Privacy Policy for Blend Data Strategy Ltd
Effective Date: 30th October 2024
1. Introduction and Scope
Blend Data Strategy Ltd ("Blend," "we," "us," or "our") respects the privacy of individuals and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and protect data in compliance with the UK General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988.
Blend operates as both a Data Controller and Data Processor, depending on the nature of the engagement:
Data Controller: When Blend collects data for its own business purposes, such as through our website, CRM systems, and marketing activities.
Data Processor: When handling client data in the context of projects or services, processing data solely on behalf of and under the instructions of the client.
Joint Controller Roles: In specific cases where Blend jointly determines data handling processes or outcomes with the client, Blend may act as a Joint Controller alongside the client. In such projects, Blend and the client share compliance responsibility as outlined in the Terms of Service, and roles are documented in a separate agreement.
Please refer to our Website Terms and Conditions and Terms of Service for additional information about our roles and responsibilities.
2. Data Controller Activities
This section applies when Blend collects and processes personal data for its own business purposes, such as through interactions on our website, marketing activities, and CRM management.
2.1 Types of Data Collected
Contact Information: Name, email address, phone number, and company details collected via our website forms, CRM, or direct client communications.
Usage Data: Information about how visitors interact with our website, such as IP address, browser type, and browsing patterns, collected via tools like Google Analytics and Microsoft Clarity.
Marketing Data: Information provided voluntarily for marketing purposes, including newsletter sign-ups, event registrations, and feedback forms.
2.2 Legal Basis for Processing
Consent: For marketing communications and any other data usage where consent is explicitly required.
Legitimate Interests: For CRM management, website analytics, business communications, and improving user experience.
Contractual Necessity: For handling enquiries or pre-contractual communications requested by the Client.
2.3 Your Rights as a Data Subject
Under GDPR and the Australian Privacy Act, you have the right to:
Access: Request access to the personal data we hold about you.
Correction: Correct inaccurate or incomplete data.
Deletion: Request deletion of your data, subject to legal and contractual retention requirements.
Object: Object to the processing of your data based on legitimate interests.
Withdraw Consent: Withdraw consent for marketing communications at any time by contacting us at info@blend-datastrategy.com.
2.4 Retention and Security
Retention: We retain data as long as necessary to fulfil business purposes or as required by law.
Security Measures: Data under our control is protected by industry-standard security measures, including encryption, access controls, and regular security audits.
3. Data Processor Activities
This section applies when Blend processes data on behalf of a client, following the instructions provided by the client. In these engagements, the client is the Data Controller, and Blend acts as a Data Processor.
3.1 Purpose and Scope
As a Data Processor, Blend processes data only as instructed by the client. This typically involves activities like data analysis, data pipeline management, and providing insights based on client data. Blend does not have control over the data’s purposes, use, or disclosure.
3.2 Types of Data Handled
Data handled in this capacity varies based on client needs and may include:
Business Data: Data lakes, data warehouses, and analytics data specific to client operations.
Structured and Unstructured Data: Including but not limited to customer records, financial data, and business intelligence information shared by the client.
3.3 Client Responsibilities for Data Security and Accuracy
Data Transfer Security: The client is responsible for ensuring secure data transfer to Blend, including using encryption and secure file-sharing protocols.
Data Accuracy: The client must verify the accuracy, quality, and completeness of all data provided to Blend. Blend processes data as received and assumes no responsibility for verifying its accuracy.
Sign-Off and Verification: Clients are required to review, approve, and sign off on all proposed methods and data outputs before any business use.
3.4 Data Protection and Confidentiality
Confidentiality: Blend maintains strict confidentiality measures, including role-based access controls, to ensure that only authorised personnel can access client data.
Data Protection by Design: We apply security protocols such as encryption, data segmentation, and secure storage to ensure data is processed securely and in compliance with regulatory standards.
Audit Rights: Clients have the right to request a compliance check or audit, provided it is pre-arranged, limited in scope, and conducted in a manner that does not disrupt our operations.
3.5 Data Breach Notification
In the event of a data breach affecting client data, Blend will promptly notify the client as required under GDPR and the Australian Privacy Act. The client, as Data Controller, is responsible for notifying affected individuals if required.
4. International Data Transfers
Blend operates in the UK and Australia and may transfer data internationally for processing purposes. We use appropriate safeguards, such as Standard Contractual Clauses or other GDPR-compliant mechanisms, to protect personal data during international transfers.
5. Cookies and Tracking Technologies
For details on how we use cookies and tracking technologies on our website, please refer to our Cookie Policy. Blend uses tools like Google Analytics, Microsoft Clarity, and Facebook Pixel for analytics, with user consent where applicable.
6. Analytics and Tracking Technologies
Blend uses certain third-party tools to monitor website performance, enhance user experience, and support marketing activities. These tools collect data on website traffic, user behaviour, and engagement, which Blend uses to improve its services. The following tools are part of Blend’s website stack as of 30th October 2024:
Google Analytics GA4: Collects anonymous usage data, such as page views, interaction times, and geographical data, helping us understand website performance and user engagement.
Microsoft Clarity: Records user interactions on our Site to gain insights into website usage patterns and optimise user experience.
Facebook Pixel: Tracks visitor behaviour for marketing and retargeting purposes, enabling us to deliver targeted advertising to users who have previously visited our Site.
Google Tag Manager: Manages and implements various tracking scripts and tags across our website, streamlining analytics integration without affecting user experience.
User Rights and Control
Users can control their preferences regarding these tracking technologies via our Cookie Policy, which explains how to disable cookies or adjust settings. For detailed information on the data practices of these third-party tools, users may refer to each provider’s Privacy Policy.
Future Changes to Technology Stack
Blend may update or modify these tools periodically to enhance website functionality. All changes to tracking tools will be reflected in the Cookie Policy and, where appropriate, in this Privacy Policy.
7. Changes to the Privacy Policy
Blend may update this Privacy Policy periodically to reflect changes in data practices, legal requirements, or business needs. Any significant changes will be communicated via a notice on our Site or through direct communication with clients.
8. Contact Information
For questions, concerns, or to exercise your data rights, please contact us at:
Address: 2 Middleton Rd, Royton, Oldham, England, OL2 5PA
Or via the contact form below