Essentiamail is an outsourced email marketing agency, specialising in B2B communications. We research, write and deliver email content on behalf of our clients.
Our website is owned and operated by Essentiamarketing Ltd trading as Essentiamail, a limited company registered in England under company number 10601691, whose registered address is The Courtyard, 33 Duke Street, Trowbridge, Wiltshire, BA14 8EA.
Our VAT number is GB 262979262.
Our Data Protection Officer is Jemma Pike, and can be contacted by email at firstname.lastname@example.org
Our ICO registration number is:
Essentiamail acts on behalf of its clients in the capacity of data processor. Your data is sourced directly from our clients’ own prospect/customer base and/or a trusted third-party data supplier which has lawfully collected your details.
The legal basis for processing your data is ‘legitimate interest’, whereby a product or service might be relevant to you in your professional capacity. We may hold contact data about you (such as email address, first and last name, company name) if you work in a UK organisation or you have previously purchased a service/product from our client.
You can opt out of receiving emails at any time either by sending us an email at email@example.com and typing ‘UNSUBSCRIBE’ in the subject line, or by clicking on the ‘UNSUBSCRIBE’ link in any email we send you.
When we send you a marketing email, we place a cookie on your device to understand whether you have opened the email and clicked through to any links. This helps us design emails and content that are appealing, and identify whether you are interested in the offered product or service.
Data Storage and Personal Information
Data is held in the United Kingdom using various servers, and Dropbox and is not shared with any third parties.
If you subscribe to our mailing lists, you can unsubscribe at any time by following the instructions at the footer of the email message.
If you are an Essentiamail customer and need to update your contact information, please contact us indicating the change. We may use your contact information in the future to communicate important company and service information.
As a data subject, you have the following rights under the GDPR to:
- Request to see the personal data we hold about you;
- Request that we correct any inaccuracies in the personal data that we hold on you;
- In certain circumstances you may have the right to be forgotten (i.e. to have your personally identifiable data deleted). In many cases we would recommend that we suppress you from future communications, rather than data deletion;
- In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage;
- Request that we do not process your personal data for direct marketing and that we will keep your contact details to ensure that no further contact is made;
- Object to our processing of your personal data
- Request the transfer of any personal data you have provided to us to a different organisation.
Data Security and Breaches
We are committed to taking appropriate technical and organisational measures to protect your personal data from unauthorised or unlawful processing or accidental loss. This includes restricting access to, maintaining accuracy of and training in the securing of personal data. These safeguards are designed to protect against, but are not a guarantee against, the loss, misuse and unauthorised access, disclosure, alteration and destruction of personal information.
The servers that we use for client broadcasts are provided by Helastel: Helastel’s information security processes comply with ISO27001, they are also compliant with HSCIC Information Governance (level 2).
This states that they must have processes for ensuring security of our hosting environment, such as patching, management of systems and backup access and in the event of a breach or near miss, they also have processes in place to inform their customers and the ICO.
The measures we would take if there were to be a breach include:
- Reporting certain types of personal data breach to the relevant supervisory authority, within 72 hours of becoming aware of the breach, where feasible.
- If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay.
- Ensuring we have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals.
- Keeping a record of any personal data breaches, regardless of whether we are required to notify.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.
If you have any questions or concerns about our use of your personal information, then please email us at firstname.lastname@example.org