Privacy Policy

Last Updated: 6 June 2024

Introduction

MakeOps Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise interact with us. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Data Controller

For the purposes of the GDPR, the Data Controller (as described in the GDPR) is:

  • Full Legal Name: MakeOps Ltd
  • Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • Data Protection Officer (DPO): Jason Forte, email: inbox@makeops.com

Data Collection

We may collect personal data directly from you when you voluntarily provide it to us, such as when you fill out forms on our Website, contact us via email or phone, request information about our products and services, or through information provided by third parties. An example of a third party from which we collect data is Amazon Web Services, as part of the Amazon Partner Network. The types of personal data we may collect include: first names, last names, email addresses, phone numbers, company addresses, and marketing preferences.

We may also collect personal data automatically when you interact with our Website. This may include your IP address, device information, browser type, log and usage data, and browsing behaviour. We use cookies and similar technologies to collect this information. Please refer to our Cookie Policy for more details.

Purpose of Data Collection

We collect personal data for the following primary and secondary purposes:

  • Managing customer relationships pre- and post-delivery to provide our business services;
  • Marketing of our Services, Products & Events;
  • Marketing of Services and Products provided by our third-party partners;
  • Market Analysis & Segmentation (based on geography/region);
  • To perform research and analysis to operate and improve our products & services;
  • To personalise and improve your experience on our Website;
  • To analyse and understand how our Website is used, diagnose technical issues, and improve our Website's functionality and performance;
  • To comply with applicable laws, regulations, and legal obligations;
  • To protect our rights, property, and safety, as well as the rights, property, and safety of our users and the public;
  • Communicating with you about activities on our Website and policy changes;
  • Processing your financial information and other payment methods for products purchased;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • Measuring interest and engagement in our Website and short-term, transient use, such as contextual customisation of ads;
  • Undertaking research for technological development and demonstration;
  • Improving, upgrading, or enhancing our Website;
  • Ensuring internal quality control;
  • Verifying your identity and preventing fraud;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Enforcing our terms and policies;
  • Furnishing you with customised materials about offers, products, and services that may be of interest, including new content, product, or services; and
  • Protect your vital interest or as may be required for the public good.

Legal Basis for Processing Data

Our processing of personal data is based on several legal grounds to ensure compliance with data protection laws.

  • Firstly, we rely on Consent. This means that we only process your personal data if you have given clear and affirmative consent for us to do so. This consent is typically obtained through opt-in forms, consent boxes, or other methods where you actively agree to the collection and use of your data.
  • Secondly, we process data based on the Performance of a Contract. This applies when the processing of your data is necessary to fulfil the terms of a contract with you, such as providing consulting services or managing customer relationships. This ensures that we can deliver the services you have requested and maintain our contractual obligations to you.
  • Thirdly, we process data to comply with Legal Obligations. This means that we may need to process your personal data to adhere to various legal requirements, such as tax laws, regulatory requirements, or other statutory obligations. In such cases, processing your data is essential for us to comply with the law.
  • Lastly, we process data based on our Legitimate Interests. This involves processing your data for purposes that are reasonably expected as part of running our business and which do not unduly impact your rights and freedoms. Examples of legitimate interests include improving our services, conducting market analysis, managing our customer relationships, and marketing our products and services. In all cases where we rely on legitimate interests, we carefully consider and balance any potential impact on you and your rights.

By relying on these legal bases, we ensure that our data processing activities are lawful, fair, and transparent, in line with the requirements of GDPR and other applicable data protection regulations.

Data Processing

We use the following data processors to assist in managing and processing personal data, some of which may be located outside the UK or EU:

  • Firstly, we use Zoho CRM / Zoho Books for customer relationship management and accounting purposes. These tools help us manage client information and financial data effectively.
  • Secondly, we use Salesforce, accessed via the Amazon Partner Network, to manage our sales processes and customer interactions. Salesforce enables us to streamline our business operations and improve customer service.
  • For payment processing, we use Stripe. Stripe handles online payments and transactions securely, ensuring that all financial data is processed in compliance with regulatory standards.
  • We also utilise Amazon Web Services (AWS) for cloud storage and computing services. AWS provides a robust infrastructure for data storage, enabling us to handle large volumes of data securely and efficiently.
  • For video conferencing and virtual meetings, we rely on tools such as Microsoft Teams, Zoom, Google Meet, and Amazon Chime. These platforms facilitate seamless communication and collaboration with clients and team members.
  • Lastly, we use ConvertKit for distributing newsletters and email marketing campaigns. ConvertKit helps us manage our marketing communications and engage with our audience effectively.

To ensure these data processors comply with GDPR requirements, we carefully vet each provider to confirm they have appropriate safeguards in place. This includes reviewing their data protection policies, ensuring they use encryption and other security measures, and confirming they have mechanisms to handle personal data in a manner consistent with GDPR standards. By doing so, we ensure that your personal data is processed securely and in compliance with applicable data protection regulations.

Data Sharing

We may share your personal data with third parties in the following circumstances:

  • With service providers and business partners who assist us in delivering our services and operating our business such as Amazon Web Services (as a member of the Amazon Partner Network), subject to appropriate confidentiality and security measures;

  • With competent authorities, law enforcement agencies, or other third parties if required by law or necessary to protect our rights, property, or safety, or the rights, property, or safety of others;

  • With your consent or at your direction; and

  • Third parties as part of a merger or acquisition.

We also share data for marketing purposes with the same third parties.

Data Storage and Security

Personal data is stored in the following locations to ensure it is managed securely and efficiently:

  • Firstly, we use Cloud Storage. This allows us to store large volumes of data securely, providing flexibility and scalability for our data management needs. Cloud storage solutions offer robust security measures to protect personal data from unauthorised access and breaches.

  • Secondly, we store personal data with SaaS vendors such as Salesforce and Zoho CRM. These Software as a Service (SaaS) platforms enable us to manage customer relationships and business processes efficiently. They also provide advanced security features to ensure the protection of personal data.

To protect the personal data stored in these locations, we implement several security measures. These include multi-factor authentication (MFA), which adds an extra layer of security by requiring users to provide two or more verification factors to gain access. Additionally, we use encryption to safeguard data, ensuring that it is unreadable to unauthorised users both during transmission and while at rest.

Furthermore, we enforce access controls restricted to business needs. This means that only authorised personnel with a legitimate business need can access personal data. By limiting access to data, we minimise the risk of unauthorised use or exposure.

By combining these storage solutions and security measures, we ensure that personal data is handled with the highest level of protection, in compliance with GDPR and other relevant data protection regulations. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention Policy:

Our data retention policy ensures that personal data is retained only for as long as necessary for the purposes for which it was collected. The retention periods for different categories of data are as follows:

  • Contract-related data: We retain data related to contracts for up to 3 years from the termination of the contract. This period allows us to address any post-contractual issues that may arise. However, if there are legal requirements to retain data for a longer period, we will comply with those requirements.

  • Event registration data: Data collected for event registrations is retained for up to 6 months after the event. This duration allows us to manage any follow-up communications and evaluations related to the event.

  • Marketing data: We retain marketing data until consent is withdrawn by the data subject or after 1 year of inactivity. If an individual does not engage with our marketing communications within this period, we will remove their data from our marketing lists to ensure compliance with data protection regulations.

  • General correspondence: Correspondence that is not related to a specific contract is retained until no further correspondence is necessary. This means that we will keep such data only as long as it is relevant to ongoing communications and there is a legitimate business need to do so.

By adhering to these retention periods, we ensure that personal data is not kept longer than necessary, in compliance with GDPR and other applicable data protection laws.

Data Subject Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are as stipulated below;

  • Rights to be informed.
  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restrict processing.
  • Right of data portability.
  • Right to object to processing.
  • Right to withdraw consent to processing.
  • Right to make a complaint to the data protection authorities.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Marketing and Communications

We handle marketing communications in a manner that respects your privacy and complies with data protection regulations.

  • Consent: We obtain consent for marketing communications through opt-in forms. This means that individuals actively agree to receive marketing communications from us by providing their consent via these forms.

  • Opt-out: Individuals can opt-out of marketing communications at any time. This can be done by following the unsubscribe links provided in our marketing emails. By clicking these links, recipients can easily remove themselves from our mailing lists.

We use the following third-party services to assist with our marketing efforts:

  • ConvertKit: This service is used for newsletter distribution, helping us to manage and send our email communications effectively.

  • Fathom Analytics: This tool provides privacy-centric analytics for our websites, enabling us to understand website performance and user engagement without compromising user privacy.

These third-party services are carefully selected to ensure they comply with data protection regulations, providing secure and efficient support for our marketing activities.

International Data Transfers

We may transfer personal data outside the UK and the European Economic Area (EEA) to countries where data protection laws may differ from those in the UK. Specifically, data may be transferred to the United States and other jurisdictions where our data processors operate.

When transferring personal data internationally, we ensure that appropriate safeguards are in place to protect your data and to comply with applicable data protection laws. These safeguards include:

  • Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission, which provide contractual obligations on the recipient to protect personal data to the standard required within the UK and the EEA.
  • Binding Corporate Rules (BCRs): Where applicable, we may rely on BCRs which are a set of internal policies adopted by our group of companies to ensure data protection is maintained across the group.
  • Adequacy Decisions: In some cases, we may transfer personal data to countries that have been deemed by the UK government to provide an adequate level of data protection.
  • Encryption and Pseudonymization: We use encryption and pseudonymization techniques to protect personal data during transfer, ensuring that it cannot be accessed by unauthorised parties.

We will inform you when we intend to transfer your personal data to third parties outside the UK and the EEA, and we will provide you with information on the specific safeguards applied to these transfers.

Cookies and Tracking

We use cookies for website functionality and performance analytics. Users are informed via a cookie notice and can manage preferences through their browser settings.

Third-Party Links

Our website may contain links to third-party websites that are not operated by us. If you click on these links, you will be directed to the third-party website. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

Therefore, we cannot be held liable for the protection and privacy of any information which you provide while visiting such websites, as they are not governed by this Privacy Policy. We encourage you to review the privacy policy of every website you visit, including those linked to from our site, to understand how your information will be handled by those third parties.

Policy Updates

We review and update this policy from time to time. Updates are posted on our website, and users should check periodically to stay informed of any changes.

Contact Information

For any questions or concerns regarding this privacy policy, please contact:

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint