SalesMethods Limited respects and is committed to protecting your privacy. We aim to maintain consistently high standards in our use and storage of your personal data, and endeavour to comply with the Data Protection Act 1998, the EU General Data Protection Regulation (GDPR) and other relevant legislation.
To reflect changes in privacy laws, this updated Privacy Notice aims to clearly inform you of how we use your personal data, how we ensure it is kept secure and your choices about its use. We hope this can help you to make informed decisions when using our websites or other services we provide.
In this Notice, references to “we”, “us” and “our” refer to SalesMethods Limited. Personal data, as defined by the GDPR, means any information which relates to a living individual who can be identified, either directly or indirectly, from this information. For example, your name, email address, postal address, telephone number and other personal details.
From time to time we will update this Privacy Notice, so encourage you to refer to this page regularly. If significant changes are made we will endeavour to notify you.
Our contact details
If you have any questions about this Privacy Notice you can contact us in the following ways:
Write to us: Data Protection Officer, SalesMethods,59 Charlotte Street, London W1T 4PE.
Call us: 020 7837 0001 (and ask for the Data Protection Officer)
Email our Data Protection Officer: firstname.lastname@example.org
SalesMethods’ registered office is: SalesMethods, Whiteacres, Cambridge Road, Whetstone, Leicestershire LE8 6ZG
Registered in England and Wales under the company number: 06576679.
VAT registration number is GB 942191528.
Why do we collect and process personal data?
The processing of personal data is required to engage with customers, potential customers, suppliers, business partners and our own staff.
Collection of your personal data
We collect personal data from you when you enquire about or request a product or service directly from us. For example, you will provide personal data to us when you:
- Take a test drive, watch a demonstration or download an application from the Salesforce.com AppExchange.
- Register on our website.
- Join online forums.
- Apply for a job.
- Sign up for a digital product or service.
- Register to attend a conference or event.
- Request a newsletter/bulletin.
The information we routinely collect will include your contact details (e.g. name, email address, phone number and postal address).
When you register to attend one of our events, we may also collect details about your dietary and accessibility requirements. We only collect this information with your explicit consent and will only use it for the purposes of your attendance at the event.
When you visit our websites
You can also adjust your cookie settings by clicking Change my cookie settings.
When you visit the Salesforce.com AppExchange
When you visit the Salesforce.com AppExchange you will receive a “pop-up” notice asking you to supply your contact information and that you agree to share this information with SalesMethods. If you do not wish for SalesMethods to contact you, you can select that option.
From other organisations or publicly available sources
We sometimes combine information we have collected from our websites or other sources, with information received from other organisations. This is used to enhance the content and relevance of the information we provide to you.
We may also research publicly available sources (e.g. websites and LinkedIn) and use external suppliers, to identify business contacts who are likely to be interested in the products and services we have to offer. We will only collect the minimal amount of information required for this purpose (e.g. name, job title, company and contact details) and when we contact you we will always provide you with an easy way to object to us continuing to retain your personal data.
The lawful bases we rely on
Under the GDPR there are six lawful bases under which organisations can collect, use and store personal data. We have identified four which we rely upon for our business activities: Consent, Contractual, Legitimate Interests and Legal Obligation.
Contractual – in many circumstances we rely on the lawful basis of “performance of a contract”, this enables us to respond to you when you express an interest in our products and services and to fulfil any requests.
Consent – in some circumstances we rely on your specific consent, whereby you actively agree and “opt-in”. We will always make it clear how you can withdraw you consent at any time.
Legal Obligation – there will be circumstances under which we are legally obliged to hold your personal data or required to disclose it to a third party by law.
Legitimate Interests – for some of our activities we rely on our legitimate business interests to collect and use your personal data. In such cases, we have balanced our interests with yours and do not believe these activities will have a negative impact on your privacy rights and freedoms. We specifically rely on Legitimate Interests to:
- Send you marketing communications about our products and services.
- Personalise the marketing content we provide you.
- Undertake business sales and advertising activities.
- Research publicly available business contact details.
If you wish to object to our reliance on Legitimate Interests for any other purpose, please use our contact details.
How we use your personal data
Fulfilment of a service
We will use your personal data for the purposes of fulfilling a product or service you have requested, which includes:
- Responding to your enquiries about our products and services.
- Fulfilling your requests and delivery of a product or service.
- Administering your account.
- Sending you specific service or transactional communications about a product or service.
- Delivering business services.
When we collect your personal data, we will include a specific notice to inform you and give you choices about future direct marketing communications from us.
We will only send you direct marketing communications when you have either:
- Provided your consent (e.g. ticked a box or clicked a “button” to submit a form).
- Where we believe we can demonstrate a legitimate business interest and have balanced this with your interests and privacy.
It is always your choice and you can stop receiving direct marketing communications from us at any time. We will provide a clear and easy way to do this on any communication you receive.
For electronic marketing communications (via email) we adhere to the rules of the Privacy and Electronic Communications Regulations (PECR).
Personalise marketing content
We want to ensure our marketing communications are of interest to you. We therefore use the information we know about you to tailor our messages to be more relevant. We will use details such as previous transactional history and site usage to try and do this.
How to stop receiving marketing communications
We don’t want to send you marketing or other communications if you do not want to receive them. You can stop receiving these messages from us at any time as there will always be an unsubscribe link on any marketing email you receive from us.
If you wish to contact us directly about marketing communications you are receiving, please e-mail email@example.com
Sharing your personal data
We may share your personal data with other organisations, as specifically approved by you or under the circumstances described below.
We may need to disclose your personal data to comply with any legal obligation. These requests will be verified before we consider sharing your details.
Changes to our company
In the event we go through a business transition such as a merger or acquisition by another company your personal data may be among the assets transferred.
Under data protection law you have several rights. These are aimed at giving you control about how your personal data is used by us.
To exercise any right, object to direct marketing, are unhappy with the way we have collected and are using your personal data please inform us by e-mail at firstname.lastname@example.org.
If you are concerned with the way we have handled your personal data, you have the right to complain to a supervisory authority. In the UK this is the Information Commissioner’s Office.
Access your personal data
You can request a copy of the personal data we may hold relating to you, and the purposes for which we are using it. This is known as a Subject Access Request. In responding to such a request, we will ask for proof of your identity to ensure we do not inadvertently send your personal data to another person. We will endeavour to respond to any such requests as soon as possible, but at least within one calendar month. Please contact us by e-mail at email@example.com.
Amend your personal data
If you discover or believe the personal data, we hold for you is out of date or incorrect please let us know and we will rectify this as soon as possible. Please contact us by e-mail at firstname.lastname@example.org.
Delete your personal data
If you wish for your personal data to be deleted, we aim to do so within one working week, provided that there is no overriding reason to retain the information. We will respond before doing so though to ensure it was you that requested the deletion. Please contact us by e-mail at email@example.com.
The law also provides other data subject rights, including the right to portability of your personal data, the right to object to direct marketing, and the right to restrict the processing of your personal data in certain circumstances.
Some of the rights above are subject to limits and exemptions, which may mean we do not have to comply with a request made by you. If that is the case, we will let you know and provide reasons for not complying with your request.
Keeping your data secure
Ensuring your personal data is kept and transferred securely is of the highest importance to us.
We hold your personal data on our secure CRM platform and when appropriate on secure third party e-mailing platforms.
Your personal data may be transferred to a country outside the European Economic Area (EEA). This may be required for the purposes of our staff based outside the EEA or where a supplier of a service is based outside the EEA. We will take all reasonable steps necessary to ensure your personal data is treated securely. This includes the use of Binding Corporate Rules and Model Contractual Arrangements as approved by the European Commission, and the EU-US Privacy Shield.
How we keep your personal data secure
We are committed to protecting the security of the personal data we hold. We deploy appropriate technical and organisational measures to ensure your personal data is kept securely and to prevent any unauthorised access. We have robust procedures and features in place to prevent such unauthorised access.
We also require any parties to whom we transfer personal data to ensure they have appropriate security measures in place.
How long do we keep your personal data?
We hold personal data for a variety of different purposes and the length of time we keep your information for will vary depending on the products and services we are providing to you. We will only keep your personal data for a reasonable period and we base this on the purpose for which we are using it.
There will be circumstances in which we keep a strictly minimal amount of information about you, for example to ensure we can honour an objection to receiving direct marketing. We will also, in specific circumstances, be required to retain personal data for a longer period for contractual or legal reasons.
We have an annual schedule for ensuring we do not hold your personal data for longer than we justifiably need it. Namely we will e-mail you annually to ask if you no longer wish us to keep your personal data and to make sure the data we keep is still relevant. To learn more please e-mail us at firstname.lastname@example.org.
Reporting security vulnerabilities
We are committed to the privacy, safety and security of our customers. If you discover a potential security vulnerability, we would ask you to please report it just to us in a responsible manner. Please email us at email@example.com and we will respond to you as soon as possible. This provides us with an opportunity to work with you and quickly address and resolve any issue. Publicly disclosing a potential vulnerability could put the wider community at risk, and therefore we encourage you to come to us first. We’ll keep you informed as we move forward with our investigations.
Aims and commitments
SalesMethods takes seriously its responsibilities under data privacy legislation. It recognises that the mishandling of an individual’s personal data may cause them distress or put them at risk of identity fraud. As a result, it is committed to:
- Complying fully with data privacy legislation.
- Where practicable, adhering to good practice, as issued by the ICO or other appropriate bodies.
- Handling an individual’s personal data in a careful and considerate manner that recognises the importance of such information to their privacy and welfare.
SalesMethods seeks to achieve these aims by:
- Ensuring that staff and other individuals who process data for SalesMethods purposes are made aware of their individual responsibilities under data privacy legislation and how these apply to their areas of work. For example, employment contracts include a clause drawing the attention of the employee to data privacy legislation and the SalesMethods’ data protection policy.
- Providing suitable training, guidance and advice.
- Incorporating data privacy requirements into administrative procedures where these involve the processing of personal data, particularly in relation to major information systems (the concept of ‘privacy by design’);
- Operating a centrally coordinated procedure (to ensure consistency) for the processing of subject access and other rights-based requests made by individuals; and
- Investigating promptly any suspected breach of data privacy legislation; reporting it, where necessary, to the ICO; and seeking to learn any lessons from the incident to reduce the risk of reoccurrence.
Roles and responsibilities
The SalesMethods Board of Executives
The Board have executive responsibility for ensuring that SalesMethods complies with data privacy legislation and which is responsible for keeping under review SalesMethods’ policies and compliance with legislation and regulatory requirements.
Data Protection Officer (DPO)
The DPO is responsible for monitoring internal compliance, advising on SalesMethods’ data protection obligations and acting as a point of contact for individuals and the ICO. Specifically, the DPO is responsible for;
- Establishing and maintaining policies and procedures at a central level to facilitate SalesMethods’ compliance with data privacy legislation;
- Establishing and maintaining guidance and training materials on data privacy legislation and specific compliance issues;
- Supporting privacy by design and privacy impact assessments;
- Responding to requests for advice;
- Coordinating a SalesMethods-wide register exercise to capture the full range of processing that is carried out;
- Complying with subject access and other rights-based requests made by individuals for copies of their personal data;
- Investigating and responding to complaints regarding data privacy (including requests to cease the processing of personal data); and
- Keeping records of personal data breaches, notifying the ICO of any significant breaches and responding to any requests that it may make for further information.
In fulfilling these responsibilities, the DPO may also involve, and draw on support from, representatives from the Chief Information Officer, Chief Sales Officer and marketing team.
Heads of department (CEO, CSO, CIO)
Heads of Department are responsible for ensuring that the processing of personal data in their department conforms to the requirements of data privacy legislation and this policy. They must ensure that:
- New and existing staff, visitors or third parties associated with the Department who are likely to process personal data are aware of their responsibilities under data privacy legislation. This includes drawing the attention of staff to the requirements of this policy, ensuring that staff who have responsibility for handling personal data are provided with adequate training and, where appropriate, ensuring that job descriptions for members of staff or agreements with relevant third parties reference data privacy responsibilities.
- Adequate records of processing activities are kept (for example, by undertaking register exercises);
- Data protection requirements are embedded into systems and processes by adopting a ‘privacy by design’ approach and undertaking privacy impact assessments where appropriate;
- Privacy notices are provided where data is collected directly from individuals or where data is used in non-standard ways;
- Data sharing is conducted in accordance with this Privacy Notice;
- Requests from the Information Compliance Team for information are complied with promptly;
- Data privacy risks are included in the department’s risk management framework and considered by senior management on a regular basis; and
- Departmental policies and procedures are adopted where appropriate.
Others processing personal data for a SalesMethods purpose e.g. Staff and contractors / Business Associates
Anyone who processes personal data for a SalesMethods purpose is individually responsible for complying with data privacy legislation, this policy and any other policy, guidance, procedures, and/or training introduced by SalesMethods to comply with data privacy legislation. In summary, they must ensure that they:
- Only use personal data in ways people would expect and for the purposes for which it was collected;
- Use a minimum amount of personal data and only hold it for as long as is strictly necessary;
- Keep personal data up-to-date;
- Keep personal data secure, in accordance with SalesMethods’ Information Security Policy;
- Do not disclose personal data to unauthorised persons, whether inside or outside the SalesMethods;
- Complete relevant training as required;
- Report promptly any suspected breaches of data privacy legislation, in accordance with the procedure in section 6 below, and following any recommended next steps;
- Seek advice from the DPO where they are unsure how to comply with data privacy legislation; and
- Promptly respond to any requests from the DPO in connection with subject access and other rights-based requests and complaints (and forward any such requests that are received directly to the DPO promptly).