This privacy notice covers thechameleonagency.com and the data we collect from you when you use our site, together with the personal data we process when you contact us using our online form, or subscribe to our blog, and the personal data we process when we deliver our services to you.
These are our reasons for collecting it, what we do with it and what your rights are.
Who are we?
We are Chameleon Comms Ltd. and our registered office is Colony, 5 Piccadilly Place, Manchester, M1 3BR
You can email us at firstname.lastname@example.org, and call us on 07749 551875.
We are the data controller for this processing and are registered with the Information Commissioner’s Office (ICO). Our registration number is ZA786576.
Purpose of processing
We occasionally act as a Data Processor when we are delivering services on behalf of our clients, however, we do act as a Data Controller when we are marketing our services to prospective clients or managing any subsequent contracts.
Where we are acting as the Data Controller we process your personal data:
to respond to enquiries about our services,
to take the necessary steps to enter into a contract with you or your organisation,
to deliver our services to you or your organisation once we have a contract with you or your organisation,
to market our services to you or your organisation,
to subscribe you to our blog
Basis of processing
Where we are responding to enquiries about our services we process your personal data because it is in our legitimate interest to do so in order to deal with your enquiry.
Where we are negotiating with you to provide our services to your organisation then we process your personal data because it is in our legitimate interest to do so in order to take the necessary steps to provide our services.
Where we have a contract to deliver services to your organisation we process your personal data because it is in our legitimate interest to do so in order to provide our services under that contract.
Where we are directly marketing our services to your organisation we process your personal data because it is in our legitimate interest to do so and you have not opted out of receiving direct marketing or because we have your consent to do so (if you have opted in to receive our direct marketing).
Where you have subscribed to our blog we process your personal data because we have your consent to do so.
Where we are relying on your consent to process your personal data you are free to withdraw that consent at any time. Where we are relying on our legitimate interests to process your personal data you may object to that processing at any time.
What personal data do we collect?
We will collect and process the following data from our website’s contact form or when you get in touch with us to make an enquiry. We will also retain these personal data when we are providing our services to you.
Your email address
Your telephone number
Your organisation name & address
When you subscribe to our blog we will collect and process the following data from our website’s blog subscription form:
Your email address
Special category data
There are additional rules we must follow if we collect certain types of more sensitive data, known as Special Category Data. These include details of your ethnicity, beliefs, health and sexuality.
We do not process any special category data about you.
Do we ever share personal data?
We will share your data if required to do so by a legitimate law enforcement agency.
When you submit your personal data online your data is held by our partner who hosts our website. We also share your personal data with our cloud-based CRM provider to help us manage our contact data, and with our cloud-based business software provider (for email, storage etc.)
If you consent to the use of analytics and tracking cookies from our website we will share data with those third-party cookie providers.
If we are communicating with you via email or social media channels we will be sharing your personal data with those email and social media providers.
Where we are using a data processor to process personal data on our behalf, for example, our website hosting supplier, then we ensure that a valid data processing agreement is in place between us and that any international transfers of data have a lawful mechanism.
We will never share or sell your data to any other third parties without your permission.
How do we keep your data secure?
We take sensible steps to keep your data secure:
All data sent between your browser and our website are encrypted in transit,
All data we hold in our computers are encrypted at rest,
We delete personal data when we no longer need to retain it,
Access to personal data is password protected and we use multi-factor authentication where available
You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us. Where we are processing your personal data on behalf of one of our clients we will ask you to contact our client as the Data Controller for this processing.
We won’t charge you for doing any of the following, however, we may make a charge in the case of frequent repeat requests:
Awareness: You have the right to be fully informed about why and how we process your information. This privacy notice is intended to meet that requirement, but please do contact us if you have any questions
Access: You have the right to a copy of the data we hold about you
Rectification: If you think some of the data we hold is wrong then you have the right to ask us to correct it
Erasure: You have the right to ask us to delete the data we hold about you. Where we are holding the data to fulfil a contract with your organisation or for a lawful basis other than consent then we will need to retain the data in accordance with the data retention requirements shown below
Restriction: You have the right to ask us to restrict the processing of personal data whilst we check its accuracy if you think the processing is unlawful if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that.
Object: Where we are processing your personal data based upon our legitimate interests you have the right to object to that. If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose.
Data portability: You can request a copy of your data in a digital format which you can then supply to another provider.
Automated decisions and profiling: You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you. This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so. We do not use your personal data for any kind of automated decision making.
How long do we keep your data for?
Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to the processing in our legitimate interests and we agree with your objection.
Where we are processing your data for the purposes of performing a contract with you or your organisation or taking the necessary steps to do so, then we will keep the personal data for 7 years after the end of the contract.
We currently use a Pinterest cookie on our website, and we ask for your consent before deploying it.
Should we decide to deploy any additional cookies, for instance, to collect analytics data, then we will ask for your consent, and we won’t deploy any non-essential cookies without your consent. We will also update this privacy notice to describe the cookies being used.
What happens when I follow links to other sites?
If you follow a link from our site to another site then you should read the privacy notice on the other site prior to providing your data to them.
Where do we process data?
We process data at the address shown above.
Our data processors also process data on our behalf, they are detailed below together with where they process data and the protections in place for international transfers:
Microsoft - USA (Using Standard Contractual Clauses)
Hubspot - USA (Using Standard Contractual Clauses)
Our Website - EU, Israel (granted Adequacy status by the EC & UK), USA (Using Standard Contractual Clauses)
Our contracts with our data processors include the necessary provisions required by GDPR to further protect your rights.
Making a complaint
Please contact us at the above address. You can also contact the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk. If you should contact the ICO they will normally ask you to contact us first.