About cookies (no baking required)
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
We use cookies to collect information about how visitors use our website. The Analytics Tools we use are:
Google Analytics to record how a site is performing through visitor analysing visitor statistics;
Lead Forensics to help identify website traffic
Hotjar to record heatmaps tracking user behaviour, for example clicks and taps around our website
The information we get through these cookies is anonymised and we make no attempt to identify you or influence your experience of the site while you are visiting it.
You can adjust and turn off cookies using the settings below. Most browsers will also allow you to turn off cookies. If you want to do this, please look at the menu on your browser. Adjusting or turning off cookies may restrict your use of our website.
You can opt out of being tracked by Google Analytics using the Opt Out Browser Add-On from Google. If you have used a Do Not Track browser setting, we take this as a sign you do not want to allow cookies so they will be blocked.
You can find out more about cookies at www.allaboutcookies.org.
Some things are best kept private
Leith is committed to protecting your personal data. The privacy policy below states how we collect, store and use it.
This privacy policy applies to our website, products and services which are offered by Leith.
The purpose of this policy is to give you a clear explanation about how Leith gathers and uses the personal data you provide to us and that we collect. We ensure that we use your information in accordance with all applicable laws concerning the protection of your personal data.
If you have any queries about this policy or your personal data please contact:
Andy Dallas
Data Protection Officer
The Leith Agency
86/2 Commercial Quay
Edinburgh EH6 6LX
Email: [email protected]
Phone: +44 (0) 131 561 8600
1. Information collected
We collect your contact information such as full name, company name, email address, postal address and telephone number when you email or call us with an enquiry.
We may also collect your details from publicly available sources such as LinkedIn, TendersDirect, PublicContractsScotland in order to send you information about our services
Where we collect and process your data with your consent (for example when you take part in surveys)
In addition to the above, we collect information automatically about your visit to our website. Please see our Cookies Section for more details.
The personal data we collect will be used for the following purposes:
Dealing with enquiries and requests about our services submitted to us via email or call
Sending you information about our services which are applicable to you in your role
Requesting information about your services which are applicable to you, your company, our company and our clients.
Providing outbound marketing services on behalf of a client who has contracted us to work for them.
Our legal basis for processing of your personal data is:
Processing is necessary to meet contractual obligations entered into by you
Processing is necessary for purposes of our legitimate interests in relation to goods and services that you use in your role.
Fulfilment of contractual obligations to client Controllers
Where you have provided consent for your data to be processed.
The legitimate interest pursued by us are as follows:
In response to an enquiry from you about our good and services
For the purpose of promoting our goods and service via direct marketing which are relevant to you in your role. We will always confirm how your personal data was obtained and always offer an opt-out of direct marketing communications
Enquiring about your goods and services which are applicable to our company or our clients.
2. How we protect your information
To ensure we keep your data safe and secure, we adopt appropriate data collection, storage and processing practices and security measures. These steps help protect against unauthorized access, alteration, disclosure or destruction of your personal or transactional information stored on our website and systems.
The security measures we’ve put in place include:
the encryption of personal data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
3. Marketing
We believe in being open, honest and transparent with our clients and suppliers and want you to feel comfortable about your decision to give us your personal data and how we use it.
We will use the details you provide to us to communicate with you about how we can help you in your role and help your company achieve its objectives.
We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it's quick and easy to let us know that you no longer want to hear from us by contacting the Data Protection Officer (see above).
In certain instances, we collect and use your personal data by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from us, we have a legitimate organisational interest to use your personal data to respond to you and there is no overriding prejudice to you by using your personal data for this purpose. However, we will always provide you with the option to opt-out of hearing from us. This is the case, for example, where we seek to obtain your consent to receive email marketing from Leith.
We will only communicate to you in the way you have told us. For example:
Email/text marketing
If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to Leith emails or opting in to email communication from Leith, you grant us the right to use the email for email marketing.
Post/telephone marketing
If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. We also actively check telephone numbers against the Corporate Telephone Preference Service (CTPS). We will only make telephone calls to you where your telephone number is listed on the CTPS if you have specifically told us that you do not object to such calls and have consented to receive them from Leith.
You can also change any of your contact preferences at any time, including telling us that you don’t want us to contact you for marketing purposes by contacting the Data Protection Officer:
Andy Dallas
Data Protection Officer
The Leith Agency
86/2 Commercial Quay
Edinburgh EH6 6LX
Email: [email protected]
Phone: +44 (0) 131 561 8600
4. Disclosures
We will never pass your personal data on to other organisations for them to use for their own marketing purposes.
However, we may disclose your personal data in the following circumstances:
To third parties who provide a service to us. These are mailing houses, email services providers and data processors. We require these third parties to have appropriate controls in place and to comply strictly with our written instructions and data protection laws. We enter into contracts with all our third parties and regularly monitor their activities to ensure they are complying with our policies and procedures.
Where we are under duty to disclose your personal data in order to comply with law, or that the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or where we have your written consent.
We may share your data with other affiliated organisations that co-host events with Leith
We may reveal your personal data to any other organisation that buys, or to which we transfer all, or substantially all, of our assets and business. If this sale or transfer takes place, we will use reasonable effort to make sure that the organisation we transfer your personal data to uses it in line with our privacy policy.
To third party client companies. We will have strict agreements with these companies to limit what they can do with the data we give them. We will always ask for you consent before passing on your personal information in this way.
Any organisations that access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.
5. Keeping your personal data
We keep your personal data for up to 6 years and 1 month after the creation date to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of in a secure manner.
6. Your rights
At any point while we are in possession of your personal data, you have the following rights:
The right to access your personal data
The right to rectification and update your personal data
The right to request to have your personal data erased
The right to restrict processing of your personal data
The right to object
The right to lodge a complaint with a supervisory authority
1. The right to access your personal data
You have a right to obtain confirmation that your personal data is being processed. You also have the right to request a copy of your personal data we hold.
We will provide a copy of your personal data within 30 days of receiving the written request. Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification (photo ID and proof of address such as utility bill). Please address requests to the Data Protection Officer (see above).
You can use this form: Subject Access Request Form. Alternatively, please ensure you provide us with all the requested information in an alternative format to help us locate your records.
We will respond within 28 days of your request.
2. The right to rectify and update your personal data
The accuracy of your personal data is important to us. You can rectify/update your personal data, including your address and contact details at any time. Please address requests to the Data Protection Officer (see above).
3. The right to request to have your personal data erased
You have the right to request your personal data be erased. This is not an absolute right and we will review these on a case by case basis.
Should you wish to exercise these rights please address requests to the Data Protection Officer (see above).
Please provide your reason for your request. We will consider this and advise you of our decision within 28 days of the request.
4. The right to restrict processing of your personal data
You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future.
Should you wish to exercise these rights please address requests to the Data Protection Officer (see above).
Please provide your reasons for us to restrict processing of your personal data. We will consider your request and respond with our decision within 28 days.
5. The right to object
You have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.
Alternatively, you can exercise this right by contacting the Data Protection Officer (see above).
Leith will action your request within 28 days of receiving it.
6. Your right to lodge a complaint with a supervisory authority
If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO).
The ICO can be contacted at:
The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 01625 545 745
Website: www.ico.org.uk
7. Other websites
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. You should read other sites Privacy Policies before giving them your personal information.
8. Internet-based transfers
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
9. Amendments
Please note that this privacy policy is subject to change from time to time. It was last reviewed in June 2023. If there are any major changes to our privacy policy then these will be communicated to you.