Last updated April 2021
This Privacy Policy covers information we collect from users and visitors of our Website, located at http://wearetonicandco.com as owned and operated by Tonic & Co Agency Ltd. By accessing the Site, using any of the Services, or otherwise agreeing to this Privacy Policy, you are consenting to the collection, use, disclosure and other handling of your information as described below.
You further agree to the terms contained in this Privacy Policy and any documents incorporated by reference, whether you are registered with Tonic&Co (“Registered User or Agency”) or are simply browsing the Site. If you disagree with the way we collect and process personal information collected on the Site, you should not use the Services and the Site.
Our Privacy Policy is a legal statement that explains how we may collect information from you, how we may share your information, and how you can limit our sharing of your information.
1. Your Rights
When using our website and submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:
- The right to be informed: You have the right to be informed about the personal data we collect from you, and how we process it.
- The right of access: You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.
- The right to rectification: You have the right to have your personal data corrected if it is inaccurate or incomplete.
- The right to erasure: You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
- The right to object: You have the right to object to us processing your personal data.
Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. If this is the case you will be notified of this at the time of your request. If you make a request we may require specific information from you to help us confirm your identity. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.
You may exercise your rights in above by contacting us directly using the details set out in this document.
2. About Us
The term ‘Tonic & Co Agency Ltd or ‘Tonic-Collective’ ‘Tonic&Co’ or ‘Tonic’ or ‘us’ or ‘we’ refers to the owner of the website, Tonic& Co Agency Ltd. Registered in England & Wales. Company No: 15571443 Registered Office Address: 39 College Street, Petersfield, England, GU31 4AG. The term ‘You’ or ‘Your’ means any person or entity using the Site.
You can contact us as follows:
Address: 39 College Street, Petersfield, England, GU31 4AG
Email: data@tonic-collective.com or hello@wearetonicandco.com
Telephone: 07745 152636
3. What information do we collect?
Information You Provide to Us:
- When you make an enquiry about our services via email, telephone, post or via our social media channels.
- When you as a client, ask us to provide services to you (or you work for someone who we provide services to); and
- When you as a supplier, provide goods or services to us (or you work for someone who supplies goods or services to us).
Information We Collect About You;
- We will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, we will keep a record of that correspondence along with your name, title, contact details and details about the correspondence and indeed any work we have completed together or details of conversations that have taken place.
- We may use CCTV to maintain the security of our premises, prevent and investigate crime, and in the interests of health and safety. The images captured are securely stored and only accessed where necessary (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time (no more than 30 days) unless an issue is identified that requires investigation (such as a theft).
- In the unlikely event that you have an accident on our premises we will also collect details of the accident in order to comply with relevant health and safety legislation.
- When you sign up to our e-mail newsletters, we use technology to collect information about how you interact with our emails, including whether our emails are delivered to you and whether you open them, unsubscribe from them or click on any of the links which they contain.
- We also use analytics tools on our website to collect anonymized and aggregated information about website visitors. This includes information about how our visitors navigate the site (including mouse movements and key presses) details of our visitors’ browsers, operating systems, device screen resolutions and screen sizes, internet protocol (IP) addresses, geographic locations, time zone settings and other technology on the devices they use to access our website. We use this information for analysis purposes and, unlike the other types of information we collect from our website visitors, it cannot be used to identify individuals.
Information we receive from third parties
- We may be provided with your contact details if you or your services are referred or recommended to us by a third party;
- We use lead generation agencies who use publicly available sources and dedicated databases to obtain contact details for business purposes; and
- In certain circumstances we may use a third-party provider to conduct due diligence on our suppliers. This may lead to us being provided with personal data relating to criminal convictions and offences (such as fraud, bribery) and other information relevant to our decision as to whether to conduct business with you or your company. This information is obtained from publicly available sources.
4. How we use information about you and your recipients of your information
We will use your information for the purposes listed below either on the basis of:
performance of your contract with us and the provision of our services to you;
your consent (where we request it); or
our legitimate interests (see detail on ‘legitimate interests’ below).
We may use your information for the following purposes:
- to provide you with access to our website in a manner convenient and optimal including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
- as a client, to provide you with our services as agreed pursuant to the performance of our contract with you;
- to keep in contact with you about our news, events, or new services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our e-mail marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
- if you are a supplier, to receive services from you or your organisation, for example where a supplier is providing us with IT or other outsourced services we will handle personal data about the individuals who are involved in providing the service to us;
- to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of information and content to our website users);
- to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including without limitation fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
- to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
- personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
- To provide you with direct marketing about our products and services unless you have asked to be taken off our mailing lists;
- Protecting against fraud and other risks to our business, for example when we collect personal data in the course of carrying out due diligence on our suppliers; and
- Ensuring network and information security and the security of our premises, for example, when we use CCTV at our premises.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, please contact us.
Who we might share your information with
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal data with third parties that we work with such as:
- third parties who provide data processing and IT services to us including website hosting providers, data back-up, security and storage providers and cloud-based software providers.
- other third-party service providers who help us run and improve our business. For example, providers of email services, marketing services, survey and market research providers, providers of fulfilment and postal services and travel service providers.
- any selected third party that you consent to our sharing your information with for marketing purposes.
- any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006.
- third parties with whom we may choose to sell, transfer or merge parts of our business or our assets; and
- any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
5. How we look after your information and how long we keep it for
We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- ensuring the physical security of our mobile office spaces;
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection
- limiting access to your personal data to those in our company who need to use it in the course of their work
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
Please contact us if you would like to be provided with the details of the retention periods for specific aspects of your personal data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
International Transfers of your information
We are a global business based in the UK and we use third party service providers located in other countries to help us run our business. As a result of this we may transfer personal data outside of the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, which is also referred to as the “EEA”).
Countries outside of the EEA may not have data protection laws that provide the same level of protection as those within the EEA and so whenever we transfer your personal data outside the EEA, we take steps to ensure all personal data is protected with adequate safeguards, such as by entering into the European Commission approved standard contractual clauses or transferring personal data to service providers in the USA which are part of the “EU-US Privacy Shield” scheme.
Please contact us if you would like further information on the specific mechanism we use when transferring your personal data out of the EEA or if you wish to request a copy of the relevant safeguards which we have put in place.
6. Changes to this privacy notice
We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.