At Demonstrandum we want to help your business understand how they can use data to remove barriers to growth and increase your business' potential. We do so through democratising data within your business so everyone can understand how data can be used to reach your business' data goals.

Every business has customers, and a business' customer list and engagement are some of the most valuable data sets within your business. However how we can use this data is regulated because it is personal data.

Laws such as GDPR, CCPA, and LGPD protect your personal data from being abused and they do so by ensuring how businesses use data is strictly necessary or more importantly has the informed prior consent of the user.

At Demonstrandum we want to be upfront and honest with you about: the personal data we collect, the third parties we use, why we collect it, where we store it, and how we use it - to allow you to make an informed decision as to whether you want to provide this information to us.

Update: 2021/10/01

On the 30th of September 2021 (2021/09/30) Demonstrandum removed cookies from our website to remain compliant with relevant data legislation. Shortly thereafter we relaunched the website with no analytics or tracking, and a PHP contact form that e-mails contact@demonstrandum.co.uk through our hosting provider Netlify. Due to the lifespan of some cookies we are keeping relevant information visible regarding the lawful bases on the website in cases where consent was given prior to the removal of cookies. We have since updated our privacy policy and removed the cookie policy from our website to reflect this change in operations. Should you want to see the cookie policy of Demonstrandum prior to this change you can e-mail privacy@demonstrandum.co.uk, however we would recommend clearing our cookies from your browser.

Links to our privacy policy can be found at the bottom of each page.

Within our website we may include links to other websites, Demonstrandum has no control over these websites and is not responsible for the privacy policies or practices of these websites.

Personal Data is a term that refers to any data that relates to an individual, examples include obvious data such as: name, phone number, e-mail, etc; there are also less obvious examples of personal data such as a Cookie or User ID, whilst these do not directly identify an individual they are unique to an individual and can in theory be used to identify a single person. Fundamentally, under the UK GDPR any information that is at a user level can be considered personal data, even if it does not directly identify a person, combining the information could allow us to identify a person.

Demonstrandum collects personal data in the following ways:

1) Direct contact

We collect personal data from people either completing our contact us form or through e-mailing contact@demonstrandum.co.uk. Additionally we collect personal information from any direct communications by e-mail, social media, in person, or other communication channels.

2) Publicly available sources

We collect publicly available data sources such as Companies House, LinkedIn, and other relevant news sites, some of the information contained within is personal data.

---

It is Demonstrandum's policy not to share personal data that enables the identification of an individual with any third parties unless required by law or at the request of the individual.

We utilise iubenda to provide our privacy policy in accordance with Data Privacy laws, and we provide detail on the personal data collected in this page. As a company we have decided to provide additional detail as we want you to understand how we use your personal data. We also believe that as a company that helps businesses on their Data Journey, we should demonstrate that we understand how to handle personal data in compliance not only with regulatory laws, but also in a way that makes our potential and current customers feel confident that we won't misuse their personal data. We want to tell you how we are going to use this data, not just what data we are going to collect.

Demonstrandum's use of personal data is motivated by our vision to empower and enable people to understand how data can be used practically. To achieve our vision we need to: find businesses who want to embark on their next Data Journey, and help our clients effectively navigate their Data Journeys. As such, we use personal data in two ways:

1) Help Demonstrandum find businesses ready to embark on their next Data Journey

We use the information provided to us by our customers as well as publicly available information to give us more information about who may be interested in our services. This derived information also gives us the ability to refine our messaging so Demonstrandum is front of mind of potential customers as the look to embark on their business' next Data Journey. We also from time to time we perform outreach marketing where we directly contact businesses that we believe that Demonstrandum can help to navigate their Data Journey.

Profiling

As part of our operations and lead identification process we will look at the details contained within our internal CRM system and other information we know about an individual, such as the industry or the country within which their business operates, to help Demonstrandum identify new opportunities to pursue. In these cases we will anonymise the data prior to building any profiles.

Outreach

Demonstrandum use publically available information from Companies House, LinkedIn, and other relevant news sources to identify businesses where we believe Demonstrandum's offered services can help the business navigate their Data Journey. We then reach out to them through e-mail and/or LinkedIn to introduce Demonstrandum and start a conversation around how we can help their business.

2) Enable Demonstrandum to successfully help businesses navigate their Data Journeys

Most importantly we need our team to be able to process your personal data so they can help navigate your business' Data Journey.

This information is retained within our e‑mail service provider Microsoft and our internal CRM database which is stored within Microsoft cloud based services. We restrict access to our customer relationship management (CRM) system Sendinblue and our internal database to those who need access to perform their duties.

Each Data Journey is referred to by your business name, and has a team built to deliver it. Within this team they need to have access to the information required to help navigate your Data Journey, and part of the required information will be your personal data so they can communicate with you. This results in your personal data being used on local devices such as laptops and phones, our IT security policy requires such devices to be protected with user authentication such as a password, biometric authentication, or two factor authentication systems.

If you request a quote for Demonstrandum to help navigate your business' Data Journey we will need to use your personal data in the generation of that quote; even if that use is who the quote is addressed to, we are still processing your personal data.

As an existing customer we will need to keep your personal data on file contained within signed contracts for our records and for legal reporting purposes.

---

We take security around personal data seriously. Personal Data provided to us and from which you can be identified is stored securely, confidentially, and processed in accordance with applicable legislation. Within Demonstrandum we utilise appropriate technical and organisational measures to protect against unauthorised or unlawful processing of your personal data.

There may be times when we need to transfer your personal data that Demonstrandum holds such as to comply with any legal requests. Outside of legal requests for this data, or in cases where it is not specified within any contractual obligations, consent will be obtained prior to any transfer.

We have provided below an outline of how we collect and process personal data which maps the flow of the data above. This infrastructure outlines how the personal data collected by, and provided to, us through our website or contact form is processed alongside the third party sources and other business activities.

The image below contains a lot of detail and there is a legend to help you identify what each component is.

If you visited our website prior to the 1st of October 2021 (2021/10/01) then there is a different infrastructure that your personal data navigated, and we will be happy to discuss with you further if you reach out to us. If you have any questions please contact privacy@demonstrandum.co.uk. N.B this image may not be legible on mobile devices.

First, the term "data processing" essentially covers most actions that uses personal data.

Demonstrandum collect and process personal data on several lawful bases, we have provided the personal data sources we utilise alongside the lawful basis for processing and collection below.

Provision of Quotes and Services: Contract

So we can fulfil our contractual obligations with your business, we are required to process and/or share your personal data internally. Your personal data will be shared only to the team who are required to fulfil the terms of our contract with you. From time to time this team may include external contractors hired by Demonstrandum and we will assess the requirements to share your personal data prior to doing so.

Storage of Contracts: Legal Obligation

We are required to keep records of our activities and within contracts will be some personal data. This access is restricted to only those who are required to do so in performance of their legal obligations and duties.

Internal Contact Database and Data Augmentation: Legitimate Interest

Demonstrandum has an internal contact database which allows us to report upon how we are performing against key targets and objectives.

Within this database we have the contact details for people who we have communicated with or, as we outline below, people who we have tried to communicate with alonside the status of their interaction with Demonstrandum. For existing customers we also have key details that will help the team be more engaging through customer profiles. Moreover in the case of current or previous clients we need to be able to ensure the information we have is accurate, and a centralised internal contact database allows us to do this.

We also store a record of the communications sent or received through our e-mail provider Outlook utilising automated solutions to extract pertinent information. The personal data that is processed is the people who are on the e-mail conversation, and we also store the subject heading so we can find the communication within our e-mail provider Outlook and our internal databases.

We also augment the information within our database with publicly available information from companies house or LinkedIn. This is performed using the relevant APIs or manual entry. This augmentation is performed so we can ensure our offering to our clients is relevant, to keep up to date with developments, and to help ensure the data we have is accurate.

If we do not store this information it not only restricts the ability of our team to effectively perform their duties, but it increases the chances of us adversely affecting the privacy of other people. If we cannot record our communications, we cannot identify if we are adversely impacting on and individual's rights and interests.

The data within this database may be processed further using relevant internal tools such as task management, resource allocation, or invoicing software.

Marketing Outreach: Legitimate Interest

Occasionally Demonstrandum will reach out to potential sales prospects where we believe Demonstrandum can help them with their business' Data Journey.

This outreach will be performed by either e-mail or LinkedIn.

As businesses may be unaware of Demonstrandum prior to this e-mail we rely upon legitimate interests to process their personal data - name, email address, business - so we can send this e-mail. We will use the e-mail address listed on a business' contact page, where this information is provided, to make this first communication. Then, if necessary, following up with individuals through LinkedIn or e-mail addresses clearley stated on your business' website where we have this information and we have not received a response from the publicly listed contact e-mail address.

We utilise legitimate interests for this processing because this is a reasonably expected action within the "Business to Business" ecosystem and people are unlikely to object. These potential leads are added to our internal contact database so we can monitor outreach efforts. Adding these leads to our internal contact database allows us to minimise the privacy impact, as the team can identify the status of ongoing outreach efforts so as not to send too many communications.

Our e-mail communications in this situation are sent manually to an individual and a link to this page alongside the privacy policy is provided.

We keep personal data for the minimum time possible whilst being able to ensure your continued privacy and do our best to ensure it is kept up to date.

If you have engaged Demonstrandum to help on your business' Data Journey, some of your personal information will be present within the documents necessary to comply with the records retention requirement for a limited liability company. The location of this storage is within the United Kingdom.

Update: 2021/10/01

On the 30th of September 2021 (2021/09/30) Demonstrandum removed cookies from our website to remain compliant with relevant data legislation. Shortly thereafter we relaunched the website with no analytics or tracking, and this information is provided in the case that any of the cookies from the previous website are still active within your browser. We would recommend clearing these cookies from your browser.

Website visitors prior to 2021/10/01 who provided the relevant consent

Within our privacy policy we have not provided a maximum lifespan for all cookies as this lifespan is calculated on a rolling period and it is not possible to make this clear using our provider iubenda. What this means for you is that each time you engage with our website the life of the cookie is reset. The privacy policy for the cookies used can be found within our cookie policy provided by iubenda.

We utilise Google Tag Manager to implement the cookies on our website, incorporating Google Consent Mode and per category cookie consent through iubenda.

You can opt out to cookies on our website by updating your advertising preferences here, clearing the cache, or prevent cookies by disabling cookies in your browser. Our recommendation is that if you change your mind and wish to withdraw consent you should clear the cookies from our page, refresh the page and click "reject all" when the cookie policy banner appears.

If you later decide that you want to withdraw your consent for cookies by updating your advertising preferences, you may notice that Google Analytics cookies starting with "_ga" remain as they are persistent cookies, which means it will not get deleted until it expires. Within this cookie is the Client ID which is used by Google Analytics to recognise your unique browser and device cookie. Even though this cookie is stored, the information about your time on our site does not get transmitted to Demonstrandum's Google Analytics account.

Domain	Name	Purpose	Expiry
demonstrandum.co.uk	_ga	Used to distinguish users.	2 years
demonstrandum.co.uk	_ga_<CONTAINER-ID>	Used to persist session state.	2 years
demonstrandum.co.uk	_iub-cs-76212687	iubenda consent Cookie (_iub_cs-X) is set by the iubenda Cookie Solution and stores User preferences related to Trackers in the local domain.	365 days
demonstrandum.co.uk	_iub-cs-76212687-granular	iubenda consent Cookie (_iub_cs-X) is set by the iubenda Cookie Solution and stores User preferences related to Trackers in the local domain.	365 days
demonstrandum.co.uk	euconsent-v2	TCF v2 Cookie	up to 13 months
doubleclick.net	DSID	Used to identify a signed-in user on non-Google sites and to remember whether the user has agreed to ad personalization.	2 weeks
doubleclick.net	IDE	Used to personalise advertisements shown to users based on previous visits to our website.	1 Year
google.com	_GRECAPTCHA	Necessary cookie to implement Google reCAPTCHA	6 months
google.com	NID	Used to show Google ads in Google services for signed out users	6 months
google.com	__Secure-3PAPISID	These cookies are used to deliver ads more relevant to you and your interests	2 years
google.com	__Secure-3PSID	These cookies are used to deliver ads more relevant to you and your interests	2 years
google.com	__Secure-3PSIDCC	These cookies are used to deliver ads more relevant to you and your interests	1 year
iubenda.com	_iub_cs-25372	iubenda consent Cookie (_iub_cs-X) is set by the iubenda Cookie Solution and stores User preferences related to Trackers in the local domain.	1 year
iubenda.com	_iub_cs-76212687	iubenda consent Cookie (_iub_cs-X) is set by the iubenda Cookie Solution and stores User preferences related to Trackers in the local domain.	1 year
.linkedin.com	AnalyticsSyncHistory	Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries	30 days
.linkedin.com	UserMatchHistory	LinkedIn Ads ID syncing	30 days
.linkedin.com	__ssid	Used to monitor payment fraud and abuse	10 years
.linkedin.com	_guid	Used to identify a LinkedIn Member for advertising through Google ads	90 days
.linkedin.com	bcookie	Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform	2 years
.linkedin.com	lang	Used to remember a user's language setting	Session
.linkedin.com	li_mc	Used as a EDF6F6orary cache to avoid database lookups for member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side	2 years
.linkedin.com	li_sugr	Used to make a probabilistic match of a user's identity outside the Designated Countries	90 days
.linkedin.com	liap	Used by non-www.domains to denote the logged in status of a member	1 year
.linkedin.com	lidc	To optimize data center selection	24 hours
.linkedin.com	lissc	Used to ensure there is correct SameSite attribute for all cookies in that browser	365 days
.linkedin.com	lms_ads	Used to identify LinkedIn Members off LinkedIn in the Designated Countries for advertising	30 days
.linkedin.com	lms_analytics	Used to identify LinkedIn Members in the Designated Countries for analytics	30 days
.linkedin.com	sdsc	Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made	Session
.ads.linked.com	lang	Used to remember a user's language setting	Session

With regards to the data that Demonstrandum holds, you can make a data request by contacting: privacy@demonstrandum.co.uk

If you are, for any reason, unhappy with how Demonstrandum uses your personal data, please contact us. If you are still unhappy you have the right to make a complaint to the Data Commissioner's Office.

Update: 2021/10/01

On the 30th of September 2021 (2021/09/30) Demonstrandum removed cookies from our website to remain compliant with relevant data legislation. Shortly thereafter we relaunched the website with no analytics or tracking, and this information is provided in the case that any of the cookies from the previous website are still active within your browser. We would recommend clearing these cookies from your browser.

Website visitors prior to 2021/10/01 who provided the relevant consent

With regards to the third party solutions that we utilise on our website the privacy policies can be found in our cookie policy in the footer of each webpage or here.

If you no longer wish to recieve marketing e-mails sent using our service provider Sendinblue you can unsubscribe using the link in the footer of the email.

We utilise Google Tag Manager to implement the cookies on our website, and this is linked to iubenda's per category cookie consent system. The new Google Analytics cookie utilises Google's consent mode to track your preferences regarding consent and this solution is integrated with our cookie consent provider iubenda.

The functionalities and cookies attached upon consent associated with each category are:

Strictly necessary

• Google reCaptcha

Measurement

• Google Analytics Demographics and Interests reports

• User ID extension for Google Analytics

• Google Ads conversion tracking

• LinkedIn conversion tracking

• Google Analytics Advertising Reporting Features

• Google Analytics with anonymized IP

Targeting and Advertising

• Google Ads Similar audiences

• Google Signals

• Remarketing with Google Analytics

• Google Ads Remarketing

• LinkedIn Website Retargeting