We are Surf Marketing Ltd T/A PushSend – providing B2B lead generation services to our global client base. We are a technology company that processes publicly available data to identify sales prospects for our clients. Your privacy is important to us, and we take our responsibilities seriously, always responding quickly and courteously to any request. You can contact us using the details below:

By email to our Data Protection Officer: richard@pushsend.co

Our GDPR Policy

We are committed to safeguarding the privacy and accuracy of the personal data of our website visitors, service users and email recipients.

This policy applies where we are acting as a Controller with respect to the personal data of our website visitors, service users, email recipients and personal data collected from public sources; in other words, where we determine the purposes and means of the processing of that personal data.

This policy also applies where we determine the purpose and means of the processing jointly with our clients and other companies, or where we are acting as a Processor, working on behalf of our clients to process data as required by them. In this policy, "We", "Us" and "Our" refer to PushSend Ltd.

Any reference to a Data Subject means a natural person whose personal data is processed by us as a Data Controller, Joint Controller or as a Data Processor, in other words, you.

Any reference to the GDPR applies to both the UK GDPR and EU GDPR. Likewise, any reference to EU countries will also apply to the UK. This will remain the case so long as the UK is subject to an adequacy decision by the EU. Should there be a conflict between the two, the version that grants data subjects the greatest protection will apply.

How We Use Your Personal Data

We want to be clear with you about how we use your data, so in this section we talk about the general categories of personal data that we may process and, in the case of personal data that we did not obtain directly from you, we'll tell you where we got your data and the purposes for which we may process your data; finally, and very importantly, we'll explain the legal bases of the processing which applies to us and you.

The General Categories of Personal Data That We May Process:

Usage Data. We may process data about your use of our website and services ("Usage Data"). The Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the Usage Data is Google Analytics as well as our analytics tracking system. This Usage Data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services, and tailoring any communication with you.

Account Data. We may process your Account Data ("Account Data"). The Account Data may include your name, email address, company information, and other contact and related information we may collect about you. The source of the Account Data is generally you or your employer. The Account Data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us [or your employer] and/or taking steps, at your request, to enter into such a contract.

Service Data. We may process your personal data that are provided in the course of the use of our services ("Service Data"). The Service Data may include name, email address, telephone number, and other related information. The source of the Service Data is you or your employer. The Service Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Prospect Data. We may process information found on public business directories, professional networking platforms, and other publicly available sources ("Prospect Data"). This data may include name, employment information, business contact details, job title, and other relevant professional information. Prospect Data may be processed for the purposes of identifying and contacting potential business opportunities for our clients. The legal basis for this processing is our legitimate interests, namely to develop our business and provide services to our clients.

Campaign Data. We may process data related to email marketing campaigns ("Campaign Data"). This includes email engagement metrics, response rates, and communication preferences. The source of the Campaign Data is our email marketing platform and client interactions. The legal basis for this processing is legitimate interests and/or performance of a contract with our clients.

Enquiry Data. We may process information contained in any enquiry you submit to us regarding goods and/or services ("Enquiry Data"). The Enquiry Data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent or legitimate interests, depending on the nature of the enquiry and our relationship with you.

Our Legitimate Interest

Our lawful bases for processing include our Legitimate Interest to process your data. In this regard, we have carefully considered your rights and expectations of privacy and our rights, alongside the rights of our clients, to run our business. We have conducted thorough Legitimate Interest Assessments (LIA) and Data Protection Impact Assessments (DPIA) to ensure our processing activities are necessary and proportionate.

Source of Your Personal Data

We use a range of sources to provide our services, including:

- Public domain sources

- Professional networking platforms

- Business directories

- Client-provided information

- Direct submissions through our website

Our approach is based on carefully targeting business contacts with offers that we believe will be relevant to their professional role. We carefully select representatives from businesses and then only send relevant offers.

Data Sharing

We don't routinely share your personal data with third parties except:

- With the specific client on whose behalf we are conducting prospecting activities

- With our carefully selected service providers who help us deliver our services

- Where required by law or regulation

- With our group companies where necessary for internal administration

Where we share your data, we ensure appropriate data processing agreements are in place and that your rights are protected.

International Transfers of Your Personal Data

Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place through:

- Standard Contractual Clauses approved by the UK Information Commissioner's Office

- Adequacy decisions

- Binding corporate rules where applicable

Retaining and Deleting Personal Data

We retain personal data only as long as necessary for the purposes we collected it. Typical retention periods are:

- Client data: Duration of service plus 6 years for legal and tax purposes

- Prospect data: 2 years from last interaction

- Campaign data: 3 years from campaign completion

- Technical data: 14 months

Your Rights as a Data Subject

Under data protection law, you have the following rights:

1. The right to be informed about our collection and use of your personal data

2. The right to access your personal data

3. The right to have inaccurate personal data rectified

4. The right to be forgotten (in certain circumstances)

5. The right to restrict processing of your personal data

6. The right to data portability

7. The right to object to our processing of your personal data

8. Rights relating to automated decision-making and profiling

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided at the beginning of this policy. We will respond to your request within one month.

Automated Processing

We use automated processing to:

- Verify contact details

- Assess campaign suitability

- Monitor engagement metrics

- Optimise campaign performance

You have the right to object to automated processing and request human intervention in any automated decision-making process.

Security

We implement appropriate technical and organisational measures to protect personal data, including:

- Encryption of data in transit and at rest

- Access controls and authentication

- Regular security assessments

- Staff training

- Data processing agreements with suppliers

Complaints

If you have concerns about how we process your personal data:

1. Please contact us first at richard@pushsend.co - we aim to resolve all complaints internally

2. If you remain unsatisfied, you can contact the Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website: www.ico.org.uk

Telephone: 0303 123 1113

Changes to This Policy

We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of significant changes by email.

This policy was last updated on 12 December 2024.