Paragon Customer Communications Ltd (“Paragon”) takes the privacy of information very seriously both as a Data Controller and a Data Processor.
When providing services to our clients such as sending marketing communications on their behalf, Paragon processes personal information in the role of a data processor in accordance with the UK Data Protection Act 2018 and the GDPR (2016/679) and therefore does not own, control, or direct its use. If your personal data has been submitted to us by or on behalf of a Paragon client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly.
The remainder of this notice will cover Paragon’s role as a data controller, and is designed to ensure that you are fully informed about:
• Paragon business details
• How and why, we collect and process your information,
• Who we share your information with and
• Your rights.
Throughout the notice, the words ‘we’ and ‘us’ refers to Paragon [and its subsidiaries], unless otherwise indicated. We may vary this notice from time to time. The current version will be published on our website.
Paragon business details
Paragon businesses are registered in the United Kingdom under company numbers 07262428, 04994924, 02788181, 04220397, and in Luxembourg under B226065
Click here to go to: Companies House and RCS Portal
Paragon’s various businesses are also registered as Data Controllers with the ICO under Z9590394, Z6941941 and Z9471827.
A Data Protection Officer has been appointed who can be contacted by email or postal address as stated below: DPO@paragon-cc.co.uk
Data Protection Officer
Paragon Customer Communications Ltd., Lower Ground Floor ,Park House
16-18 Finsbury Circus , London, EC2M 7EB
As a Data Controller, Paragon collects information that, alone or in combination with other data, could be used to identify you (Personal Information), such as your e-mail address, name, physical address, telephone number, or employment information.
Paragon will collect your Personal Information in several ways, including when you contact us through the Paragon website, by telephone, post, e-mail or through the other means set out below.
Acquisition of products and services.
If you acquire products or services from Paragon, we will collect and store your business and billing information. Paragon may also collect anonymous demographic information which is not unique to you, such as your postal code and preferences (Non-Personal Information). Non-Personal Information is not linked to your Personal Information (for example, your IP address).
Visits to our website.
When you visit our webpages, we will download a small file called a “cookie” to be stored on your computer’s web browser. This helps us personalise your web experience and remember you when you return and want to continue a task. Please view our cookies page to see full details of what cookies we use on the site, what these are used for and how to disable them.
Our cookies provide us with non-personal statistical information about what you do on the website, for example: the duration of a time a page was viewed, common paths taken through the site, data on screen settings and other general information. We may also collect information about what other websites you visit after ours. We use this data to improve the services on our site and to improve your experience of using our website
These are cookies that are set by this website directly and include Google Analytics & other analysis tools.
Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collect via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. Additionally, we use Google Optimize to utilise our Google Analytics cookies to target content variants to a user and a content experiment cookie to determine a user’s participation in an experiment.
You can find out more about Google’s position on privacy as regards to its analytics service at http://www.google.com/intl/en_uk/analytics/privacyoverview.html
Drupal: Our websites run the popular Drupal CMS. Cookies are used to store basic data on your interactions with Drupal, and whether you have logged into Drupal. We use a session cookie to remember your log-in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If disabled then various website functionality on the site will be broken. More information on session cookies and what they are used for at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html
Hotjar: Our websites use Hotjar, which is a tool that records and aggregates data on how visitors to our site use are using it. Hotjar uses cookies to collect non-personal information, so users cannot be personally identified. Examples of the type of information collected include, but are not limited to: pages visited, how pages are used and interacted with, type of device and browser used, and the country you are in.
For more information on Hotjar, how it collects data, what data it collects and how to opt out of it collecting your information, please read Hotjar’s own privacy policy.
Pardot: Our website makes use of the Pardot tracking code. Pardot is part of Salesforce's Marketing Cloud Account Engagement. It is a tool used for marketing automation and lead generation. To know more about Pardot’s cookie activity tracking click here: https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.h…
To view Salesforce's cookie policy, click here:
https://www.salesforce.com/uk/company/privacy/
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by some or all of the following services: ShareThis, LinkedIn, Twitter, Facebook, Google+ and Pinterest. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
LinkedIn: The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. This data is encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days.
LinkedIn does not share the personal data with PCC, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling Paragon to show personalised ads off its website by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
Our websites may contain links to other sites outside the group. Neither Paragon, nor its group companies, is responsible for the privacy and security of these sites. This privacy notice applies only to Paragon and its group companies.
If you are 16 or under you must have permission from a parent or guardian before you give us personal information. If we find that we have received information from you without the appropriate consent, we reserve the right to remove all personal data that you have supplied. You will be able to re-submit the information when you have the required permission
When processing the personal data of our employees, workers and other third parties, Paragon are committed to adhering to the principles relating to processing as set out in the GDPR and other relevant regulations in the jurisdictions that we operate. For further information, please refer to our ‘Employee Data Protection Agreement’.
Your data will be processed under various legal bases based on the specific activity interests for the following purposes:
- Sales of product and services to customers – contractual obligation
- Maintaining our accounts and records – contractual obligation
- To send out service messages – legitimate interests
- Customer analytics and suppression – legitimate interests
- Legal or Enforcement – legal obligation
- For the purposes of security and prevention and detection of crime
- Outward Marketing communications – legitimate interests
- Requests for information, brochures etc. – your consent to allow us to fulfil your request
- Research activity we might undertake is covered by our legitimate interests
Where legitimate interests are relied upon for processing, we will always balance the benefits to you against those of our business to make sure we are compliant with data protection legislation.
We keep the data you give us for differing lengths of time depending on what data it is and the reason for its collection.
- Specific enquiry data – to fulfil the enquiry and for one year afterwards.
- Business/contact data – for the length of the contract plus two years
Your personal information will be stored on secure systems and data centres hosted in the UK and EEA either locally managed by Paragon or by approved managed service providers.
International Transfer
Your personal information will not be stored outside the UK or EEA but could be accessed or viewed by approved suppliers globally, as part of contracted service delivery obligations. Paragon will ensure there are correct safeguards in place, such as (as applicable):
- Data Processing Agreements, including technical and organisational controls.
- International Data Transfer Agreements (IDTAs)
- Binding Corporate Rules for Processors
- Standard Contractual Clauses (SCCs)
Under current legislation and where Paragon is the Data Controller, you have many rights in respect of how we hold and use your data:
Right to be informed
This means that we must inform you how we are going to use your personal data. We do this through this privacy notice and by informing you how your data will be used each time we collect it.
Right to access
You may gain access to a copy of the PII (Personally Identifiable Information) data we hold about you by contacting the Data Protection Officer via post or email as specified.
Right to rectification
If you believe any of the information that we hold about you is incorrect, being misused, or want further information you may contact the Data Protection Officer via post or email as specified.
Restriction of processing
You can contact us and ask us to limit the processing we perform with your data. Please address requests of this nature formally to your contact at the respective Paragon business.
Right to be forgotten
You have the right to ask us to remove your data from all of our systems. If this is the case, where there is no reason not to (such as an outstanding contractual obligation) we will implement your request. In all cases, please address your formal requests to your contact at the respective Paragon business.
Automated decisions and profiling
Automated decision-making will not be used on any data supplied to us. Profiling we undertake on business contacts is based on the size of the company and the industry sector and the job titles of individuals. This may then be used within the marketing communication to make sure anything we send is relevant to you.
Right to data portability
As a data subject, you have the right to have the data that Paragon hold about you transmitted to another Data Controller where technically feasible. Please address requests of this nature formally with your contact at the respective Paragon business.
Right to object
If you wish for Paragon not to process your personal information, please address requests of this nature formally to your contact at the respective Paragon business.
As a business contact, we will be holding, processing your data and contacting you under the Legitimate Interests provision of the General Data Protection Regulation (GDPR) and in line with Privacy and Electronic Communications Regulations (PECR), having undertaken an appropriate balancing assessment. However, if you no longer wish to hear from us, you can always easily opt out in the following ways:
• Unsubscribe from specific communications, for example via email or SMS unsubscribe links,
• Inform your contact at Paragon who will pass your wishes on,
• Contact us using dpo@paragon-cc.co.uk to opt out of any channel,
• Write to us at Data Protection Office, Paragon Customer Communications Ltd, Park House, 16-18 Finsbury Circus, London, EC2M 7EB.
You have the right to complain about the way we have used your data. If this is the case, please contact our Data Protection Officer using the address below. If you are not satisfied with our response, you can also contact the Information Commissioner’s Office on their website - www.ico.org.uk.