ProfileTree Web Design and Digital Marketing Limited
1. ABOUT PROFILETREE WEB DESIGN AND DIGITAL MARKETING LIMITED
1.1. We are ProfileTree Web Design and Digital Marketing Limited, a limited liability company registered in Northern Ireland with registered number NI665548 and address, McSweeney Centre, 31 Henry Pl, Belfast BT15 2AY (we, us, our). Our business profile can be found on Google Maps. We have a second office based in Clones, Co. Monaghan, Republic of Ireland.
1.2. We provide various websites as well as a number of social media channels relating to digital marketing, education, food, cars and travel. We offer these agency services to companies in Northern Ireland, Ireland, across the UK, Europe, the USA and the rest of the world. As a global digital marketing agency based in Northern Ireland, we follow Northern Ireland law.
• any reference herein to ProfileTree shall be a reference to all or any such websites and/or social media channels provided by us (but excluding any third-party platforms or content). Our contact details will always be included on any such website or channel.
• Most ProfileTree Web Design and Digital Marketing Limited online assets can be accessed free of charge, though we also provide a number of premium services, including digital marketing services, hosting services and subscriptions to premium content. Any reference to our Premium Services shall be a reference to these paid-for services; and
• any reference to Services shall be a reference to our Premium Services as well as the provision of ProfileTree Web Design and Digital Marketing Limited. Our core agency services can be found via the following links – WordPress Hosting, Video Production and Video Marketing, Content Marketing Services, Search Engine Optimisation or SEO, Web Design and Website Development, Digital Strategy, Digital Training and Social Media Marketing.
• ProfileTree LLP was incorporated on 26th August 2011 as a limited liability partnership registered in Northern Ireland with registered number NC000806. In 2019 we started to move the business to an LTD and created the company ProfileTree Web Design and Digital Marketing Limited as the vehicle to take over ProfileTree LLP. This process was completed in 2023 when we transitioned fully to ProfileTree Web Design and Digital Marketing Limited.
We regularly review the Data Protection Commission of Ireland’s updates on safe date transfer requirements. On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED), respectively The European Commission has carefully analysed the relevant law and practice of the United Kingdom (UK). Based on its findings, the Commission concludes that the United Kingdom ensures an adequate level of protection for personal data transferred from competent authorities in the Union, falling within the scope of Directive (EU) 2016/680, to competent authorities in the United Kingdom falling within the scope of Part 3 of the Data Protection Act 2018 (DPA 2018)8. This Decision has the effect that such transfers may take place without the need to obtain any further authorisation for a period of four years, subject to possible renewal, and without prejudice to the conditions laid down in Article 35 of the Directive (EU) 2016/680. Article 45 – Transfers on the basis of an adequacy decision condition is met for Northern Ireland. Article 46 – Transfers subject to appropriate safeguards; we regularly enter into a legally binding and enforceable instrument between clients and our company to ensure Data Transfers are subject to appropriate safeguards.
2. WHO DOES THIS WEBSITE AND DIGITAL AGENCY HOLD DATA ABOUT?
2.1. The nature of our Services means that we may obtain and use Personal Data (that is, information relating to an individual who can be identified) that we collect about the following groups of individuals (Data Subjects):
(i) Users: that is anyone who visits or accesses ProfileTree;
(ii) Clients: that is any individual or business which enters into a contract with us to receive any Premium Service, including any individuals who we contact on behalf of our Client in connection with such services.
(iii) Prospective Clients: that is, employees, directors or representatives of any businesses which are not yet Clients but which we believe may be interested in becoming Clients.
We will hold Personal Data about the above-listed Data Subjects as a Controller. This means that we make decisions about what data we collect and how it should be used to best serve our purposes. The reason for this notice is so that each Data Subject is clear as to what data we collect about them, what we do with that data, how long we store it and their rights in relation to that data.
2.2. To the extent that we provide hosting services, it is likely that we may also collect and store information belonging to our Clients and that this may include Personal Data relating to third parties (Managed Data). We process any such Managed Data as a Processor, which means that we only use it in accordance with our Client’s instructions. Our terms of processing which set out how we deal with Managed Data will be set out in the agreement we enter into with our Client in respect of such services and are not dealt with here.
3. ABOUT THIS NOTICE
3.1. Under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018, we are required to provide individuals about whom we hold data as a Controller with certain information about what we are doing with their data. This notice is intended to do just that. We’ve listed the individuals to whom this notice is addressed at paragraph 2.1 above.
3.2. This notice only deals with our use of Personal Data. If you click on any links to third-party sites or products, you should check their privacy notices before disclosing any Personal Data to them.
3.3. We might need to change this privacy notice from time to time. We will publish our privacy notice on each ProfileTree site or channel and do our best to update you directly if we think the changes might affect you. Please keep an eye on our notice before sending us any Personal Data.
3.4. If you have any questions about this notice, feel free to send us an email to email@example.com.
4. WHAT PERSONAL DATA DOES THE WEBSITE AND DIGITAL AGENCY COLLECT, AND WHERE DO WE GET IT FROM?
4.1. We collect Personal Data relating to Users (User Data) in the following ways:
(i) Primarily, we will obtain User Data from users directly if they set up an account to use ProfileTree (User Account) and if they create a public profile for ProfileTree (User Profile). This is likely to be limited to their name, their email address, the town or city in which they live and any user name and strap line they will include in their profile as well as the password they create. It may also include a photograph if the User so wishes.
(ii) We will also collect details of any posts uploaded by a User to ProfileTree and any responses they receive from other Users.
(iii) We may also collect usage data in respect of a User’s use of ProfileTree. This could include location data (such as the region, town or city in which the User lives), information about what a User looked at and links clicked on, as well as IP addresses. We would do this to collect and collate aggregate data for our own business purposes.
(v) If a User contacts us directly with a support request or other issue, we may retain details of the request for our records and to make sure that the issue was properly resolved.
(vi) If a User clicks on a link on ProfileTree and consequently purchases any goods or services from a Client, we may receive information from our Client confirming that a sale was made. This is unlikely to include any Personal Data, and where possible, we would request that it doesn’t. Any such information would only be used to assess any payment due between us and our Client and for aggregate statistical purposes.
4.2 We may collect Personal Data relating to contacts within our Client (Client Data) in the following ways:
(i) Primarily, we will obtain Client Data from our Clients when they instruct us who we should contact in connection with our Services. This is likely to include their name and business contact details as well as their role in our client’s business. We will also need to hold information about our Client, which we need to set them up as a Client and avail of our rights and fulfil our obligations under any services agreement we enter into with them. This is likely to include our Clients’ financial data as well as details of any past transactions and payment history with us.
(ii) If our Client contacts us directly with a support request or other issue (whether by email, telephone or letter), we may retain details of the request for our records and to make sure that the issue was properly resolved.
(iii) If our Client signs up to receive our newsletter or receive marketing information from us, we may retain information about marketing preferences and any contact details our Client provides us with.
Prospective Clients of the Web Marketing Agency
4.3 There are a number of ways we might collect Personal Data about contacts for prospective Clients (Prospective Client Data):
(i) If a business contacts us directly (whether by calling us up, sending us an email or if we meet a representative for a business somewhere in person) and the representative asks for information about our Services, we may retain information about that request, including their name, where they work and their business contact details.
(ii) Our marketing team may also carry out its own research using online sources to try to locate businesses and key contacts within those businesses who we think may be interested in hearing about our Services.
(iii) If a representative of a business signs up to receive our newsletter or receive marketing information from us, we may retain information about their marketing preferences and any contact details they provide us with.
5. SPECIAL CATEGORIES OF DATA AND CRIMINAL OFFENCE DATA
5.1 In the UK, some types of Personal Data are afforded special status because they are considered to be more sensitive in nature and could potentially cause more harm to an individual if the data was misused.
• Special Categories of data include details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data; and
• Criminal Offence Data means data relating to an individual’s criminal record.
5.2 We do not anticipate that we will collect or store any data relating to our users, Clients or Prospective Clients of this nature,
6. HOW WE USE PERSONAL DATA AND OUR LAWFUL BASES FOR DOING SO
6.1 We may use User Data for the purposes set out below.
- To enable you to use ProfileTree: This includes enabling you to set up a publically available User Profile; enabling you to post public reviews, read and respond to other reviews and comments and download resources (if agreed). It is necessary for the performance of our contract with you for the provision of our Services to you.
- For administration and dispute resolution purposes: We may also need to process Personal Data about you to meet our internal administration requirements and, as well as for matters such as dispute resolution. It is necessary to achieve our legitimate interest of protecting our rights as a business.
- To send marketing communications: From time to time, we might send you an email about events we are running or other products or services which we think might be of interest to you. We will always include an opt-out in any such emails. We will only send you marketing communications if you have expressly consented to it.
- To facilitate our online marketing strategy: We may collect data about how you use ProfileTree and use that information to make decisions about the type of online advertising to show you when you use ProfileTree. It is necessary to achieve our legitimate interest of promoting our business.
- To calculate the commission payable by our Clients to us: We may use the information that we receive from our Clients about any services you have purchased from them after clicking on a link on ProfileTree. This is unlikely to include any Personal Data, but if it does, such use would be limited solely and strictly to the extent necessary to achieve our legitimate interest of creating a robust revenue structure.
- To create aggregate data for analysis purposes: We may collect aggregate data relating to your use of ProfileTree to analyse trends per region and split by other demographic. This data may be sold to third parties or used by us to help us improve our Services. Any such data shall not include data from which an individual can be identified.
6.3 We may use Client Data for the purposes set out below.
- To provide our Clients with services: This includes recording and retaining communications with our Clients about their requirements.
Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract/ necessary to achieve our legitimate interest of creating a robust revenue structure.
- Administration and Dispute Resolution: We may also need to process Personal Data to meet our internal administration requirements to facilitate payments and, as well as for matters such as dispute resolution. It is necessary to achieve our legitimate interest of protecting our rights as a business.
- Marketing: From time to time we might send you an email about products or services which we think might be of interest to you. We will always include an opt-out in any such emails. It is necessary to achieve our legitimate interest of promoting our business.
Prospective Client Data
6.4 We may use Prospective Client Data for the purposes set out below.
- To provide you with information about our services: If you have asked us to do so, we may use the details you give us to provide you with a quote for our services. We would usually do this by email.
- Marketing: We might use the contact details you have provided us with to send you emails about events we are running or information about our Services which we think might be of interest to you. We will always include an opt-out in any such emails. It is necessary to achieve our legitimate interest of promoting our business.
7. DISCLOSURE OF PERSONAL DATA
7.1 We may disclose any Personal Data that we hold to our employees as well as other third parties who we engage to help us provide our Services. For example, we use third parties to provide the following services for the following services:
• Email Provider
• Host Server provider
• Marketing Database Provider
• Project Management Software
A list of our core services collecting data from your use of this website:
Provider – Cloudflare Inc.
Purpose – Traffic optimization and distribution
Description – Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User’s browser, while also allowing analytical data from this Website to be collected.
Provider – Google Ireland Limited
Purpose – Analytics
Personal Data collected – Trackers, Usage data and Device information
Description – Google Analytics 4 is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data centre or server. Users can learn more by consulting Google’s official documentation.
Provider – Google Ireland Limited
Purpose – Tag Management
Personal Data collected – Usage data and Trackers
Description – Google Tag Manager is a tag management service provided by Google Ireland Limited.
Provider – HubSpot, Inc.
Purpose – User database management
Description – HubSpot CRM is a User database management service provided by HubSpot, Inc.
Provider – This Website
Purpose – Analytics
Personal Data collected – Trackers and Usage data
Description – Matomo is an analytics software used by this Website to analyze data directly without the help of third parties.
Any such parties contracted by us will be acting as our Processors and will be subject to strict contractual requirements only to use Personal Data in accordance with our privacy notice. If you would like more information about third-party processors used by us, please contact us at: firstname.lastname@example.org.
7.2 We may also disclose Personal Data if:
7.2.2 to any buyer if we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.
7.3 The nature of ProfileTree means that any post published and the User Profile of the user posting will be publically accessible. You should consider this before publishing a post and think carefully about what information you want to include and whether you want to include any Personal Data at all. You are not required to do so.
7.4 Although you may be able to link to third-party sites via ProfileTree, save as set out in this paragraph 7, we will never transfer your data to a third party without your consent.
7.4 We may sell aggregate data which we have collected from our Users’ use of ProfileTree to third parties to help them assess their performance. None of the information sold will include any Personal Data.
8. WHAT SECURITY PROCEDURES DO YOU HAVE IN PLACE?
8.1 We are aware of how important it is for us to keep the data we hold about Users and other parties secure and have implemented the following processes and procedures:
8.1.1 Our employees are required to hold any data which they handle on our behalf securely and confidentially and are contractually bound to do so.
8.1.2 We make sure that any data processors (such as Mailchimp and Amazon Web Services) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.
8.1.3 While we store the content you upload to your private account, the information is encrypted and not readily accessible either to us or our employees. We could access it, for example, in an emergency or if it was necessary to comply with a request from you or to defend or protect our legal rights.
9. WHERE DO YOU STORE THE PERSONAL DATA YOU COLLECT?
9.1 We currently have servers in the EU, the US and the UK. We will always strive to use the server which is based in the same location as our customer (or as near as possible).
9.2 In respect of Personal Data relating to Data Subjects based in the EU, we will only transfer Personal Data outside the EEA if:
• the territory has been deemed by the European Commission to implement adequate safeguards;
• appropriate measures (such as model contract clauses) have been put in place;
• the company has registered with an EU-recognised framework such as the EU-US Privacy Shield;
• the transfer is necessary for the performance of the contract with the Data Subject in question – for example, if Users are based outside the EEA, and it is necessary to contact them in connection with our Services to Users; or
• if we have obtained explicit consent from the Data Subject.
10. THE AGENCIES RETENTION POLICIES
10.1 Our retention policies are as follows:
- Transaction data: That is data we collect about the transactions our Client carries out with us. For the life of the Client contract + 7 years to ensure that we have sufficient records from an accounting and tax perspective
- Financial Data: That is financial data relating to our Client For the life of the client contract + 1 year in case of renewed contract and/or any payment issues outstanding after the contract is completed.
- User Account Data: That is any data collected which is attributable to a User Account Retained for so long as the User Account remains live, after which such data will be routinely deleted within 12 months.
- Marketing Lists: That is any names and emails held and used as recipients for mail shots or other unsolicited marketing. Retained until opt-out with update and rectification procedure carried out every 3 years
- Usage Data: That is any data concerning how ProfileTree is used by its users. Retained for no longer than 6 years from the date of creation.
11. RIGHTS OF A DATA SUBJECT
11.1 Data Subjects have the following rights against the Controller in respect of Personal Data held by the Controller which relates to them.
(a) Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
(b) Right of access: the right to request a copy of the Personal Data held, as well as confirmation of:
• the purposes of the processing;
• the categories of Personal Data concerned;
• the recipients to whom the Personal Data has/will be disclosed;
• for how long it will be stored; and
• if data wasn’t collected directly from you, provide information about the source.
(c) Right of rectification: the right to require the Controller to correct any Personal Data held about you which is inaccurate or incomplete.
(d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held about you erased from the Controller’s records.
(e) Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing until the data has been reviewed and updated if necessary.
(f) Right of portability: the right to have the Personal Data held by the Controller about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
(g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
(h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects (or other similar significant effects) on you. We do not carry out any automated decision-making process.
11.2 If you want to avail yourself of any of these rights, you should contact us immediately via our support page. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.
11.3 We will confirm to you in writing to acknowledge receipt of any request we receive relating to your rights as a Data Subject, and we will let you know if we have complied with your request. If, having carried out an assessment, we believe we have an overriding reason for retaining the data, we will let you know why we have reached that conclusion.
12. WHAT HAPPENS IF YOU REQUEST US TO STOP PROCESSING PERSONAL DATA RELATING TO YOU?
12.1 You may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example:
12.2 If you ask us to stop processing Personal Data about you, you will no longer be able to access your user account since we will not be able to identify you.
12.3 If you ask us to stop processing Personal Data about you for direct marketing purposes, this will not impact your ability to make access your user account.
13. DETAILS FOR QUESTIONS OR COMPLAINTS ABOUT HOW WE PROCESS PERSONAL DATA RELATING TO YOU
13.1 If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to email@example.com. If we are processing Personal Data about you on behalf of Users, we will need to pass your complaint to Users – we will only do so with your consent.
13.2 If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by using the relevant details:
For ROI Residents:
Data Protection Commission (DPO)
21 Fitzwilliam Square South
Tel: 01 7650100 / 1800437 737
For UK Residents:
Information Commissioner’s Office (ICO)
14 Cromac Place,
Tel: 0303 123 1114
Last updated: 18th August 2023.