred to ensure this objective is meant.

Do you share my personal data with other third parties?

If we sell or restructure all or part of the business, we will share some of your Personal Data with other third parties in the context of the transaction. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction and on the basis of Legitimate Interests. This ensures seamless service for you, regardless of who owns the business, and data due diligence by us. We will notify you in such circumstances and you may object to this transfer.

We may also need to share your Personal Data with a regulator or to otherwise comply with the law. This may include making returns to HMRC, disclosures to financial services regulators and disclosures to shareholders such as directors’ remuneration reporting requirements.

Do you transfer my personal data outside the EEA?

We primarily Process your Personal Data – including back-ups and archives – in the EEA and in countries the European Commission has recognised as providing adequate levels of protection (Adequate countries).

Is my personal data secure?

We’ve implemented measures to prevent your Personal Data from accidental loss, unauthorised use, access, alteration or disclosure, some of which we’ve already discussed. We’ve implemented procedures and safeguards to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request.

How long will you use my personal data?

We will only retain your Personal Data for as long as necessary to fulfil the purposes we mentioned in our At-a-Glance table, including to satisfy any legal, accounting, or reporting requirements. This will vary according to the Personal Data involved and the purpose.

We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we use it, whether we can achieve those purposes through other means, and the applicable legal requirements. To illustrate:

  • We generally hold onto Financial Data for 7 years to satisfy tax and corporate reporting requirements.
  • We generally hold onto identifiable Prospects and Marketing Data for 6 months to align with the sales cycle.
  • We retain our suppression lists (do-not-call / unsubscribe) because we have an ongoing legal obligation under Direct Marketing rules.
  • We keep customer records and contact details in our CRM for the duration of our relationship and for 7 years after our relationship to resolve any contractual disputes and, unless you object, for 24 months based on Legitimate Interests in case we re-start our business relationship.

In some circumstances, we may aggregate or anonymise your Personal Data so that it can no longer be associated with you, in which case we may use it without further notice to you. We do this for purchasing statistics, historical operations data, or to analyse sales and marketing trends. See the Your Data At-a-Glance Chart for a list of retention periods.

What rights do I have over my personal data?

You have various rights with respect to your Personal Data:

Access

Receive a copy of the Personal Data we hold about you and confirm we’re lawfully Processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive.

Rectification

Ask us to update, complete or correct your Personal Data at any time if you detect an inaccuracy. In fact, we encourage you to do so.

Portability

Get any Personal Data you’ve given us in an electronic form based on Consent or Contractual Necessity in a common machine-readable format. We can also transfer it to a third party if you ask.

Erasure

Ask us to delete or remove Personal Data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to Objection. We can refuse in certain circumstances. Find out more, here.

Objection

Object to any Processing we do based on Legitimate Interests. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

Automated processing

Not to be subject to automated decision-making without human intervention that has significant legal or other effects.

Restriction

Suspend the Processing of some of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it.

Withdrawal of consent

Withdraw consent at any time and we will stop Processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it.

We will need to confirm your identity to confirm your right to access the information or exercise any of your other rights. This is to prevent Personal Data being disclosed to anyone who has no right to receive it.
You can find out more about your rights by visiting the Information Commissioner’s Office website.

How can I make a complaint?

If you are unhappy with the way we handle your personal data, we encourage you to contact Privacy@beeliked.com
You may complain to the Information Commissioner’s Office. You can find the details here.

Glossary

Withdrawal of consent

Withdraw consent at any time and we will stop Processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it.

Data Subject

A living individual. We’ll just say ‘you’, ‘your’ or ‘individuals’ in this Notice.

Data Controller

The person or entity that decides what, how and why to Process Personal Data. We’ll use ‘we’ ‘our’ and ‘us,’ since we’re the Data Controller.

Data Processor

The person or entity that Processes Personal Data on behalf of a Data Controller according to their instructions.

Data Protection Law (DP Law)

The General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulation 2003 (UK PECR), and other data protection legislation, as amended from time to time.

Joint Controller

A person or entity that decides what, how and why to Process Personal Data jointly with another Data Controller.

Process or Processing

Anything we do to Personal Data throughout its lifecycle: generating, scraping, collecting, sharing, storing, accessing, deleting, recording, organising – whether manually or using automation.

Personal Data

Any information relating to an identifiable individual, even if we don’t know their name. That means that any data that, alone or with other information, can be used to figure out who an individual is or to target or impact an individual – like location, IP address, ID number, image or voice, or identifiable cookies – is likely to be Personal Data. Even Personal Data that’s been ‘pseudonymised’ (i.e. identifiers have been stripped away but the pseudonym could be reverse-engineered or linked back to the individual) is Personal Data.

Unless data is truly anonymous, assume it’s Personal Data.

Special Data

Special categories of more sensitive Personal Data that requires a higher level of protection, such as information about a person’s health or sexual orientation. Special Data is subject to more stringent safeguards, and we’re only allowed to Process it in certain cases.