Privacy

This privacy policy follows the golden rule. We treat your privacy as seriously as we treat our own.

If there’s something vague, weird or confusing in here, send us an email about it and we’ll get back in touch as quickly as we can. You can reach us at privacy@archetype.co.

Who are we?

Setting the standard for the next generation of global agencies, Archetype partners with category creators and industry leaders to build the world’s most magnetic brands. We are 650 curious and creative individuals in 20 offices around the world that work together knowing that our clients’ success is our success.

In this privacy policy, we’re going to tell you about how we use personal information that we have about you as a business, whether we’ve collected that personal information through our website, working with our clients or suppliers or in any other way. Personal information is anything that identifies you personally like your name, your contact details, photograph etc.

Archetype is made up of different legal entities, details of which can be found here. This privacy notice is issued on behalf of Archetype Agency so when we mention “Archetype”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Archetype Agency responsible for processing your data. Archetype Agency Limited is the controller and is responsible for this website.

Quick Guide to Contents

  • What personal information do we collect about you?
  • How do we use your personal information?
  • How long do we keep your personal information?
  • Who do we share your personal information with?
  • What happens if you do not provide us with the information we request?
  • Do we make automated decisions concerning you?
  • Do we transfer your personal information outside the EEA?
  • What are your rights?
  • How do we contact you?
  • How do you contact us?

What personal information do we collect about you?

We only collect your information in the following ways:

Information you give us

These are the details that you have shared with us. For example, if you’ve filled in a form on our website or sent an email to one of our office email addresses. This may also be where you’re applying for a job and have sent us your CV. Alternatively, it could be information you provide to us for work we are doing on behalf of one of our clients, for example when setting up an event for them, or where you enter competitions that we’re running on social media on behalf of a client, or where we are assisting a client with their customer enquiries.

Information we collect automatically

Our cookie policy can be referenced here.

Information we receive from third parties or other sources

Where we are working with a client they may provide us with information about you – perhaps you are an employee of our client or are a contact that they want us to get in touch with. We may also purchase access to services that provide personal information relating to media contacts, for example through Cision or IrisPR.

How do we use your personal information?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

 

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Information you give us

We may use this information as Archetype or on behalf of our clients:

  • to carry out our obligations arising from any contract entered into between you and us, and to provide you with the information, products and services that you request from us; such as prize fulfilment, competition entry validation, or event management.
  • to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • to understand issues connected to customer feedback.
  • to consider you for the jobs that you have applied for.

Information we receive from third parties or other sources

We may use this information as Archetype or on behalf of our clients:

  • to administer our site and for internal operations, including research, statistical and survey purposes.
  • to improve our site and ensure that content is presented in the most effective manner.
  • to allow you to participate in interactive features of our service, when you choose to do so.
  • to keep a track of journalists, media contacts and partner agencies.

Information we receive from other sources.

We may combine this information with information you give to us and information we collect about you and use this information for the purposes set out above (depending on the types of information we receive).

How long do we keep your personal information?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. We will only hold personal data for as long as is necessary to service a client relationship or other type of contract. If you apply for one of our employment opportunities and are unsuccessful, we will delete your details after six months.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. These retention periods are set out in our internal retention policy.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

There are instances where you can ask us to delete your data: see The Right to Erasure below for further information.

Who do we share your personal information with?

We may share your personal information internally (but only with the teams that need access) or with certain third parties. Also, as a member of the Next 15 Group, there is certain personal data that we may share within the Next 15 Group, usually because we use a shared service (such as Next 15 IT or Legal).

We will only do this for a purpose set out in “How do we use your personal information?” above.

We may share your personal data with the following types of third party:

  • Service providers acting as processors, for example, those who provide IT and system administration services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Regulators and other authorities acting as processors or joint controllers based in the United Kingdom or other relevant jurisdictions who require reporting of processing activities in certain circumstances.

We store personal information using several different IT service providers, however we only work with vetted suppliers that have the right security processes in place to protect this data.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

What happens if you don’t provide us with your personal information? Or what happens when you ask us to stop processing your information?

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Do we make automated decisions concerning you?

No, we do not carry out automated decision making about you.

Do we use Cookies to collect personal data on you?

We do, but only to understand better how you use our website. See our cookie policy here to learn more.

Do we transfer your personal information outside the EEA?

We have multiple offices spread across the globe, and there are instances where we need to share personal information with teams in locations outside of the EEA. We have therefore entered into a specific intra-group contract approved by the European Commission which gives these transfers of personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

We may also transfer your personal data outside of the EEA as a result of storing your information within our technology services (for example, Dropbox).

Whenever we do transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we have entered into specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

What are your rights?

By law, you have nine important rights when it comes to your personal information. To get more details about these rights, talk to the data protection regulator in your country.

RightsWhat does this mean?
1. The right to object to processingYou have the right to object to certain types of processing, including processing for direct marketing.
2. The right to be informedYou have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.
3. The right of accessYou have the right to access your information (if we’re processing it).

This is so you’re aware of what we have and can check that we’re using your information in accordance with data protection law.

4. The right to rectificationYou’re entitled to correct your information if it’s inaccurate or incomplete.
5. The right to erasureThis is also known as ‘the right to be forgotten’. What it means is that you can tell us to delete all the personal information we have on you (where there’s no compelling reason for us to keep using it). This isn’t a general right to erasure; there are exceptions.

But if you ask us to delete, we’ll do it.

6. The right to restrict processingYou have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but we may not use it any more.

We keep a list of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

7. The right to data portabilityYou have rights to obtain and reuse your personal information for your own purposes across different services.

For example, you can move, copy or transfer your information easily between our tech services and theirs safely and securely, without affecting its usability.

8. The right to lodge a complaintYou have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
9. The right to withdraw consentIf you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time.

(Although if you do, it doesn’t mean that anything we’ve done with your personal information with your consent before that point was unlawful).

This includes your right to withdraw consent to us using your personal information for marketing purposes.

 

We usually act on requests and provide information free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular means of contact, please let us know.

How can you contact us?

If you have any questions you can contact us at:

Archetype Agency Limited
60 Great Portland Street
London
W1W 7RT
privacy@archetype.co
+44 20 3128 8000