DRD Partnership (DRD) is a strategic communications consultancy focused on building value for our clients and protecting their reputations at moments of challenge and of change. We are committed to safeguarding the privacy of all those about whom we process personal information.
For the purposes of GDPR, DRD (company number 07937000, registered office C/O Kingswood, 3 Coldbath Square, London, EC1R 5HL, England) will be the controller of any personal data that we collect from or about you.
Please read the following Policy carefully to understand our policies and practices regarding your personal data and how we will treat it.
We may update this Policy from time-to-time to reflect our current privacy practices by posting a new version on our website. We encourage you to periodically review this Policy to be informed about how we are protecting your information. In the case of a substantial change, a notice will be posted on our website along with the updated policy and (where practicable) we may also notify you by e-mail.
- Basis on which we process personal data
Personal data we hold about you will be lawfully processed for the following legal reasons:
- The processing is necessary for our legitimate interests (including the operation of DRD and the provision of communications services) or those of any client or relevant third party, unless those legitimate interests are overridden by your rights and interests in data privacy and security;
- The processing is necessary in order for us to comply with our obligations under a contract with you;
- The processing is necessary for us to comply with our legal obligations; or
- Where no other condition for processing is available, you have consented to the processing of your personal information for the relevant purpose.
- Information we may collect
We may collect and process the following personal data about you:
- Information you directly give us. You may give us information about you by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, employer, title, address, e-mail address, phone number, bank details, biographical data, documents to verify identity and address in order to satisfy anti-money-laundering regulations. Where you provide us with information about other individuals in connection with your dealings with us, you must ensure that they agree to us using their information for the purposes set out in our letter of engagement or agreement.
- Information provided to us by your organisation or employer, agents, advisers or intermediaries.
- Information about you provided indirectly from other business sources (such as business referrers).
- Information in the public domain (including websites and third party databases) which allows us to contact you for legitimate business purposes.
- Our website
To maintain and run DRD’s website, we collect and process data about users, including information about usage of our site, including pages viewed and resources accessed, and traffic data, geographical data and other communication data. This information is gathered by cookies. Cookies are downloaded onto a user’s computer and stored on the computer’s hard drive, providing statistical data.
- Uses made of the information
We may use information held about you for the following purposes:
- To carry out our services and obligations arising from any contracts entered into between you and us.
- To provide you with information, products and services, both on our behalf and on behalf of our clients.
- To provide you with information about DRD. This includes invitations to events and briefings around topics we believe will be of interest to you.
- To conduct administrative or operational processes within our business and to maintain records as required.
- To notify you about changes to our service.
- Disclosure of your information
We do not share personal information you provide to third parties other than as follows:
- To business partners, suppliers and sub-contractors we engage to assist in providing our communications services and for the performance of any contract we enter into with them on your behalf.
- To associates and suppliers, journalists, media organisations, public policy and academic researchers, and other interested parties, including clients, as part of the provision of communications services (although we will not generally disclose personal contact information without your consent).
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation.
- Where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others.
- If DRD or substantially all its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Other than as set out above, we will not disclose any of your personal information unless you give us permission to do so. If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that the third party complies with the terms of this Policy.
- Security and retention of your data
We will take all steps reasonably necessary to keep your personal information secure and to ensure it is treated in accordance with this Policy. We will ensure that our employees are aware of their privacy and data security obligations. We will also take reasonable steps to ensure that third parties working on our behalf are aware of their privacy and data security obligations.
Personal data will be retained by us for as long as it is necessary for the purposes set out above and as required by any legal or regulatory obligations. We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list or newsletter, we may keep certain limited information about you so that we may honour your request.
- Your rights
According to the Data Protection Act 1998 and GDPR you have the right to:
- Ask us to provide you with a copy of the data we hold on you and information on how we process it;
- Ask us to correct any out of date or incorrect data we hold on you;
- Ask that we delete personal information we hold about you;
- Opt-out of any marketing communications we may send you and ask us not to process your personal data for our marketing purposes. All marketing correspondence you receive from us will contain an unsubscribe link. You can also email us at any time to be removed from our database.
We have appointed a Data Protection Officer who is responsible for ensuring that DRD is compliant with relevant data protection laws. If you have any questions or concerns about personal information or our Policy or you wish to make a complaint about how we have processed your personal information, or you wish to exercise any of your rights as a data subject please contact our Data Protection Officer by email at firstname.lastname@example.org or by post at the following address: 35 King Street, London WC2A 8JG.
- Links to third party sites
Our site may, from time to time, contain links to the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
- Transferring your information outside Europe
Our services are international in nature. We do not transfer any data in a systematic way outside the European Economic Area (EEA) but there may be circumstances in which certain personal information is transferred to countries or international organisations outside the EEA, such as:
- We may communicate with individuals or organisations outside the EEA in delivering our communications services and those communications may include personal data (such as contact information);
- If we are required to provide certain personal information as part of a legal reporting obligation to an entity outside the EEA (for example the US Federal Government) and some of that information may be made public;
- From time to time your information may be stored in devices which are used by our employees outside of the EEA (but employees will be subject to our data security policies).
If we transfer your information outside the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and your privacy rights will continue to be enforceable against us as outlined in this Policy.