Privacy Policy

Your Privacy

We collect personal data when you use this website. Some personal data is provided freely by users; some is collected automatically.

The data that we collect includes the following:

  • Usage data
  • Email address
  • First name
  • Last name
  • Phone number
  • Company name
  • IP address.

We use this data to do the following:

  • Improve our website by analysing user behaviour
  • Contact our users
  • Interact with our users on external social networks and platforms.

If any other data collection occurs, it will be described at that point. Thinkplus is not responsible for any third-party data submitted by users.

How and Where Your Data Is Stored

At Thinkplus, we use and store your data according to the GDPR (don’t say that the EU never did anything for you!) and take reasonable security measures to prevent unauthorised individuals from accessing it.

Your data will be stored on our Data Processors’ secure servers. Employees may also access your data while they are not in Europe.

 

Keeping Your Data Safe

The internet is not 100% free from security risks. While we take security very seriously and train our Ninjas to protect user data, we cannot guarantee that your data is secure. Any data sent to us is at the user’s own risk.

Any payments made through this website, however, will be encrypted.

Your Data and the Government

We may be legally obligated to hand over your data to public authorities (not that the NSA doesn’t already know everything about everyone).

Your Rights

You have the right to ask us what information we are storing about you and  ask for it to be forgotten (have your data erased). Any such requests should be sent to support@exposureninja.com. We will comply with all requests within one month.

Links to Other Websites

This privacy policy only applies to this website. You should be aware that although we link to third-party websites, they have separate privacy policies that are unaffected by our own. If you come to the Thinkplus website via a link from a third-party website, they may also send us personal information about you.

Changes to Our Privacy Policy

We reserve the right to change our privacy policy at any time. Changes will be listed here and you are advised to check this page often for updates. If you do not approve of a change to our privacy policy, you should stop using our website immediately.

By continuing to use our website and freely submitting your data to us, you agree to our privacy policy.

Have a ninja day!

GDPR Data and Information Policy

We are highly transparent about how we hold and use data.

The information we hold is:

Client Information

  • Information enabling us to run their marketing campaign. Including names, phone numbers, email addresses, business address (or home address if working from home)
  • Website logins (where supplied)
  • Social media logins (where supplied)
  • Domain and hosting logins (where supplied)
  • Advertising account logins (where supplied)
  • Analytics logins (where supplied).

All of this information is gathered from the client in a Kickstart Questionnaire sent to them at the start of the campaign. This questionnaire is stored on various spreadsheets in Google Drive, which the campaign staff can access.

Elements are also stored in Infusionsoft (our CRM), Xero (our accounting software), Teamwork (our Project Management software), and Slack (our chat software). Their data processing terms and conditions are available on their websites.

Leads and Contacts

If you request a marketing review from us, sign up for free book updates, register to ‘join the dojo’ and receive our marketing training, or enquire about using our services, we will retain some or all of the following data:

  • Name
  • Address (if purchased)
  • Email address
  • Phone number (if provided)
  • Declared business information, including target turnover

This information is collected through:

  • Our website:
    • The free marketing review questionnaire asks visitors for the information necessary for us to carry out the review
    • Book update forms allow people to sign up with their name and email address to receive future book updates
    • “Join the Dojo” allows people to sign up for our email list to receive tips and advice

Lead information is shared between staff members responsible for sales, marketing, and accounting.

Data Consent

We always make clear on email capture forms that the data we collect will be used for follow-up marketing (“Join the dojo”). We also specify how the data submitted will be used on Kickstart Questionnaires and other forms.

We make it clear on all forms that consent can be withdrawn at any time by contacting us.

The basis for processing client data is Contract, and the basis for processing lead/contact data is Consent and/or Legitimate Interest.

Data and Privacy Notice

We store the data you submit to us in our email marketing software so that we can send you relevant information and training to help you with your marketing.

You can remove your consent to receive this information at any time by clicking the link at the bottom of the email. If you would like to be ‘forgotten’ and have your data erased, simply reply to any email from us requesting this, and we will handle this for you within one month.

Data Policy

Thinkplus only collects and stores information from clients necessary for us to carry out the marketing work we are required to do. This information is available to the campaign team and other company staff who might need it for the purposes of accounting, administration, or helping with marketing work.

We also collect and store information from contacts and leads to provide relevant marketing training, advice, and sales recommendations. This information is available to staff across the company.

The information we store about each client or contact is available to that client or contact on request, and we will delete any data when they request it.

All client or contact information is held only in the designated cloud software applications (Google Drive, Infusionsoft, Gmail, Slack, Teamwork, Teamwork Desk). Information and data should never be stored locally on staff computers in documents not controlled by these cloud apps, and the Ninjas receive training on the importance of not storing data locally.

Risks and Impact Assessment

  • Risk: Staff computer or account hacked, and contact information accessed
    • Impact: Client data leaked and shared online. Potentially, websites hacked and personal data leaked.
    • Mitigation: Where possible, data is stored in cloud services like Google Drive, which have login protection and two-step verification when accessed from new locations or IP addresses. Staff are required to change all passwords every three months.
  • Risk: Staff member leaves and takes personal data with them
    • Impact: Client data leaked and shared online. Potentially, websites hacked and personal data sold.
    • Mitigation: An offboarding process which quickly removes access once a staff member leaves.

Training

All staff are trained on the following:

  • Password and account security
  • Data handling (including data storage methods and types of data to never store)
  • Device security.

Breach Notification

A data breach can lead to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed.

If any staff members notice this has happened, they must immediately notify their manager. Following notification of a breach, we will:

  • Assess the impact of the breach.
  • Notify the relevant parties immediately.
  • Investigate the cause of the breach.
  • Rectify any security vulnerabilities or processes to minimise the chance of this happening again.

Right of Access

If an individual requests access to their personal data, this request is to be immediately passed to the Data Protection Officer (Charlie Marchant) who will:

  • Confirm the data being processed.
  • Provide full access to their data stored in our various software via email.

We will respond to all such requests within one month.

Data Disposal

Individuals have the right to be forgotten and can request that their data be erased. We will erase all records held for that individual/company, including:

  • CRM records
  • Campaign documents and files
  • Slack channel

Data Processor Contracts

We have written contracts with our data processors governing the processing of personal data.

Data Protection Impact Assessments (DPIAs)

We conduct DPIAs whenever we add a new piece of software to our workflow, which will store or process personal data. DPIAs have a description of the processing operations and their purposes, as well as an assessment of the necessity, risks, and details of the controls put in place to reduce these risks.

Information Security Policy

Every staff member is required to adhere to this policy and to abide by our data guidelines:

  • Personal data must not be stored on your devices.
  • Passwords must be changed on a three-monthly cycle and at any other time when management requests.
  • No data should be collected and retained other than what is necessary to carry out the work requested of us.

Any requests for access to data, requests to be forgotten, reports of a breach, or any other matter relating to the management of or access to personal data should be immediately passed to Charlie Marchant at charlie@exposureninja.com.