As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We will always process your personal information in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR).
This policy was last reviewed in May 2019.
The Kite Factory Ltd are committed to ensuring your personal information is kept secure and confidential and not kept for longer than is necessary for each specific purpose.
From time to time we may ask other third-party service providers to help us manage our information technology systems. We will only transfer your information to a third-party service provider where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws.
Using web analytics software, we store data about to this site such as IP address, browser type, referring page and time of visit. Most of this data cannot be used to identify visitors individually, however as your IP address is now classed as personal data, you have the opportunity to opt out by contacting us.
We are ISO 27001 Certified and will take appropriate organisational and technical measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
What we collect about you
We process the personal data of clients, prospects, enquirers, suppliers and workers. We may collect, store and use the following personal information about you:
- Information that you provide to us when entering into a contract with us
- Information that you provide to us when requesting information from us
- Information that you provide to us when attending an event (or any other PR/Marketing related activity)
- Any other information you choose to provide to us, including business cards
- Information you choose to give us when making an application to work for us
Please let us know if the personal data we hold about you needs to be corrected or updated.
The data you provide to use includes:
- Email address
- Fax number
- Telephone number
- How you heard about us
- For suppliers, clients, charities, Company name, trading address, registered address, registration number, website, VAT number, trade reference
- Work experience and interview notes when you apply to work for us
- Any other personal information that you choose to send us
- You may only pass us another individual’s personal data if you have that person’s consent to do so on the understanding that their personal data will be processed as described in this policy.
We may also collect information about you from other sources, including demographic information such as postcode, preferences and interests.
We collect information from your computer and about your visits to and use of this website. This includes collecting unique online identifies such as IP addresses, which are numbers that uniquely identify a specific computer or other device on the internet. Please see our Cookies section for more details.
What we do with your information
We shall use your personal data for the following purposes:
- To provide our services to you
- To provide you with information about our services, and to deal with enquiries and requests about them
- To improve our products and services
- To send you marketing communications relating to our business which we believe to be of interest to you
- To send you email notifications and newsletters
- To maintain your contact preferences
- For marketing research purposes, surveys and responding to your website visits
- To fulfil a contract with you if you are a customer, supplier or worker
- To administer our website, personalise it to you and keep it secure
- To prevent fraud
- To verify compliance with the terms and conditions governing the use of our website
Our legal basis for processing your personal information
We promise that we shall only use your data in the way you wish, and we shall always respect your privacy. We process your data under the following legal grounds:
- The processing is necessary to meet contractual obligations into which you have entered as a client, charity, worker or supplier.
- We have legitimate interest in responding to queries from you about our services.
- The lawful justification for sending you marketing communications about our business, services and news is because we have a legitimate business interest for your data to be used for this specific purpose. You are in complete control of your data and can choose not to receive these messages, either when you first provide your data, or in every communication we send you afterwards. These marketing communications include:
- Email notifications and letters where you have provided us with your email address
- Postal / telephone marketing, though we shall always check telephone numbers against the Telephone and Corporate Telephone Preference Services and will only make telephone calls to you where your number is listed if you have told us that we may do so.
Disclosing your personal data
Your information will be used by the following parties under our control:
- To workers who deliver our services
- Third parties who provide a service to us: this list can be taken from data mapping sheet – see examples below:
- To Virtual IT who provides us with IT technical support
- To MailChimp, who distributes our emails
- To CIVIC, who hosts our client database
- To Sage who administers our finance applications
- When it is our legal duty, for example to disclose your details to government bodies such as HMRC or law enforcements agencies
We shall keep your personal data within MC&C and our trusted third parties except where disclosure is required by law, for example to government bodies and law enforcement agencies.
How long we keep your personal information
We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely. The actual period for which we store your personal information will vary depending on the type of personal information and how it is used.
Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal right.
Your Internet browser is likely to have a facility for storing small files called “cookies” that hold information which may allow a website to recognise an individual computer. This information cannot however identify you as an individual. Our website may take advantage of this facility to enhance your experience. You have the ability to prevent your computer from accepting cookies but, if you do, certain functionality on the website may be impaired.
Our website does not store any information that would, on its own, allow us to identify individual users of this service without their permission. Any cookies that may be used are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.
This is a simple token used by Java applications to identify your unique session on the website. Typically used to maintain the integrity of your session while transacting information with a website (accessing secure areas, forms submissions etc).
Google Analytics: We use Google Analytics to monitor traffic levels, search queries and visits to this website.Google Analytics stores IP address anonymously on its servers in the US, and neither CIVIC or Google associate your IP address with any personally identifiable information.These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session. You can opt-out of the Google Analytics Advertising Features by going to Google Analytics’ currently available opt-outs.
Your personal data may be stored, processed, and transferred outside the EEA so that we can use your personal data as described in this policy.
We will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. European data protection laws include specific rules on transferring personal information outside the EEA.
When transferring personal information outside the EEA, we will:
- include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the General Data Protection Regulation (GDPR)); or
- ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the GDPR.
The right to make a compliant to the data protection regulator
If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office. The ICO is the UK’s independent body set up to uphold your rights to data privacy. The ICO can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: +44 (0) 01625 545 745 Website: https://ico.org.uk
To exercise any of these rights, please contact us.
The Kite Factory Ltd is registered with the ICO as a data controller, reg no: Z9562303.
Our registered address is: 55 New Oxford Street, London WC1A 1BS
Brand Safety Process
We have put in place strict exclusions when running activity in the DSP we use. In line with industry best practice we approach this in two ways using 2 different vendors:
- Bottom-up – Pre-bid filtering to exclude any impressions from our programmatic campaigns using content category filtering tools
- Top-down – 3rd party measurement and analytics tools for post-delivery insights into the quality of inventory which allow us to remove any sites or placements that may be seen as harmful to the brand
Pre-bid Content Filtering
Four types of pre-bid filters are being applied:
- DSP content category exclusions, 3rd party content category exclusions (IAS), URL keyword & blocked sites
IAS is an MRC accredited 3rd party specialist technology that is integrated into the DSP and bought on a cost per thousand impressions basis. The IAS category exclusions are set to exclude anything that is of ‘moderate and high risk’, which is the highest level it can be set at. These categories include:
- Adult, Alcohol, Illegal Downloads, Drugs, hate Speech, Offensive Language, Violence, Unrateable & Suspicious
3rd Party Verification – Post-Delivery Insight
We also partner with MOAT analytics to monitor the quality of online advertising. We use the measurement to track viewability and engagement. These insights allow us to improve the quality and effectiveness of advertising through black listing at an agency or client level. We have determined benchmarks for each of the core metrics and will be filtering out domains that fall below this benchmark.
- Human and Viewable % – below 20%
- Invalid Traffic % (IVT – otherwise known as non-human) – over 5%
- Grapeshot Safety % – above 10% (with exceptions)
- Grapeshot is an independent context analysis engine which is fully integrated with MOAT. It goes beyond URLs, analysing the actual content on the page to determine its context.
- In View Time – below 5”
The whitelist process is similar to the blacklist process, but reversed. We analyse Moat data, looking at ‘Human & Viewable Rate’, ‘In-View Time’, ‘Invalid Traffic Rate’, and ‘Grapeshot Safety’ by site. If these metrics are seen as worse than the Moat benchmark for a site, then we will not look to include it in a whitelist. We then also use general principles to confirm whether a site is legitimate or not. These include: checking the connection is secure, ensuring the URL contains ‘https’ at the start, checking /ads.txt on the site and also whether the ads render correctly/click through correctly on site. Also, simply, whether the publisher is well known.
If The Kite Factory discovers or is made aware that an online advertisement for a client has appeared on a site that contains or links to inappropriate content. We shall use reasonable endeavours to remove the online advertisement from the site as soon as possible and within a maximum of 2 business days of discovery or notification.