Thank you for trusting us with some information about you. We take that trust seriously and we want you to know how we use your information and why.
Who is holding your information?
We are Irenicon Ltd, a company registered in England (company number 01510166), and our registered office is at Airport House, Purley Way, Croydon, CRO OXZ.
We have been in business since 1980. Christopher Head and Annabel Kaye are the two Directors. We have two brands and two registered trademarks, Irenicon and KoffeeKlatch – and between us, we are Irenicon and KoffeeKlatch – with a little bit of help from our associates.
Our values about personal information
We promise respectful treatment of the personal information of everyone we have contact with. We want it to be simple and clear.
This Policy explains how we do that – when and why we collect information, how we use it, the situations when other people can see or use it, and how we keep it secure.
But just to set the scene, in case you don’t want to read through all the details just now, we can be clear up front.
Section A: For everyone
Whoever you are, our intention is to use your information to make things work smoothly for you in your experience of dealing with us. If that’s not how it turns out for you, please make sure to give us a shout. It’s best to put things in writing, which you can do by email to email@example.com – but if it’s really urgent you can call us on 020 3887 0500.
Words or phrases with special meaning
In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:
“personal data” any information about an identifiable living human being.
“process” we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
“special category data” this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.
We’re committed to protecting your privacy, and honouring your legal rights to control how we use your personal data.
We only collect and use personal data when we need to
We try to make sure the information we hold is accurate and up to date, and is no more than we need to have.
If we are processing information about you purely because we are providing services to others, please see Section D below. Please note that your rights may be subject to applicable exemptions as our services include the provision of legal advice.
If you have any questions or concerns about our use of your information, or how we have responded to any request about your personal data, please take it up in the first instance by emailing firstname.lastname@example.org.
If we can’t sort it out, the official authority here in the UK is the Information Commissioner, and you can raise your concerns with them here.
If you are reading this you found our website somehow. We try to get you to read our web site by creating copy that is useful for you.
Our service is really for businesses and we do what any business owner tries to do. We like to figure out what works and what doesn’t and keep improving what we do.
We monitor the volume of visitors to our website, how you found us, where you came from and which pages you view when visiting our site. At this stage, we do not know who you are, just that some people arrive from here and go there. We do not harvest or collect email addresses from website visitors. If you don’t contact us and give us your email, we don’t have your details.
Sometimes we use Facebook pixels to figure out what type of person visits our sites and who likes us so we can create advertising that appeals to our customers and potential customers.
None of this results in us contacting you or monitoring you in any personal or individual way – we just like to know who our typical customer is and what they like.
If you asked to be subscribed to a particular newsletter or sequence of updates (or subscribe yourself) you will be added to that list. We operate ‘double opt-in’ lists and you will need to reconfirm your subscription before anything is sent. Any automated email sent to you will have an unsubscribe option on it that can be triggered at any time.
We hold your information for our newsletter lists in programs called MailChimp and ActiveCampaign. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.
For more information, please see MailChimp’s privacy notice here. MailChimp holds data in the USA – they comply with the EU-US Privacy Shield Framework, protecting your data. Active Campaign’s privacy notice is here – and they comply with the EU-US Privacy Shield Framework
The only time we use single opt-in is when you sign up for a webinar since you don’t want to miss the start and login information because you forgot to double opt-in.
We use automations (little sequences of emails that start when you ask for something in particular) to send you the information you asked for, to send you products you have bought and to administer services you have subscribed to. A lot of our onboarding for new products is by emails that send you hints and tips and little videos on ‘how to’. You can unsubscribe from these at any time, but they don’t go on for that long and you might want to wait for all the information as most people find it useful.
We monitor who reads our mailing and automations, how many times, and which links you choose to use and read. We use this information to increase the content’s level of interest, and help us improve what we send. You can remove your information from this monitoring by disabling cookies on your website browser before opening emails from us. From time to time, we contact individual email newsletter subscribers but it is extremely rare.
Most of our newsletter subscribers complain we don’t email them often enough!
We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us. For example, if we have a sudden rush of clients in Birmingham we may place advertisements targeting similar people and business in Birmingham.
We ask our own sales and marketing people (both internal and external) to contact potential clients from time to time. This is normally because you have requested a call, or because we are actively trying to let you know about something you may benefit from. Sometimes the law changes and you need to know what happens next.
Our services are designed to be business to business. We are not a hard sell or cold calling based organisation but prefer to build long-term relationships with satisfied and relaxed clients.
Your replies to us, messages you send us, and your other activity linked to our posts may be seen by members of our staff and by our associates. Our contracts with them hold them to high standards of protecting your information.
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes. If at any point we decided to exchange lists with another organisation, we would ask you to ‘opt-in’ to such a system. Our continuing silence means we are not doing so.
Data location and platforms
Like many businesses, we do not have any tailor-made software – we use mainstream packages for everything from our client records, to email, to accounting.
This means that much of our data is held in services in the USA (with our Accounting data going to Australia). We have picked mainstream suppliers with appropriate security standards.
Special category data (about your health, orientation, beliefs etc) is rarely held by us, and if it is, it is normally part of providing legal advice. We keep that data in Microsoft systems that keep their servers predominantly in the EU. We do not routinely collect this data about anyone.
As well as our own employees, we also have an outsourced support team for our own business. This may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. Those support services have limited access to your data – only where the service they provide to us means they need it.
For example, if you want to set up a meeting, our diary VA needs to know your email address in order to sort out a date. If we invoice you, our Accountant needs to see the invoice in order to sort out the books.
Our outsourced team use our software to access any data they need. We do not permit copying or sharing by the team and actively monitor for any potential breaches.
Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses and we monitor and restrict their data usage. We only use mainstream software and we use the most secure login options available to us.
We restrict who can export or download data that is held to a limited number of individuals who are authorised to back up data.
If you want to know who is on our team, please email and ask us.
If you unsubscribe from our newsletter list, your unsubscribe is recorded so that we do not continue to send newsletters to your email address.
We find that people come back to us a long time after our initial contact, and sometimes after things have been quiet between us for a very long time. However, we do like to be able to respond appropriately and intelligently to old connections, so we generally keep your information on our CRM system for 3 years from our last point of contact.
If you have contacted us and signed up to a mailing list but never purchased from us, you will remain on the list you joined until you unsubscribe from that list. We clean our lists from time to time and unsubscribe people who not ever read anything from us. But in order to avoid adding you again by mistake, unsubscribes are kept on an unsubscribe list.
Clients and suppliers
We have a long-term and discreet relationship with most of our clients. We also offer legal advice and support. For that reason, we retain information for 10 years from the last point of contact. This allows us to have financial records going back far enough to satisfy HMRC, advice records going far enough back to satisfy our insurers. Our clients often come back to us for information they have forgotten or can no longer find.
If you want to know what information we have about you (if any) email email@example.com and give us your name, email address(es). Provided we can legitimately disclose the information to you (see section D), we will happily do a search and send you screenshots of what we have.
If you are not happy with being on any of our lists you can simply unsubscribe. If you want to be removed from our customer records, please let us know.
You have the right to know what information we have about you, and to amend it if it is inaccurate.
If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.
Your rights with respect to your personal data are, in summary, to be informed what processing is taking place, to have access to your data, rectification, erasure, restriction, portability, objection, and relating to automated decisions. These rights are detailed here.
Our basis of processing: Signing onto our newsletter list is by your consent – and when you withdraw your consent we stop that processing your data.
Apart from that, the information we hold is based on our needing the information to run our business and provide our products and services – either so we can perform our contract with you, or because we have a legitimate business interest in processing your data.
In a few situations we are processing personal data because we are under a legal obligation to do so. This principally relates to our business, accounting and tax records.
You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a client, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you want to know what information we have about you (if any), email us at the email address set out above and give us your name and email address(es).
SECTION B: Prospects
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.
Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our products or services or a relevant contact for our business. See also the general notes above, about what happens if you sign up to our newsletter, or engage with us on social media.
Sometimes our contact management systems let us know you have a LinkedIn profile or Facebook page or Twitter account. If we are in contact via those mediums, we may add that to your customer record so we remember to check in those places for messages from you. If your account details are private we will not see them.
We currently keep individual emails from and to you indefinitely, so we have a record of our interactions, queries, and how we resolved them.
We do not routinely keep special category data. If we have any, it was supplied or made publicly available by you.
SECTION C: Clients
Once you become a client, we will collect further information from you.
This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We process your data to support the delivery of the goods and services you have bought. We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional products or services you may need or may be appropriate for you.
Third party data: As well as your own personal data, we understand that you may need to provide us with personal data relating to your employees, your workers, or third parties – depending on the services we are providing to you. We hold all such information under strict confidentiality obligations, as set out in our terms of business.
This may necessarily include special category data – for example when we are advising on discrimination issues. We maintain high levels of security and confidentiality with respect to data you supply to us.
Financial and credit details
We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies. We do not take telephone orders and the only way to pay us by credit card is online via that secure processor. We receive limited information from our processor for us to tie up your payment with your invoice.
We do not routinely keep credit scores nor use credit reference agencies.
When you pay us by BACS or direct transfer, we receive limited information about you from our bank, usually the name of the person who paid us and how much and the reference number.
SECTION D: Third party information
If our client is the data controller, we will act as directed by them.
If we are the data controller, we will act in accordance with your statutory rights, subject to the exclusions and exemptions that may well apply in the circumstances of our processing of your data because we will be giving advice and providing legal services to our client.
However, please be reassured that we operate under strict confidentiality obligations, and maintain strict security protocols with respect to data we hold.
SECTION E: Suppliers, Associates and Affiliates
We collect information on potential and actual suppliers and associates. This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).
If you become a supplier or associate we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.
We keep a record of the work you undertook for us along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.
This information is all needed to manage the contract between us, support our client relationships, and manage our supply chain.
If you are an affiliate, your affiliate data is held in accordance with this policy and our affiliate agreement. We will ask you for information when you apply to be an affiliate, and that will be processed to administer the affiliate scheme.
If you have any queries or comments about our handling of your personal data, please email us at firstname.lastname@example.org.