This is the Privacy Notice for Roaring Berry Ltd.
This privacy notice is not something for you to agree, nor does it form part of our terms and conditions. It is to simply tell you what we do with your personal data and be as transparent as possible.
Who are we?
Our company is called Roaring Berry Ltd. We are registered with Companies House under registration 10893112, and with the ICO under registration ZA832704.
Our registered address is 64 Gorringes Brook, Horsham, West Sussex, United Kingdom, RH12 5HH.
What data do we process?
If you are a customer of Roaring Berry, we will hold the following information about you:
- Your name and contact information.
- Your signature.
- Social media URL’s.
- Your organisation’s name and address.
- Information about your business activities.
- Information and documentation about your matters or enquiries, including communications with you.
- Billing and payment information.
As a potential customer, we will hold the following:
- Your name and contact information.
- Information and documentation relating to your business and sector, from yourself, websites, Companies House, and social media.
Because we use your data to engage you in a contract, if you fail to provide some or all that data, we will not be able to enter a commercial relationship with you.
Explaining the lawful basis
Reference to the basis of processing (e.g., “(Basis is Article. 6.1.f)”) is a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question. This will usually be an Article 6 lawful basis as we do not process special category (Article 9) data.
Engaging you in and continuing our commercial relationship
We use the information we hold about you and your business, both personal and otherwise, to give you the best product and service we can.
We will add your details to our email address book and customer database. We also use your information to send contracts, bill you, and keep track of payments that you make, as well as to keep in contact throughout our relationship.
The basis for this is Article 6.1.b – ‘performance of a contract’, as this is necessary to deliver the product and service to you.
We will retain your personal data until our contract expires or is terminated. We will retain your personal data which is required for reporting purposes for 7 years. Contracts and email correspondence will be retained for 7 years before deletion.
Sending email direct marketing to prospective and existing business clients
If you are from a corporate or public sector organisation and we have met at a conference or networking event, you have asked for information on internet forums, contacted us via our website or email and we feel that you could be a suitable customer, we will contact you via email to market our services. We will also proactively identify suitable prospective customers and send email marketing direct to the appropriate representative of the organisation to facilitate an introduction.
If you are an existing customer, we will send you appropriate information and updates on our product and services.
The basis for our electronic marketing activity for business to business is Article 6.1.f – ‘Legitimate Interest’, we have a legitimate interest to market our services to current and prospective business to business customers.
If at any time, you want to stop receiving emails from us, simply let us know by using the unsubscribe link on our emails or contact us direct, and we will stop.
If you are an individual subscriber, i.e., a sole trader or non-corporate, we will ask you to opt in to allow us to send you marketing information. You can withdraw your consent at any time by using the unsubscribe function or contacting us directly. The basis for this is Article 6.1.a – ‘Consent’.
We will delete your data if after 6 months we have no engagement from you. If we have engaged initially but we lost touch, we will delete your data after 7 months.
As a general principle, we will not transfer your personal data to third parties without your permission, but there are some exceptions to this:
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. The lawful basis is Article 6.1.c – ‘Legal Obligation’.
- We use an accountancy service which have limited visibility of your personal business data for the administration of company financial affairs. The basis for this is Article 6.1.f, we have a legitimate interest to allow our accountant to have limited access to our client personal data to manage our accounts.
- If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Our lawful basis for this activity (although we are sure we will not need to) is Article 6.1.f, we have a legitimate interest to pursue money owed to us.
We do use other organisations to process your data on our behalf, these are software services hosted in the ‘cloud’. These services are used to manage our contact with you, such as our customer relationship management system; to store data, provide email functionality and online collaboration tools. We also use a payment gateway to provide secure payment facilities.
We only engage with those data processors which can provide us reassurances of their ability to keep your data safe and secure. We ensure that they have the right technical and organisational measures in place and that our agreement is covered by the appropriate contractual arrangements as required by the UK GDPR.
Where do we keep your data?
If you are a customer or prospective customer, the software services we use to manage your personal data (such as Google, Signiflow, Mailchimp and Kashflow), store your data in their secure data centres. Where we are able, we specify UK based storage, but where data must be transferred out of the UK, our providers make use of EU adequacy decisions or have put in place Standard Contractual Clauses as an authorised transfer mechanism. Should any other need arise to transfer your data outside of the UK, we will ensure adequate protections are in place.
The UK GDPR requires us to implement appropriate technical and organisational measures to protect data. We have in place technical measures, such as anti-virus, anti-malware, strong passwords, and authentication protocols. Information passed over the internet to our software services is protected by Transport Layer Security (TLS) encryption. We have organisational measures in place which include policies and procedures to protect your data and access your rights, and we provide training to our staff.
The UK GDPR provides you as data subjects with rights over your data. The relevant rights are:
- Get access to your personal data and information about our processing of it.
- In some circumstances, restrict our processing of your data and compel us to erase the bits we do not use for legal purposes.
- Object to our processing for business-to-business marketing.
- Ask us to rectify any inaccurate information we may inadvertently hold.
If you want to exercise any of these rights, please just get in contact at the above address or email us at [email protected]
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.
Information Commissioner’s Office
Telephone: 0303 123 1113
This privacy notice was last updated in January 2021.