fbpx

Privacy Policy.

Neptik – Privacy Notice

Section 1 – Introduction

Neptik is a business to business (B2B) digital marketing company specialising in lead generation. Neptik works on behalf of clients, contacting existing and prospective customers, using various channels, to create leads who may be interested in our clients’ products and services. We are committed to the secure and compliant handling of all personal data.

We are the Controllers of your personal data unless stated otherwise. 

We have appointed a Data Protection Officer who you can reach at dpo@neptik.com 

This Privacy Notice will tell you about the personal information we collect about you and what we do with it.

Section 2 – Whose personal data we process

The information we collect and process about you will depend on the relationship we have with you as a data subject. Please identify which of the following applies to you and review the relevant section to understand how we process your personal data:

  • Potential clients and site visitors– These are individuals who may have an interest in Neptik products and services, including:
    • Individuals who we have identified as potential leads for our own products and services and reached out to by email or social media
    • Visitors to our site
    • Individuals who have interacted with us on social media, online and at events
  • Clients – These are individuals who work for organisations which have entered into an agreement for us to provide Neptik products and services to them. 
  • Suppliers, vendors and business partners – These are contacts at organisations who supply Neptik with products and services or act as our business partners. 
  • Leads and potential leads for our clients – These are individuals who we have reached out to by email or social media, on behalf of our clients, because they may be interested in our client’s services and products.

Generic information applicable to all individuals about data subject rights, retention periods, transfers of personal data, complaints and how to contact us, can be found from Section 7 onwards.

Section 3 – Potential clients and site visitors

If you are a Potential customer or site visitor, as detailed in Section 2, we may process the following personal information about you:

  • Title
  • Names
  • Contact details
  • Job title
  • Location
  • Employment information
  • Company details
  • Social media profiles, including personal information you have shared on your profile
  • Marketing preferences
  • Cookies (see separate Cookies Notice)
  • Information, including metadata, about your device, system, applications and software.
  • Details about your interactions with us, our site, our blog and our social media pages.

We do not process any special categories of data about potential clients, clients or site visitors.

We source this personal data directly from you and/or your systems during your interactions with us. We may also collect information about you from public sources, such as social media profiles or company directories. We may also buy data from reputable sources who comply with data protection laws.

The table below outlines the reasons we process this personal data and the legal basis we rely upon. Where the legal basis is legitimate interests, we have also included information about the legitimate interests pursued.

Reasons we process personal data

Legal Basis

Lead generation activities

Legitimate interests (of raising our brand profile and generating demand for our business services)

Marketing, advertising and promoting our business, including blogs, newsletters and subscriptions 

Legitimate interests (of raising our brand profile and generating demand for our business services)

Event hosting and management

Legitimate interests (of event management)

Running general business operations including, systems management, administration, research, development, financial management, analysis, insurance, training, fraud prevention, security, risk management, governance, legal and regulatory obligations

Legitimate interests (of managing our business)

Legal obligations where appropriate

Social media interaction and engagement

Legitimate interests (of monitoring the effectiveness or our online presence and generating demand for our business services)

Website management

Legitimate interests (of managing our website and its performance).

Consent where required (such as for the use of non-essential Cookies)

Relationship management, including complaints

Legitimate interests (managing our relationship with potential customers or site visitors)

There will be instances when, in order to fulfil the above purposes, we give access to or share personal data with the following categories of recipients:

  •  Group companies and subsidiaries
  •  Business partners and affiliates
  •  Vendors, service or software providers, suppliers and subcontractors
  •  Regulators, law enforcement agencies and authorities where there is a legal basis or obligation to share this information
  • Prospective buyer of business or assets, along with its professional advisors

All data will be shared securely and with the right contractual measures to ensure that your personal information is protected. 

Section 4 – Clients

If you are a Neptik Client, as detailed in Section 2, we may process the following personal information about you:

  • Title
  • Names
  • Contact details
  • Username and credentials
  • Job title
  • Location
  • Employment information
  • Company details
  • Social media profiles, including personal information you have shared on your profile
  • Marketing preferences
  • Information about your use of our services
  • Business credit check data
  • Financial and billing details
  • Cookies (see separate Cookies Notice)
  • Information, including metadata, about your device, system, applications and software.
  • Details about your interactions with us, our site, our social media profiles.

We do not process any special categories of data about Clients.

We source this personal data directly from you, your employer and/or your systems during your interactions with us. We may also collect information about you from public sources, such as social media profiles or company directories. We may also buy data from reputable sources who comply with data protection laws.

The table below outlines the reasons we process this personal data and the legal basis we rely upon. Where the legal basis is legitimate interests, we have also included information about the legitimate interests pursued.

Reasons we process personal data

Legal Basis

Business relationship management, including customer service, complaints handling and satisfaction surveys

Performance of a contract

Contract Management, including entering into a contract, creditworthiness checks, billing, managing payments and contract termination

Performance of a contract

Running general business operations including, systems management, administration, research, development, financial management, analysis, insurance, training, fraud prevention, security, risk management, governance, legal and regulatory obligations

Legitimate interests (of managing our business)

Legal obligations

Product management, analysis, research, development and improvement

Legitimate interests (of developing, maintaining and improving our products and services)

User account management

Performance of a contract

Marketing, advertising and promoting our business, including blogs, newsletters and subscriptions

Legitimate interests (of raising our brand profile and maintaining demand for our business services)

Event hosting and management

Legitimate interests (of event management)

Social media interaction and engagement

Legitimate interests (of monitoring the effectiveness or our online presence and generating demand for our business services)

Website management

Legitimate interests (of managing our website and its performance).

Consent where required (such as for the use of non-essential Cookies)

There will be instances when, in order to fulfil the above purposes, we give access to or share personal data with the following categories of recipients:

  •  Group companies and subsidiaries
  •  Business partners and affiliates
  •  Vendors, service or software providers, suppliers and subcontractors
  •  Regulators, law enforcement agencies and authorities where there is a legal basis or obligation to share this information
  • Prospective buyer of business or assets, along with its professional advisors

All data will be shared securely and with the right contractual measures to ensure that your personal information is protected. 

Section 5 – Suppliers, vendors and business partners

If you are a Supplier, vendor or business partner, as detailed in Section 2, we may process the following personal information about you:

  • Title
  • Names
  • Contact details
  • Job title
  • Company details
  • Business credit check data
  • Financial details
  • Social media profiles, including personal information you have shared

We do not process any special categories of data about Suppliers, vendors and business partners.

We source this personal data directly from you during your interactions with us. We may also collect information about you from public sources, such as social media profiles or company directories.

The table below outlines the reasons we process this personal data and the legal basis we rely upon. Where the legal basis is legitimate interests, we have also included information about the legitimate interests pursued.

Reasons we process personal data

Legal Basis

To manage the relationship with, and the provision of service from, the supplier, vendor or business partner, including payment and creditworthiness.

Performance of a contract

Business operations and systems management, administration, research, development, financial management, analysis, insurance, training, fraud prevention, security, risk management, governance, legal and regulatory obligations

Legitimate interests (of managing our business)

Legal obligations

There will be instances when, in order to fulfil the above purposes, we give access to or share personal data with the following categories of recipients:

  •  Group companies and subsidiaries
  •  Business partners and affiliates
  •  Vendors, service or software providers, suppliers and subcontractors
  •  Regulators, law enforcement agencies and authorities where there is a legal basis or obligation to share this information
  • Prospective buyer of business or assets, along with its professional advisors

All data will be shared securely and with the right contractual measures to ensure that your personal information is protected. 

Section 6 – Leads and Potential for Clients’ Services

Businesses engage Neptik to identify leads and potential leads for their products and services. If you are reading this section, it is likely that you have received an email we have sent to you, on behalf of our client, and you have been directed here from their Privacy Notice.

When we are working with our clients (other B2B businesses) to identify business leads for their services, we act as Joint Controller together with our client because we determine the purposes and means of processing data together. 

Neptik’s role is to identify potential customers who may be interested in Client’s services and then contact them on their behalf. If you don’t wish to be contacted by our Client, there is an opt-out option on every email we send. You can also email dpo@neptik.com at any time if you wish to opt-out of marketing from Neptik.

If you show an interest in our Client’s products or services, we will share your details with our client so they can establish a relationship with you directly. At this point, the Joint Controllership will end and our client will be the Data Controller. You should refer to their Privacy Notice for further information about how they process your data after we have shared your information with them.

As Joint Controllers we may process the following personal information about you:

  • Title
  • Names
  • Contact details
  • Company information and publicly available information
  • Industry
  • Job Title
  • Social Media Profiles including personal information you have shared
  • Location area 

We do not process any special categories of data about Leads and Potential for Clients’ Services.

We source this personal data about you from public sources, such as social media profiles or company directories.We may also buy data from reputable sources who comply with data protection laws.

The table below outlines the reasons we and our Joint Controller client process this personal data and the legal basis we both rely upon. Where the legal basis is legitimate interests, we have also included information about the legitimate interests pursued.

Reasons we process personal data

Legal Basis – Neptik

Legal Basis Neptik Client

Identifying potential B2B leads for client’s products and services

Legitimate interests (of providing our business services)

Legitimate interests (of raising their brand profile and generating demand for their business services)

Managing email campaigns to potential leads to establish interest in our client’s products and services. 

Legitimate interests (of providing our business services)

Legitimate interests (of raising their brand profile and generating demand for their business services)

Sharing established leads with our clients

Legitimate interests (of providing our business services)

Legitimate interests (of raising their brand profile and generating demand for their business services)

Business operations and systems management, administration, research, development, financial management, analysis, insurance, training, fraud prevention, security, risk management, governance, legal and regulatory obligations

Legitimate interests (of managing our business)

Legal obligations

See Client’s Privacy Notice available in all communication sent to you.

There will be instances when, in order to fulfil the above purposes, we give access to or share personal data with the following categories of recipients:

  •  Group companies and subsidiaries
  •  Business partners and affiliates
  •  Vendors, service or software providers, suppliers and subcontractors
  •  Regulators, law enforcement agencies and authorities where there is a legal basis or obligation to share this information
  • Prospective buyer of business or assets, along with its professional advisors

All data will be shared securely and with the right contractual measures to ensure that your personal information is protected. 

As we are Joint Controllers with our client, you are entitled to exercise your data protection rights with either of us. To exercise your rights directly with Neptik, see Section 9. If you want to exercise your rights with our client or find out more about the processing they undertake once you have confirmed your interest in their services, please see the Privacy notice on their website.

Section 7 – Data Retention

As Controllers, Neptik keeps personal data only for as long as it is needed to achieve the purposes for which it was collected as outlined in this Privacy Notice. We will also keep data when we are required to do so by law. As a general principle, we keep personal data for the shortest time possible. 

As Joint controllers, once we have finished managing our clients campaign Neptik will retain records for audit purposes for up to 5 years.

Section 8 – Transfers of personal data outside the UK and European Economic Area [EEA]

Wherever possible Neptik processes data received within the UK and EEA. However, we may sometimes engage service, system or software providers outside the UK or EEA, for processing, storage, administration or any other purpose stated in this notice.

At present Neptik uses data processors located in the USA and India. When Neptik need to transfer to a countries such as these, that do not provide an equivalent level of data protection as the UK and EU, Neptik will ensure that one of the following safeguards applies:

  • EU Standard Contractual Clauses for data subject to EU data protection law
  • International Data Transfer Agreements or ‘International Data Transfer Addendum to the EU Commission Standard Contractual Clauses’ for data subject to UK data protection law.
  • Binding corporate rules approved by a competent supervisory authority are in place.

Section 9 – Your rights

Under UK and EU data protection law you have a number of rights concerning your personal data. You can exercise these rights by contacting dpo@neptik.com. We will take reasonable steps to verify your identity and, in general, will complete your request within 30 days or sooner. We will let you know if we need to take a bit longer. Your rights are as follows:

    • Right of access – You have the right to obtain confirmation of whether we are processing personal data about you, If we process personal data about you, you are entitled to request information about that processing and obtain a copy of the personal information we hold about you.
    • Right to be informed – You have the right to be informed about the collection and use of your personal data.
    • Right to erasure – You have the right to request that your data is deleted.
    • Right to rectification – You have the right to request that your data is corrected when out of date or incorrect.
    • Right to restriction – You have the right to restrict the processing taking place on your personal data.
    • Right to object to processing- You have the right object to processing when the processing, including profiling, is done under legitimate interests.
    • Right to object to marketing – You have the right to object to marketing, when you don’t want us to send you marketing information.
    • Right to portability –You have the right to ask us to send you (or an organisation of your choice) a copy of your data in machine readable format, if processing is based on consent or performance of a contract.
  • Right to withdraw consent – You have the right to withdraw consent to processing.
  • Right to complain – You have the right to complain to a data protection regulator if you aren’t happy with our use or management of your personal data.
  • Automated decision making rights -You have the right to not to be subject to a decision that is based solely on automated processing, if the decision affects your legal rights or other equally important matters. When automated decision making of this type is made about you, you have the right to understand the reasons behind decisions made about you and the possible consequences of the decisions. You also have the right to have the decision reviewed by a human if you disagree with the outcome. Neptik does not undertake automated decision making of this nature.

Please be aware that not all rights are absolute and there will be certain situations in which we are unable to fulfil the above rights. In all cases we will provide you with a prompt response and a full explanation of our decision.

Section 10 – Complaints

If you are unhappy about the way your personal information has been managed by Neptik, please contact us by emailing our Data Protection Officer at dpo@neptik.com.

If you are not happy with the outcome of your complaint, and you are based in the UK or EEA, you have the right to complain to a data protection regulator, sometimes called a Supervisory Authority.

If you are in the UK, you can complain to the UK’s Supervisory Authority the Information Commissioner’s Office (ICO) by visiting their website at www.ico.org.uk

If you are in the EU, you can complain to your local EU Supervisory Authority. You can find details of EU Supervisory Authorities at https://edpb.europa.eu/about-edpb/about-edpb/members_en

Section 11 – Contact us

For questions about data protection and privacy matters, please contact our Data Protection Officer at dpo@neptik.com

For more information about Neptik, please contact hello@Neptik.com

Section 12 – Changes to this Privacy Notice

We will sometimes update this Privacy Notice to reflect new laws, regulations or processing activities.

It was last updated on 19th January 2024.