BlakYaks Privacy Notice

INTRODUCTION

This Privacy Notice will help you understand what information we collect from you and process using this website and what choices and rights you have about your personal data.

Our website is not intended for children and we do not knowingly collect information about children.

contact details

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our Data Protection Officer (Annabella Schwiertz) at: dpo@proact.eu.

You have the legal right to make a complaint at any time to the supervisory authority in your jurisdiction for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance – should this not be possible, you can find details of the relevant supervisory authorities here.

Data controller

BlakYaks Limited (company registration no. 13017209), is a company registered in England and Wales and is a subsidiary of Proact IT Group AB, reg. no. 556494-3446, a company incorporated under Swedish law with its head office in Solna, Sweden.

The Proact group of companies is made up of different legal entities, details of which can be found here. This privacy notice is issued on behalf of the Proact corporate group so when we mention ”Proact”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Proact corporate group responsible for processing your data including BlakYaks Limited.

The Data Controller of the data gathered through this website is:

BlakYaks Limited, a UK Private limited Company with company number: 13017209

Whose registered office is: 95 Southwark Street, London,
SE1 0HX.

And whose operating office is: 95 Southwark Street, London, SE1 0HX.

APPOINTED REPRESENTATIVES

Where a Proact entity based within the UK is processing personal data in the UK of data subjects who are located in the EU or EEA then to the extent legally required the appointed EU representative is Proact IT Group AB.

Where a Proact entity based outside the UK is processing personal data outside the UK of data subjects who are located in the UK then to the extent legally required the appointed UK representative is Proact IT UK Limited.

You may contact either of our representatives at: dpo@proact.eu

Data Protection Framework

This website is operated by BlakYaks Limited.  This Privacy Notice is intended to comply with the EU General Data Protection Regulation 2016/679  (GDPR)  and as the same is retained in English law under the European Union (Withdrawal) Act 2018 and Retained EU Law (Revocation and Reform) Act 2023 and the Data Protection Act 2018 (UK GDPR).Our code principles with regard to data privacy and human rights

User privacy and data protection are human rights.

Personal data is a liability, it should only be collected, processed and stored when absolutely necessary, and should be protected with adequate security measures.

Legislation acknowledgements

Our business and business systems (including this website) are designed to comply with the following national and international legislation with regard to data protection and user privacy:

UK Data Protection Act 2018 (DPA)

EU Data Protection Directive 2016/680 (DPD)

EU General Data Protection Regulation 2016/679 (GDPR)

DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information relating to an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).  We may use any information you provide to us as set out in this privacy notice.

We may also collect personal data about you from third parties including publicly available information sources (including social media and websites), third-party marketing agencies, vendors and our customers or suppliers which may also be used by us as set out in this privacy notice.

The personal data may include identity data, contact information, images or videos, financial details, details of your transactions with Proact or related parties, technical data deriving from your use of our website or products and services, profile and usage data from our services which you access, and marketing and communications interests and preferences.

We may also collect, use and share aggregated data such as statistical or demographic data for our internal purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you or your organisation (if this is our customer) has with us; but we will notify you if this is the case at the time.

How we collect your personal data

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data collected when you:

  • apply for our products or services;

  • enter into discussions to provide us with your products or services;

  • use or interact with the services on our website;

  • subscribe to our service or publications;

  • request marketing to be sent to you;

  • participate in or attend our events;

  • respond to job advertisements;

  • enter a competition, promotion or survey; or

  • give us some feedback.

• Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources based inside or outside the EU and the UK as set out below:

• technical data including standard internet log information and details of visitor behaviour patterns from the following parties:

• analytics providers such as Google;

• advertising networks; and

• search information providers.

• contact, financial and transaction data from providers of technical, payment, credit reference and delivery services.

• identity and contact data from data brokers or aggregators.

• identity and contact data from publicly availably sources.

How we use your personal data

Processing purposes.

We have set out below a description of all the ways we may use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

• To register you or your organisation as a new customer or supplier;

• Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers or suppliers;

• To use data analytics to improve our website, products/services, marketing, customer or supplier relationships and experiences;

• To identify and prevent fraud;

• To improve customer service;

• To deliver goods or services to you or your organisation;

• To process invoices for goods or services delivered by you or your organisation to us or our customers;

• To personalise user experience;

• To enhance the security of our network and information systems;

• To better understand how people interact with our websites;

• To communicate with you, including:

• by telephone with communications we think may be of interest to you;

• postal communications which we think will be of interest to you;

• periodic emails containing information that will be of interest to you;

• responding to a request or to provide you with support;

• responding to you when you submit a job application to us;

• To determine the effectiveness of promotional campaigns and advertising;

• To provide to our suppliers, vendors and/or subcontractors, event exhibitors, in order to deliver our products and services or for you to be invited to participate in events which we think will be of interest to you. As part of our event registration process, we process your personal data, which may include creating an event visitor badge. During events, exhibitors might request to scan a QR-Code on your visitors badge. The exhibitors are responsible for this data processing including confirming how they will use your personal data; and

• To manage our relationship with you which may include asking you to leave a review or take a survey.

LEGAL BASES

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.

• Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests.

• Where we need to comply with a legal or regulatory obligation.

We may also rely on your specific consent as a legal basis for processing your personal data for example in relation to sending third-party direct marketing communications to you via email or text message.

Our legitimate interests

• to recover debts due to us;

• to keep our records updated;

• to manage supplier relationships;

• to study how customers use our products/services;

• to develop our products/services;

• to grow our business including by way of direct marketing;

• for running our business, provision of administration and IT services;

• for network security;

• to prevent fraud;

• in the context of a business reorganisation or group restructuring exercise;

• to inform our marketing strategy;

• to define types of customers for our products and services; and

• to track the number of visitors to the various parts of our websites in order to keep them updated and relevant.

The majority of the personal data we use for our legitimate interests as described above is not sensitive. Our use of your data as set out in this notice is important for Proact in order to function as an efficient organisation.

It is necessary for Proact to collect and process certain information, limited to a minimum and subject to additional safeguards, to be able to, for example, provide transactions requested by our customers, administer our shared systems in the Proact group of companies, to understand our customers and website visitors, and fulfil our obligations towards our customers and other third parties.

change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for an additional purpose which is compatible with the original purpose.

If we were to consider using your personal information for a new purpose, we will inform you or, as required, ask for your permission or collect your consent.

DATA SECURITY

Personal data managed by Proact is stored and processed according to applicable data protection legislation. We take steps to ensure that the information we process is dealt with in accordance with this privacy notice and in accordance with applicable laws.

When required or appropriate and feasible, we shall obtain written assurances from third parties that may access your data that they will protect the data with equivalent safeguards to those adopted by Proact.

To protect the privacy of your information we maintain both technical and organisational safeguards, and we regularly update and test our security measures. However, please note that no information system is completely secure and we cannot guarantee the absolute security of your information. We are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need access in order to fulfil any of the purposes described in this privacy notice. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

How long we will use personal data for.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policies which you can request from us by contacting us at dpo@proact.eu.

Your rights on the information we hold about you

You have a legal right to: request access to and/or rectification or erasure of your personal data; restrict our processing of your personal data; object to our processing of your personal data; the right to data portability; as well as to withdraw any consent you have given.

You can make requests regarding your personal data by contacting our Data Protection Officer at dpo@proact.eu.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

consent

To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by using the contact information provided at the end of this page.

Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

If you are unhappy about our use of your personal information, you can contact us using the details provided at the bottom of this page. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:

Telephone: 0303 123 1111

Website: https://ico.org.uk/concerns/

Post: Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You may prefer to, and are entitled to, lodge a complaint with a different supervisory authority in a country of your choice. A list of European Supervisory Authorities is available here: supervisory authorities

Personal information collected via this web site and why its collected

This website collects and uses personal information for the following reasons as listed in the sub-sections below.

We will retain data for the following periods, based on these source types:

- Record sourced with consent: until withdrawn

- Contact previously sourced with legitimate interest: 3yr since last activity

- Passively sourced record: 1 month or convert to consent

Tracking of visits to this web site

GOOGLE ANALYTICS

This site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor (see section 11 below).

GA makes use of cookies, details of which can be found on Google’s developer guides. FYI our website uses the analytics.js implementation of GA.

Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

CONTACT FORMS AND EMAIL LINKS

Should you choose to contact us using the contact form on our Contact Us page, the data that you supply will be forwarded to Capsule CRM. Capsule CRM is used to store customer information and is considered a 3rd party data processor. The contact details you submit will not be stored on the BlakYaks website database.

Should you choose to contact us via email, the data you supply will be processed in Microsoft Office 365 and SharePoint.

EMAIL NEWSLETTER

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Transpond and Capsule CRM. Both provide us with marketing information and are considered 3rd party data processors. The email address that you submit will not be stored within the BlakYaks websites own database.

You can subscribe to the email newsletter through an online automated process should you wish to do so but you do so at your own discretion. Some subscriptions may be manually processed through prior written agreement with the user. Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email content. Subscriber activity is tracked and stored in Capsule CRM and Transpond for evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no means an exhaustive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

Your email address will remain within CapsuleCRM and Transpond for up to 3 years from the date of your consent, or for as long as we continue to use CapsuleCRM and Transpond’s services for email marketing or until you specifically request removal from the list. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

While your email address remains within the CapsuleCRM and Transpond’s databases, you may receive periodic newsletters from us.

Should you decide to opt out of any further communication, you have the option to delete your profile data from our system entirely at any time.

Resources & Further Information

EU General Data Protection Regulation 2016 (GDPR)

Privacy and Electronic Communications Regulations 2003

Privacy and Electronic Communications Regulations 2003 – The Guide

About this web site’s server

This website is hosted by Squarespace. We consider Squarespace to be a third-party data processor. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Disclosure and transfers to third parties

We share your personal data within the Proact corporate group and with our subprocessors and service providers that facilitate our delivery of services to our customers . This may involve processing your data outside the European Union, the European Economic Area and the United Kingdom. A list of our current third-party processors is available below:

Learn more about Proact’s Subprocessors.

Some of our third-party processors are based outside of the EU, EEA, and the UK so their processing of your personal data will involve a transfer of data outside of these areas. Whenever we transfer your personal data from within the EEA to a jurisdiction or territory outside of the EEA, or from within the UK to a jurisdiction or territory outside of the UK, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Where such transfer is as a result of Proact personnel requiring access to your personal data this will be for the same legitimate business purpose(s) set out in this notice, and we will ensure that appropriate technical measures are in place to safeguard such access.

• Where such transfer is to a third-party processor we will comply with applicable data protection legislation in particular but not limited to ensuring that any such transfer is either on the basis of an EU and/or UK adequacy decision or (in the absence of an adequacy decision) standard data protection clauses (for example the EU Standard Contractual Clauses as approved by the European Commission) which contains requirements to implement controls that provide the same level of protection for personal data as it has in the EU/EEA, together with any additional measures as may be required.

We require all third parties to respect the security of your personal data, to treat it in accordance with the law and only permit them to process your personal data for specified purposes in accordance with our instructions.

BlakYaks uses a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in this notice.

• Google (for website analytics) https://www.google.com/intl/en...

• CapsuleCRM (for contact management and marketing) https://capsulecrm.com/support/eu-data-protection/

• SquareSpace (for hosting this website) https://www.squarespace.com/privacy

• LinkedIn (social media) https://www.linkedin.com/stati...

• Twitter (social media) https://twitter.com/privacy

• Google Adwords and remarketing (digital advertising) https://policies.google.com/te..

• Sopro: We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

• The activities within which each of these Data Processors participates have been recorded within the applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR).

Compelled disclosures

We may also share your personal data when we are required by law, competent law enforcement, regulator, government authority, court or third parties: (i) as may be permitted or required by applicable law or regulation; (ii) in order to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other person;

We may share personal data with a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice.

Cookie policy

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

We use both session-based and persistent cookies, dependent upon how you use or interact with our website. Cookies are small files saved to the user’s computer or mobile device that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser deletes them, or until they expire.

---------------------------------------------------------

Google Analytics - The cookies in use to deliver Google Analytics service are described here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

---------------------------------------------------------

CapsuleCRM - The cookies in use to deliver CapsuleCRM are described here:

https://capsulecrm.com/privacy/cookie/

---------------------------------------------------------

SquareSpace - The cookies in use to deliver our website hosted on SquareSpace are described here:

https://www.squarespace.com/cookie-policy

---------------------------------------------------------

Google Analytics Opt-out

In order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience.

http://tools.google.com/dlpage...

For more information on the usage of cookies by Google Analytics please see the Google website. A link to the privacy advice for this product is provided below for your convenience.

http://www.google.com/analytic...

DISABLING COOKIES

If you would like to restrict the use of cookies you can control this in your Internet browser. Links to advice on how to do this for the most popular Internet browsers are provided below for convenience and will be available for the Internet browser of your choice either online or via the software help (normally available via key F1).

Chrome

Internet Explorer

Firefox

Safari

external links

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; google.com or facebook.com.)

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts & Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve. Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computer’s hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

SOCIAL MEDIA

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons from LinkedIn, YouTube and Twitter which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account. We consider LinkedIn, Instagram, YouTube and Twitter to be third-party data processors.

Contacting BlakYaks

We are committed to providing you with full transparency with regard to your information rights. If you have any questions about this Privacy notice, or if you would like to exercise any of your statutory rights please dpo@proact.eu.

Please note, all electronic correspondence, including emails, are subject to the terms of this privacy notice.

Changes to our policies

As our practices and policies change, so will this privacy notice. We reserve the right to change and update this privacy notice at any time, for any reason, without notice to you, other than updating the privacy notice on our website. We recommend that you regularly check this page to keep yourself updated on our privacy practices. Here you can find previous versions of this privacy notice.

Dirk Anderson, CEO (Released: April 2025)

Contact us.

solutions@blakyaks.com
020 4551 9237

95 Southwark Street, 3rd Floor, London, England, SE1 0HX