Privacy and Your Personal Data
All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you wish to know what information we collect and hold about you, or to exercise any of your rights as set out in Section 10 below, please write to us at the address on our contact page or via e-mail at hello (@) agent.media :
1.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
2.1 AGENT Media Communications Ltd. is a business to business services company only and collects limited amounts of personally identifiable information (PII). We do not offer our web design, development, digital marketing or hosting services to private individuals, only businesses. As such, we only securely collect, process or store Information from owners/employees of businesses or individuals operating as sole traders in a business capacity. We do not work on ‘personal’ websites’. AGENT Media Communications Ltd. only ever collects Information necessary needed for our products to function or to provide the delivery, administration or statistical analysis of services our customers have requested or for enabling quotations to potential customers.
2.2 We have a policy of limited usage or retention of paper-based materials. Most date worked with is stored in electronic format, with the exception of hardcopy customer contracts, invoicing and company admin records (e.g. staff contracts, CV’s etc.).
2.3 We classify the data we hold under the following categories:
Submitted Billing details would include billing company name, admin contact person, email address, phone number, direct debit / bank account or credit card details for recurring payments. These sensitive billing details are securely stored in our STRIPE customer portal/billing software which customers are supplied with a secure login to for update/admin purposes. Bank account details are encrypted and credit card details are securely passed to our third party PCI DSS compliant payments provider Stripe for storage and processing. We do not store credit card details on our servers, only a unique customer ID which is passed to Stripe which carries out the actual payment.
AGENT Media Communications Ltd. may provide a range of Shared Hosting services, which allow a customer to provision a website, store database information, and host their email accounts on shared servers (Servers that share resources with other customers). The responsibility for securing the data is therefore shared between AGENT Media Communications Ltd. and the customer as detailed in Section 9.
Some AGENT Media Communications Ltd. customers may store personal information from their customers or website users on our web, database or email server space. This customer data is processed by AGENT Media Communications Ltd. in a hosting only capacity or per the instructions of our customer. We accept no responsibility for our customers use of this data, how they request that we handle this data, nor do we monitor their usage of this data apart from a server resource capacity/performance point of view. The types of data customers collect varies greatly (including eCommerce data, custom customer/user databases, eZine databases, data capture forms, data backup databases, data lookups, or unique application integrations). We encourage customers who have specific questions or requests relating to GDPR compliance to contact us at hello(@) agent.media
3.1 You may provide us with Information in a number of ways:
3.2 We may collect Information about your computer, including where available your IP address, operating system, browser type and the geographical location of your computer, for system administration, prevention of fraud or business lead identification purposes. We also use statistical and user behavior analysis software (such as Google Analytics) to get a better idea of how to improve user experience on our website. We may also report aggregate information. This is statistical data about browsing actions and patterns and does not identify you as an individual. In all cases, the suppliers of these products have stated their GDPR compliance.
4.1 We will hold, use and disclose your Information for our legitimate business purposes including:
4.2 We do not process or hold certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in enquiries. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
5.1 In certain circumstances we will share your Information. Details of those parties are set out below along with the reasons for sharing it.
We use cloud-based services where personal data may be processed for the purposes of providing our services to you and this may require the transfer of this data outside of the EEA e.g. Gmail.
Where personal data is transferred outside of the EEA, your rights as a data subject are protected by data transfer mechanisms such as Standard Contractual Clauses and EU/US Privacy Shield and we have only chosen suppliers who have stated their GDPR compliance.
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods is determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics. If we receive your Information following a request for assistance, information or quotation for our products or services, we will retain your data for as long as is necessary to process your request or generate a quotation and for as long as you are an active sale prospect (i.e. have not communicated your intention not to engage with AGENT Media Communication Ltd.). We will also maintain your data for statistics related to business lead activity and quotations. If you are a AGENT Media Communication Ltd. customer we will retain your data for the full duration of the period we provide you with our products or services and for a period of 6 years after the end of the customer relationship thereafter to ensure compliance with tax requirements. Customer website data will be fully deleted from our servers within 90 days of the customer leaving (or earlier if requested). For non-customers, we will not directly market to you for longer than five (5) years, unless you consent to receive direct marketing by opting in again before the expiry of that five (5) year period. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
We use reasonable technical and organisational security measures to protect your data and to prevent the loss, misuse or unauthorised alteration of any data in our control and will use our reasonable endeavours to ensure that such information is kept as secure as possible.
Data submitted through www.agent.media website contact forms or mailing list form is https encrypted and automatically fed into our website database and into our Google Drive cloud based CRM system.
Where data is stored electronically on our servers, we have implemented appropriate IT security measures to secure your personal data. These measures include server patching/maintenance routines, anti-virus protection, firewalls and data encryption technologies and access protocols. Periodic third party security penetration test are also carried out on servers to ensure security hardness and any recommendations deployed. Physical server and data center policies are in place with our ISO accredited data center partner Dada Group. Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively. Where data is stored in hard copy format, we have management and destruction procedures in place and staff training to ensure that paper records are stored securely.
Customer requests sent to AGENT Media Communication Ltd. will only be acted upon if the request is from an authorised customer contact listed in our CRM. For security reasons, customer requests must be submitted to hello (@) agent.media from an authorised email address. Requests will not be acted upon over the phone.
9.1 Domain Registrations: AGENT Media Communication Ltd. register domain registrations on behalf of its customer with various registries or registry resellers (registrars) depending upon the domain type. The data collected by AGENT Media Communication Ltd. is a requirement of the registration process and some of this data is used in populating the WHOIS database, which provides transparency of domain registration globally. Most of this is publicly available information and can be retrieved via a WHOIS query. AGENT Media Communication Ltd. do not control this data, and collection of this data is a requirement under ICANN contractual obligations or the specific policies and contractual requirements imposed by the domain registries. For example view the Irish Domain Registry’s privacy policies. (https://www.iedr.ie/about-the-iedr/our-policies/)
9.2 Shared Hosting: AGENT Media Communication Ltd. provide a range of Shared Hosting services, which allow for server setup of a website, store database information, and host their email accounts on shared servers (Servers that share resources with other customers). The responsibility for securing the data is therefore shared between AGENT Media Communication Ltd. and the customer. AGENT Media Communication Ltd. are responsible for securing the shared hosting infrastructure (the underlying hardware and operating systems), providing server backups, disaster recovery and supporting the platform whilst the content, passwords, access to the data etc. is the responsibility of the customer. Where upgrades or data backups is not opted for in the services provided by AGENT Media Communication Ltd., then the customer is responsible for their own backups and for securing the CMS applications by keeping them up to date. AGENT Media Communication Ltd. do not provide backups or virus/spam protection for our entry level POP3 email account offering. Customers are responsible for downloading all mail from our servers and providing their own backup and virus/spam protection. The customer is responsible for email setup on their mail client and securely accessing their email using the encrypted protocols we provide over both POP3 and Webmail. Email account changes can be requested by the customer or their approved agents and it is the customer responsibility to ensure the detail of these requests are approved and fully correct before submitting them to AGENT Media Communication Ltd..
9.3 Website Content Management Security & Passwords: AGENT Media Communication Ltd. is responsible for providing reasonable security updates to a customer Website content management system only if contracted to do so, otherwise it is the responsibility of the customer to ensure such security updates.
The customer is fully responsible for ensuring that passwords to their websites and content management system are not easily guessed or hackable (e.g. minimum 10 characters with mix of alphanumeric characters) and are securely stored. AGENT Media Communication Ltd. recommends that any website or content management system admin areas are encrypted across https.
The nature of the Internet is such that no business can guarantee or warrant the security of any server or web application, especially as the underlying technology will be provided by third parties or upon open source software. We will however take all reasonable steps and organisational measures to protect servers and data through appropriate schedule server patching routines and server / network access controls.
9.4 SSL Certificates: AGENT Media Communication Ltd. are authorised resellers of SSL certificates and we collect personally identifiable information (name email address, CRO number etc.) pertaining to the certificate to provide the SSL provider with the information necessary to validate the registrant.
9.5 Network control: This includes the configuration, management, and securing of network elements such as virtual networking, DNS, and gateways. The controls provide a means for services to communicate and interoperate. This is AGENT Media Communication Ltd.’s responsibility as it is outside the control of the customer. DNS changes may be requested by the customer or their agents and it is the customer responsibility to ensure the detail of these requests is correct before submitting them to AGENT Media Communication Ltd..
9.6 Backup Services (Dropbox): Where the customer has engaged AGENT Media Communication Ltd.’s backup offering, AGENT Media Communication Ltd. is responsible for provision of backups, disaster recovery and implementing operational controls to restrict authorised access to the backup servers and data. No customer access is given to this facility and any requests for data restores must be submitted to AGENT Media Communication Ltd..
10.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
This right exists in respect of Information that:
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
10.2 You can exercise any of the above rights by contacting us at the address or e-mail address set out above. You can exercise your rights free of charge. In making any request in this regard, please provide us with sufficient information to enable us to identify you. We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
10.3 If you wish to receive a copy of the data which we hold about you, when contacting us please provide us with €6.35 and we will respond to your query as quickly as possible but in any event within 40 days of receipt of your request.
10.4 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
12.1 Similar to other commercial websites, our Website “cookies” and web server logs to collect information about how our Website is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
12.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
12.3 Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
12.4 We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.
12.5 We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that match your preferred interests.
Please also view our full Cookie & Privacy Statement
You can request a copy of what data we have on record for you or request any changes to that data by emailing hello (@) agent.media and separately providing us with a processing fee of €6.35 and we will respond to your query as quickly as possible but in any event within 40 days of receipt of your request.
Customers can update stored recorded billing contact or payment details by emailing hello (@) agent.mediaGoogle+
We know your digital business operations will be reliant on AGENT Digital providing you with reliable and uninterrupted service and with this in mind we would like to share with you the measures we are taking to ensure we are 100% operational.