Privacy Policy

Hello, thanks for reading our Data Policy.

We want you to know that we take your privacy and the security of the data we hold about you and your customers very seriously and we are committed to doing everything we can in order to protect it. Also, to let you know what we are doing with it, how we manage it and why.

Our Data Policy aims to ensure we have complete transparency across the Jacob Bailey Group and the companies and brands which fall within it. Our policy covers:

  1.  The collection of data
  2.  Usage of data including processing and what we believe to be both Operational purposes and Legitimate Interest
  3.  Management of our Data Policy, who is accountable and how often we review and update our processes, and how we will keep you informed about updates
  4. How we will store your data, for how long and how we will protect it
  5. How you can access your data, update it and request to be removed or restricted from any data processing
  6. How we transfer data within the UK, EU and Overseas. Including working with our US based office
  7. And finally, what the procedure is if there has been a potential data security breach.

Our Data Policy has been written to ensure compliance with all applicable laws including the Data Protection Act 1998, ePrivacy 2002, superseded by the General Data Protection Act 2018 (these are collectively referred to as “data protection laws”).

Our Policy covers all and any information we collect, data provided by you or provided by one of our clients about their customers which may also include you. We do not accept any responsibility for data which you have provided to us that has been processed by a third party outside of our agreed contracted supplier list. Nor do we accept any responsibility for data you provide to another company (outside of the Jacob Bailey Group) which we may link to through our website, white papers, reports or other collateral and documentation.

Jacob Bailey Inc specifically complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  Jacob Bailey Inc has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.


The Jacob Bailey Group is a group of fully integrated and specialist creative business services agencies and consultancies who deliver Data, Technology and Creative projects for companies and brands. We carry out marketing communications, including data processing and management services for a range of clients across all sectors globally. The Jacob Bailey Group comprises:

  • Jacob Bailey Ltd
  • Jacob Bailey Inc
  • 032 Ltd

As well as the trading names/brands:

  • White Space Design
  • Technical Studio
  • Galaxy
  • Halo
  • Pulsar

When we refer to “we’’ or “our’’ “Jacob Bailey” or “the Jacob Bailey Group” we are referring to all and any company or brand listed as a part of the Jacob Bailey Group.

When you or a company you have signed up to chooses to work with Jacob Bailey, we will typically collect data on you both directly, through forms, and indirectly through platforms such as, but not limited to, Facebook, Twitter, LinkedIn as well as through third parties such as, but not limited to, CACI, Experian and approved data warehouses.

The data we are likely to collect will include, but is not limited to:

  • First and Surname
  • Date of birth
  • Email address
  • Address, including postcode
  • Phone and mobile number
  • Job title and seniority
  • Company information including firmographics
  • Sector information
  • Social identifiers
  • Preference data – provided by you at the point of sign up
  • Cookie and behavioural data – based on web and email activity
  • Sales data – including order details and value, transaction date and method Marketing Opt-in data
  • Email communications responses
  • History – full audit trail of data usage for compliance requirements

If we hold data, or are asked to process data for a child under 13, we will hold additional data including but not limited to:

  • Parent or Guardian name and contact information
  • Parental or Guardian consent for marketing communications

Jacob Bailey also collects information about how you use our website, as well as how you use any website or mobile app we have built for a client, or when a client is using our SEO, PPC, Online Advertising, Email Marketing, Web Analytics or other Data Services.

We are committed to the principles of the data regulations and therefore we will only collect and process data which is collected in a lawful and transparent way, and where the company who collected the data can provide sufficient evidence of the method of collection.

In line with the data regulations we will only use the data we collect or are provided by our clients in a lawful way for legitimate and specific purposes.

We will use your personal information for a number of purposes including the following:

Provision of consultancy and marketing services:

  • To provide our services to our clients in line with our contract or Master Services Agreement we have in place
  • To provide you with the most user-friendly online navigation experience for our website or those we are building for our clients
  • Where we, or our client, are providing personalised services, we may analyse the information you supply, as well as your activity on our (and other) services, so that we can offer a more relevant, tailored service
  • We will use your data to target relevant advertising on third party sites and platforms
  • We will use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries, and to determine whether you are accessing the services from the UK or not
  • For analysis and research purposes so that we may improve the services offered by Jacob Bailey or our client. This can include using geo-demographic information from external sources
  • We may also use and disclose information in anonymised format (so that no individuals are identified) for marketing and strategic development purposes as well as data analysis and reporting purposes
  • For direct marketing purposes including (but not limited to), email, mobile, web, post and telemarketing. We may also share your data with email service providers, internet service providers, call centres, printers and mailing houses in order to provide this service to you and our client

We will only use third parties who we have audited to ensure they are fully compliant with the data protection regulations and have sufficient processes and policies in place to protect your data and personal information.

We will also only use data for marketing purposes where there is evidence of a valid opt-in consent to say that you have freely given and indicated you wish to receive such communications.

Operational purposes

In order for our business to operate we will use data we collect for Jacob Bailey clients and supplier companies in the following ways:

  • For Financial and Accounting purposes, including but not limited to, quoting, raising purchase orders, sending statements, discussing payments and invoicing
  • For credit checking purposes
  • For contractual purposes
  • For Human Resource purposes
  • For potential Mergers and Acquisition purchases

As a past, current or prospective client

We consider the following use of your data to be considered “Legitimate Interest” and illustrates ways in which we will use data to provide and enhance our services to you as a client of Jacob Bailey.

  • Contacting you by telephone, mobile, email or post in order to discuss past, current or future projects and opportunities for you to utilise our services
  • Sending to you via email or post, invitations to events, company and services updates, seasonal communications and access to reports and white papers we have produced
  • Connecting with you via LinkedIn and Inmail
  • Connecting with you via social and sharing platforms, with your acceptance
  • Sending files to you via email and file sharing platforms
  • Access to your web analytics
  • Tracking your IP address for web and email analytics
  • Logging your online behaviour via cookies and web analytics
  • Lead scoring information based on data provided by you and behavioural data

Management of data processes and policies

In line with the data regulations we have set out who is both responsible and accountable for privacy and data security within Jacob Bailey.

Our appointed Data Protection Officer, the individual who ensures our policies and processes are followed and enforced is:

  • Neil Prentice – Managing Partner - Marketing

The final point of escalation if any issue is not resolved by the above individuals is:

  • Shaun Bailey – CEO

Operational procedures to protect data

To ensure our employees are aware and comply with data policies we:

  • Have presented and communicated our policies to all employees
  • Have updated the company handbook
  • Have developed an induction procedure for all new employees
  • Have updated employee contracts so any action leading to a breach of data policy will be considered “Gross Misconduct”

Reviewing our policies

We want to keep your data as secure as we can so we will regularly review our processes and policies. We will review and update our policy at least every 12 months and when data regulations are updated.

Keeping you informed and up to date

We want you to know your data is in safe hands, so we will email you to let you know that we are currently storing data and personal information about you if we collect it indirectly.

We will also email you when we update our policy, providing you with a link to view the updated policy on our website.

Data we store on employees

As an employer, we hold personal data on employees including personal information around employment history, contacts and remuneration.

Data will be stored electronically within Microsoft Online and in paper format in locked filing cabinets.

Our CEO, Managing Partners and Operational Team have access to this information along with our approved HR and PAYE suppliers. All access is centrally managed.

Data we store on our clients

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Jacob Bailey. This is typically at least seven years in order to comply with tax and insurance regulations.

Data will be stored in a number of secure environments and details of all suppliers used can be found in Appendix Table A.

Data is only accessible by Jacob Bailey employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any data ceases instantly.

Data we store on behalf of our clients

We will hold data provided to us by clients for processing for as long as required to complete the service, or as long as is set out in our contract or Master Service Agreement. Unless specifically requested by our client we will hold data for a maximum of 12 months after the service we provided is complete.

Data will be stored in a number of secure environments and can be found in Appendix Table B.

All environments are tested and audited to ensure compliance and high levels of security and protection.

Data is only accessible by authorised employees and all access rights are managed and monitored centrally via secure log in and password. On leaving Jacob Bailey all rights and access to any client data ceases instantly.

We want to make it easy for you to be in control of your data.

You have the right to:

  • Access the data we hold on you
  • Ensure the data we have is accurate and up to date
  • Object to us using your data within automated processing or profiling.
  • Restrict how we process/use your data
  • Request the erasure or deletion of the data we hold on you.

Accessing your data

To access the data we hold on you please contact us with the subject “Data Access Request”. Please provide two forms of identification (copies are sufficient) from the following list to prove you are the individual requesting the data:

  • Passport
  • Driving licence
  • Birth certificate
  • Utility bill (from last 3 months)
  • Current vehicle registration document
  • Bank statement (from last 3 months)

We will then contact you with details of how you can access the data we store on you within one month of receiving your request. Details can be found in section 9.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Your initial request will be processed free of charge. However, we will charge a reasonable fee, based on the administrative cost of providing the information, should a request be considered unfounded or excessive, particularly if it is repetitive.

We will also charge a reasonable fee based on the administration time involved to provide further copies of the same information.

Updating your data

If you notice an error in the data we hold on you, or would like us to update our records in any way then please contact us with the subject “Data update request”. We will respond within 1 month. Details can be found in section 9.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Objection to or request to restrict processing

If you would like to object to us processing your data or restrict how we process your data in anyway then please contact us with the subject “Objection/Restriction of processing”. Please outline which processes (which can be found in section 2) that you wish to be removed from in the body of the email. We will respond within one month. Our contact details can found in section 9.

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Deletion of data

If you would like us to delete all data and information we hold on you please contact us with the subject “Delete record”. Our contact details can found in section 9.

Please note that although we fully respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. On receiving your request we will review your request and respond to outline what data we can remove. We will endeavour to respond within 1 month.   

If the data we store is related to a client list rather than our own then we will direct you to the relevant company to authorise and complete your request.

Tracking and auditing your requests

All requests will be tracked and audited and stored in our CRM system.

In order to provide our services we may need to transfer data between:

  • Internally amongst authorised employees
  • Our Group of companies and brands, including our US office
  • With UK clients and suppliers
  • With EU clients and suppliers
  • With International clients and suppliers

All Jacob Bailey employees use OneDrive. All data files are saved in our secure OneDrive and an “internal only” link is sent via email – this ensures that data is not accessible outside of the Jacob Bailey network.

Our US company, Jacob Bailey Inc, is registered with Privacy Shield. The Privacy Shield program certifies that our US company complies with UK and EU data protection laws and therefore we can transfer data between offices in the same way as with our UK locations.

For UK and EU clients and suppliers we provide a secure environment for data to be uploaded. On upload we require a number of questions to be answered to prove the client and supplier has the correct levels of consent and compliance.

For International clients and suppliers, we will audit the companies Data Policy and processes to ensure compliance before we accept or share data.

Non-data file transfer

We often need to transfer large files which are over 10mb, and over most email limits. To ensure we are able to track all communications we will send:

  1. OneDrive link – this is our first preference for file transfer
  2. WeTransfer – if we are unable to use OneDrive.

Jacob Bailey Inc. further commits to resolve complaints about our collection or use of your personal information in compliance with the U.S. Privacy Shield Principles.  EU individuals with enquiries regarding our Privacy Shield policy should first contact Jacob Bailey at: dpo@jacobbaileygroup.com

Jacob Bailey Inc has also committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

In addition, Jacob Bailey Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and would also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  

Under certain conditions, there is the possibility for individuals to invoke binding arbitration.

If we suspect a data breach of any kind we will report it to the Information Commissioner’s Office immediately.

If you suspect a data breach, which you believe may have involved Jacob Bailey and the data we hold on you, please email breach@jacobbaileygroup.com with the subject “Data Breach” and we will respond within 72 hours.

This policy was last updated on: 10th May 2018

This policy will be reviewed on: 25th May 2019

Any questions around our privacy or Data Subject Access Request

Email: dpo@jacobbaileygroup.com

By Post: Attention: Data Protection Officer, Jacob Bailey, One Woodbridge Road, Ipswich, Suffolk, IP4 2EA. UK.

The Supervisory Authority for the UK is the Information Commissioner’s Office. They can be contacted here: https://ico.org.uk/

Supplier Data Collector Data Processor
Adobe Inc tick
Amazon Inc tick
Apple tick
Atlassian PTY Ltd tick tick
Bing tick
Facebook Inc tick tick
Freshdesk tick tick
GitLab tick
Google Inc tick tick
Hotjar Ltd tick tick
JotForm tick tick
Laravel tick
LinkedIn tick tick
Logmein Inc (Lastpass) tick tick
Mailchimp tick tick
MailGun tick tick
Melbek Technology tick tick
Microsoft Inc tick tick
Paypal tick tick
Pixel & Tonic Inc (Craft) tick tick
SharpSpring Inc tick tick
Shopify tick tick
Sophos Group Plc tick tick
Stripe tick tick
Trustico tick
Twitter tick tick
WeTransfer tick
Supplier Data Collector Data Processor
Adobe Inc tick
Amazon Inc tick
Apple tick
Atlassian PTY Ltd tick tick
Facebook Inc tick tick
Freshdesk tick tick
GitLab tick
Google Inc tick tick
Hotjar Ltd tick tick
JotForm tick tick
Laravel tick
LinkedIn tick tick
Logmein Inc (Lastpass) tick tick
Mailchimp tick tick
MailGun tick tick
Melbek Technology tick tick
Microsoft Inc tick tick
Paypal tick tick
Pixel & Tonic Inc (Craft) tick tick
SharpSpring Inc tick tick
Shopify tick tick
Sophos Group Plc tick tick
Stripe tick tick
Trustico tick tick
Twitter tick
WeTransfer tick