Contact Us

Privacy Policy

At Northern Reaches Ltd, our top priority is the protection and security of your personal information and that of your customers. In line with the Data Protection Act 2018, this privacy policy explains how we handle the personal data we receive from our clients. Our procedures include collecting, using, keeping, and safely disposing of your personal data when performing data-related services on your behalf.

When you provide us with your customers’ personal data, we act as a “data processor.” This means we handle and manage the data under your direction as the Data Controller. Our role involves various tasks such as examining or consulting on the data provided.

This policy is designed to keep you, our valued clients, fully informed about how we handle and use your personal data. It’s also a guide for our employees, ensuring they know how to correctly manage, use, and dispose of the data that comes into our care at Northern Reaches Ltd. We’ve written this policy in clear, straightforward language so that all our clients and their teams can easily understand our commitment to maintaining the highest standards of privacy and data security.

Your Personal Data: We gather your personal information at the start of your relationship with Northern Reaches Ltd and during subsequent interactions. These occasions include direct contact with us via phone or email, or indirect interactions like when you visit our website. The purpose of collecting your personal data is to fulfil our contractual obligations and to ensure that we provide you with information and services that are most relevant to your needs.

Your Customers’ Data: In our role as your trusted partner, there may be times when we need to review your customers’ data. This analysis is pivotal in offering insights into your customer base, aiding in decision-making processes, and helping you achieve your strategic goals. During such engagements, we only collect the necessary details about each of your customers, strictly limited to the specific objectives you have tasked us with.

Personal Information: We gather a range of personal details, including but not limited to your name, email address, and other contact information. This collection happens through various channels like our contact forms, direct interactions with our customer service team, or throughout our service provision to you. This may also include any additional information that you choose to share with us during our interactions.
 
Technical Information: Every time you visit our website, we collect certain technical details. These include your IP address, the type of browser you are using, and other relevant usage data. This information helps us understand how you interact with our website and enables us to tailor your browsing experience.
 
Usage Data: We closely monitor how you utilize our website and services. This encompasses the pages you visit most frequently, the features you use, and how you navigate through our site. This data is crucial for us to understand your preferences and to enhance the overall user experience.

Service Enhancement: We utilize your information to not only provide but also to continually improve the quality of our services. This includes tailoring our offerings to better suit your needs and preferences.
 
Customer Support: Your information is essential for us to offer effective customer support. It enables us to respond swiftly and accurately to your queries and to provide assistance where needed.
 
Communication: We use your contact details to send you important updates, including security alerts, service changes, and other administrative messages. These communications are crucial for keeping you informed about our services and any changes that might affect you.
 
Research and Development: The information collected is an asset for our internal processes. It aids in data analysis, drives our research efforts, and helps us in developing new features and services. By understanding your usage patterns and preferences, we can innovate and evolve our offerings to better serve you and future clients.

Change of Purposes: As part of your compliance with the Data Protection Act (DPA), it is essential that you have already informed your customers about the handling of their data through a Data Privacy Notice. This notice should clearly outline how you collect, store, manage, and process their personal data, including the disclosure of any third parties who may have access to this information.
 
If our services and engagement with you were not initially included in your existing Data Privacy Notice, it becomes necessary for you to update this document. It’s your responsibility to ensure that your customers are adequately informed about these new developments. This update should include details about our role in processing their data and the scope of our engagement. By doing so, you maintain transparency with your customers and adhere to the legal requirements set forth by the DPA, ensuring that your customers are fully aware of how their data is being utilized and by whom.

Understanding Automated Decisions: Automated decision-making refers to the process where decisions are made solely by automated means, without any human involvement. This typically involves the use of electronic systems or algorithms that analyse personal data to make decisions. A common instance of this is selecting customer records for direct marketing or communication campaigns based on specific criteria set by an algorithm.
 
GDPR Compliance in Automated Decisions: Under the General Data Protection Regulation (GDPR), automated decision-making is permissible in specific scenarios:
  1. Contractual Necessity: When such decisions are essential for the performance of a contract with a customer, provided their rights are fully protected.
  2. Legal Authorization: Where the decision-making process is authorized by laws of the European Union or its member states, applicable to both Northern Reaches Ltd and our clients.
  3. Explicit Consent: When a customer has given explicit written consent for automated decision-making, again ensuring that their rights are safeguarded.
The Northern Reaches Ltd Approach: Currently, Northern Reaches Ltd does not anticipate the need to implement automated decision-making processes in our engagements. Should this change, we will promptly notify you in writing. In our partnership, we may engage in profiling activities using the personal data you provide. These activities will be strictly aligned with our agreed objectives and will be clearly documented in our Statement of Work with you, ensuring transparency and compliance with all relevant data protection regulations.

Respect for Personal Information: At Northern Reaches Ltd, we hold a firm stance against selling or leasing your personal information to any third parties. Our respect for your privacy is paramount, and we strictly adhere to this principle in all our operations.
 
Collaboration with Trusted Entities: In certain instances, we collaborate with carefully selected partners or service providers. These collaborations are essential for us to provide the high-quality services you expect from us. However, it’s important to note that any sharing of information with these entities is governed by strict confidentiality agreements, ensuring that your data remains protected.
 
Legal and Ethical Disclosure: While we prioritize the confidentiality of your data, there are circumstances under which we might need to disclose information. This would only occur if legally mandated, such as in compliance with a court order or other legal processes. Additionally, we reserve the right to disclose information when it’s necessary to protect our legal rights, safeguard our property, or ensure the safety of our staff, clients, or the public. In all such instances, we are committed to proceeding with the utmost care and in accordance with legal requirements.

Proactive Protection Measures: At Northern Reaches Ltd, safeguarding your personal information is a top priority. We have instituted a comprehensive set of security measures designed to prevent unauthorized access, modification, exposure, or destruction of your data. Our security infrastructure is robust and includes advanced technological solutions and stringent procedural safeguards, ensuring the highest level of protection for your personal information.
 
Continuous Security Enhancement: Understanding that security threats are constantly evolving, we don’t just stop at implementing security measures. We regularly conduct thorough audits of our security practices to identify and rectify any potential vulnerabilities. This ongoing process ensures that our security measures are always up-to-date and effective, adapting to new challenges and maintaining the integrity and confidentiality of your data at all times.

Access and Correction: At Northern Reaches Ltd, we recognize and respect your right to access and oversee your personal information. You are entitled to request a copy of the personal data we hold about you. Furthermore, if you find any inaccuracies in your data, we are committed to making the necessary corrections to ensure that your information is up-to-date and accurate.
 
Objection and Portability: You have the right to object to the processing of your data, especially where such processing impacts your personal rights and freedoms. Additionally, we support your right to data portability – this means you can request a transfer of your data to another organization or to yourself in a structured and commonly used format.
 
Consent Withdrawal: In instances where our processing of your data is based on your consent, you have the full right to withdraw this consent at any time. We ensure that withdrawing consent is as straightforward as giving it. Upon your withdrawal of consent, we will cease processing your data for the purpose you originally agreed to, unless there is another legal ground for continuing the processing.

Retention of Your Information: Whilst you remain a client of Northern Reaches Ltd, we will retain and utilize your data exclusively for servicing our contractual agreement with you and your organization. We understand the importance of using your personal data solely for the purposes for which it was collected, in line with our commitment to privacy and data protection.
 
Extended Contact Information Retention: In certain cases, we may hold onto your contact details for an extended period. This is primarily to inform you about products or services that may be of interest to you, based on our reasonable belief and understanding of your preferences. However, we respect your choice to opt-out of such communications. Should you request us to remove your contact details, we will comply but retain a minimal record marked as “Do Not Contact” to ensure that you are not approached for future communications.
 
Retention of Your Customers’ Data: The personal data of your customers that we handle as part of our engagement will be retained strictly for the duration necessary to fulfil the objectives outlined in our agreement with you. This retention policy aligns with the specific terms detailed in our Statement of Work or the mutually agreed Security policies.
 
Post-Engagement Data Handling: Upon the completion of our engagement, we are committed to responsibly disposing of or destroying your customers’ personal data. This process is conducted in a secure and privacy-compliant manner, ensuring that the data is not kept longer than necessary and that all confidentiality obligations are adhered to.

Enhancing Your Digital Experience: At Northern Reaches Ltd, we utilize cookies and other similar tracking technologies on our website. These tools are integral in providing an enhanced browsing experience for you. They enable us to tailor the website functionality to your preferences and ensure smooth navigation, making your interactions with our site more efficient and personalized.
 
Gathering Valuable Usage Insights: Beyond improving user experience, these technologies are crucial in collecting usage data. This data provides us with essential insights into how visitors engage with our website. By understanding these patterns, we can continuously refine and optimize our online presence, ensuring that the content and services we offer align closely with your interests and needs.
 
Your Control Over These Technologies: We believe in empowering you with control over your online experience. Accordingly, we provide comprehensive information on how you can manage cookies and tracking technologies through your browser settings. You have the flexibility to adjust these settings to accept, block, or receive alerts about cookies, according to your privacy preferences. This empowers you to make informed choices about your data and how it is used.

Cross-Border Data Flow: At Northern Reaches Ltd, we recognize that our operations and services might involve the transfer of your personal data beyond the borders of the European Economic Area (EEA). We take this aspect of data handling very seriously, ensuring that any such transfer adheres to strict data protection standards.
 
Ensuring Data Protection: When transferring data internationally, we implement robust safeguards to ensure that your data receives the same level of protection as it would within the EEA. These measures are in accordance with applicable data protection laws and include entering into data transfer agreements with recipients, using standard contractual clauses approved by the European Commission, or ensuring that the recipients are certified under appropriate frameworks that ensure adequate data protection.
 
Transparency and Compliance: We are committed to maintaining transparency in all our data practices, especially when it involves international transfers. Northern Reaches Ltd ensures full compliance with the legal frameworks governing cross-border data movement, and we take all necessary steps to protect your data irrespective of where it is processed.

Commitment to Current Best Practices: In our ongoing effort to ensure the highest standards of data protection and to remain in line with evolving legal requirements and best practices, Northern Reaches Ltd may make periodic updates to this Privacy Policy. Our aim is to continuously refine our privacy practices to better protect your personal information and align with industry standards.
 
Staying Informed: Whenever this policy is updated or revised, we will reflect these changes by updating the date of the latest version at the top of this policy page. We encourage you to review our Privacy Policy regularly to stay informed about how we are protecting your data and to understand any changes that may affect you.

Open Communication Channel: At Northern Reaches Ltd, we place great importance on open and transparent communication with our clients. If you have any questions, concerns, or inquiries regarding our Privacy Policy or how we handle your personal data, we are here to assist you.
 
Contact Details: Please feel free to reach out to us at [email protected]. Our dedicated team is committed to providing you with the support and information you need concerning your data privacy and our policies.

A Foundation of Trust: At Northern Reaches Ltd, we deeply understand that the foundation of our relationship with you is built on trust. Upholding and nurturing this trust is central to everything we do.
 
Dedication to Your Privacy: Our commitment extends beyond just delivering exceptional services; it includes a steadfast dedication to safeguarding your privacy. We continually strive to ensure that your digital interactions with us are not only secure but also positively enriching.
 
A Personal Pledge: As the owner of Northern Reaches Ltd, I, Mark Tonks, personally stand behind our promise to protect your privacy and enhance your digital experience. Your confidence in us is what drives our mission forward.