BRIGGS + WALKER
Privacy + Integrity Statement
Briggs+Walker supplies software and supplementary services to organisations that use or perform field marketing activities. In this context, Briggs+Walker processes a large amount of information every day from the organisations that use its software and database, such as the personal data of consumers and employees of the organisations that use the software. Data of individuals are processed on a daily basis through the company’s software. For example, the data of employees of field marketing agencies and commissioning parties are processed in this software, and the contracted consumers are also included in the database of the company.
Since Briggs+Walker has access to this information, it wants to provide its customers with a confidential environment. The company wants to ensure that its customers do not have to worry about the data entrusted to Briggs+Walker ending up in the possession of their competitors. Integrity and confidentiality are among the core values of Briggs+Walker. The company has drawn up this privacy and integrity statement to inform its commissioning parties and field marketing agencies about the manner in which these core values are realised.
Briggs+Walker defines confidential information as any information provided for perusal, supplied, made available or otherwise revealed by customers and field marketing agencies in connection with and for the use of the services and software of Briggs+Walker. Confidential information may be contained in correspondence, notes, drawings, models, automated files and other data carriers concerning the business operations of customers and field marketing agencies and/or affiliated companies, and/or concerning marketing, research, development, inventions, know-how, software, specification of products or services, relationships, (potential) customers or suppliers, employees and other staff, regardless of the manner in which this information is stored or provided.
Confidential information does not include information that is already available from public sources. Confidential information includes, but is not limited to, the following:
- the personal data of the employees of customers and field marketing agencies, and
- the results achieved by customers and field marketing agencies with the use of the services and software of Briggs+Walker, and
- other information of competitive value from customers and field marketing agencies.
Basic principles: purposefulness and proportionality
In order to realise its core values of integrity and confidentiality, Briggs+Walker applies the principles of purposefulness and proportionality to all processing of confidential information, information of competitive value and personal data of recruiters.
Briggs+Walker defines purposefulness as exclusively processing confidential information for the purposes for which the information was provided to the company by its customers, field marketing agencies and commissioning parties. This means that the data will never be used without specific and explicit permission for any other purpose than providing services to the customers, field marketing agencies and commissioning parties who have entrusted these data to Briggs+Walker.
Briggs+Walker define proportionality as not processing more data than needed in order to provide the services, and to ensure that the access of the company’s employees and managers to confidential information is also limited to essential data. For example, the support staff of Briggs + Walker will be authorised to view the data at the same level as the field marketing agency – they will therefore be able to view e.g. the planned shifts and results. They need this information to provide support services. The system administrator has to manage the entire underlying database and therefore has a different level of authorisation.
The manner in which these principles are actually realised by Briggs+Walker is described below.
Basic principles: Privacy by design and Privacy by default
Knowing how and when your company’s data is accessed and by whom is key to protecting your business information and your customers’ privacy. With GDPR, ISO 27001 & ISO27701 security certificates, world-class infrastructure and a solid set of privacy and security features, from user permissions to 2F authentication, Briggs+Walker is committed to protecting your data and keeping you informed on all levels and at all times.
We value the privacy needs of all our stakeholders: the field- marketing and sales companies, their field agents as well as their customers and the wider public. Therefore we have implemented – and will continue to improve – technical and organisational measures in line with the GDPR & ISO 27001 to safeguard the personal data processed by Briggs+Walker. We apply the principles of Privacy by Design and Privacy by Default in our application development cycle to build features in a way that our software and all default settings uses as less personal data as needed.
Cookies and similar technologies
Collection and use of confidential information and information of competitive value
Purposefulness and proportionality
Briggs+Walker collects confidential information from customers and field marketing agencies in order to provide optimal services. This means that the company offers customers and field marketing agencies the possibility of scheduling teams and entering data of the recruiters and other employees who are scheduled for a certain shift in order to provide planning services (FieldBuddy). The results of the recruitment shifts are also processed using the Briggs+Walker software. At the administrator level, the (digital) campaigns can be managed and results can be viewed per project using the Campaign Manager. All of these data will be included in a database located on servers managed by Briggs+Walker.
Briggs+Walker can therefore also view these data, but will treat them as strictly confidential. This means that it will use, store or otherwise process the data of a customer exclusively for that customer.
Briggs+Walker will never share data of a field marketing agency (including making it available for perusal, use or processing) with other field marketing agencies without the consent of the agency that the data belong to and it will never share the data of a commissioning party with other commissioning parties.
Technical and organisational measures: ISO27001, Chinese Walls, contractual measures
Briggs+Walker has taken technical and organisational measures to safeguard the above-mentioned principles of purposefulness and proportionality. These measures are assessed annually by an independent third party. The measures are documented in our management information system. An ISO27001 certification for information security (with an emphasis on the theme of ‘privacy’) has been issued for the total scope of our services. This certification assesses all processes and systems of Briggs+Walker for compliance with 150 baseline controls.
Furthermore, Briggs+Walker has created functional and logical separations in its software and database. These ‘Chinese Walls’ ensure that a field marketing agency or commissioning party can never view information from another field marketing agency or commissioning party.
In addition, all of our employees have signed a confidentiality agreement. This means that they are obliged to treat all information that they gain access to during their daily work activities as strictly confidential. Furthermore, the principle of proportionality also applies in this case: only authorised personnel may view, use and process data, but only insofar as these actions are necessary for the performance of their job.
Handling personal data of recruiters of field marketing agencies
Purposefulness and proportionality
All data on recruiters and their behaviour, such as the number of registrations, the type and number of write-downs of addresses, and their scheduled times and locations, are treated by Briggs+Walker as strictly confidential information. Briggs+Walker keeps these data in order to perform quality checks and to determine how its software and tablet applications are being used with the aim of improving user-friendliness and ensuring a better and more pleasant experience for the recruiters in the performance of their field marketing activities.
Briggs+Walker will never share information about recruiters or their behaviour with other field marketing agencies or third parties.
Technical and organisational measures
Recruiters have a unique user code created by the field marketing agencies. This user code is used to link recruiters’ activities to a unique recruiter. It is not necessary for field marketing agencies to link personal data of the recruiters to this unique number. If the field marketing agency chooses not to provide personal data (name, telephone number, etc.), Briggs+Walker will not be able to determine the personal identity of the recruiter. If the field marketing agency does choose to link personal data to the user code, Briggs+Walker can identify the unique recruiter. However, Briggs+Walker will then use these data in a strictly confidential manner with due regard for the principles of purposefulness and proportionality.
Handling the personal data of donors, members, subscribers or customers
Briggs+Walker operates as a processor for its customers; after all, the company processes all personal data of the recruited donors, members, subscribers or customers in its system on behalf of its customers. Processors have certain obligations in accordance with the General Data Protection Regulation. Briggs+Walker takes these obligations very seriously. The company will conclude a processing agreement with its customers, in which the preconditions for the protection of the personal data of consumers will be set down. For example, Briggs+Walker will commit to maintaining an appropriate level of technical and organisational measures to prevent unlawful processing or loss of personal data. The company will also stipulate the following: it will treat personal data confidentially, it will not share these data with third parties (except in the case of explicit permission) and it will destroy the data after a retention period. Finally, Briggs+Walker will never process personal data for its own use.
When a field marketing agency becomes a customer of Briggs + Walker, a processing agreement is drawn up. This will also be done if the customer of Briggs+Walker is a commissioning party. If the field marketing agency is not a direct customer of Briggs+Walker, no processing agreement will be concluded with this agency; after all, there is no contractual relationship. If such a field marketing agency wants to know if its data are safe with Briggs+Walker, it can ask its commissioning parties about the agreements made between Briggs+Walker and its commissioning party. For reasons of confidentiality and integrity, Briggs+Walker will not share this information directly.
Dealing with the right to access or the right to be forgotten
If a data subject contacts us directly to exercise his or her rights derived from the GDPR, we will process this request within the legally determined period and will inform the data subject accordingly.
If Briggs+Walker is storing and handling personal information about you, you have the following rights:
- Access and correction: you have the right to access your personal data. This is also called ‘Subject Access Request’. If the request is reasonably we are obliged to provide personal information to you free of charge. Before providing personal information to you, we may ask for proof of identity and request information about your software usage so that we can locate and retrieve your personal information. If the personal information about you is incorrect, you are entitled to request alteration to your personal information.
- Object to processing: you have the absolute right to object to the processing of your personal data if we are not entitled to do so anymore.
- Other rights: in addition, you may have rights to have your information deleted if we are storing it too long. You have the right to have your personal data processing restricted in certain circumstances and/or request and obtain copies of information we hold about you.
If you have any questions regarding to the use of your personal data, please contact with us by email@example.com.
Handling information that field marketing agencies and their commissioning parties share with each other
Agencies and commissioning parties have a mutual relationship, the commissioning parties commissioning the field marketing agencies to carry out recruitment activities for them. This relationship determines the type of information that is exchanged; for example, the field marketing agencies will supply the recruited donors, members, subscribers or customers to the commissioning party. Briggs+Walker provides the means for the automated performance of these activities, but it is not a contracting party. Briggs+Walker has set up its software and services in such a way that they reflect these mutual agreements, the commissioning party and the field marketing agency being in the lead. Briggs+Walker has a completely neutral role in this and does not create any obstacles, but also ensures that no more information is shared than is desirable.
Basically, commissioning parties can always see which recruiters have registered, at which location the registrations were made and when they are (or were) scheduled for a shift. The field marketing agencies can always see which donors, members, subscribers or customers have been registered by their recruiters. They need this information for quality control, and for crediting incorrect or incomplete registrations. In principle, no other data are visible to either party.
Briggs+Walker will only share other information about recruiters (and their behaviour) or the results of campaigns at the explicit request of the field marketing agency and commissioning party concerned.
Security and data breaches
The software of Briggs+Walker meets strict security requirements. Due to the large number of decentralised users (changing on a daily basis), Briggs+Walker has built-in security measures at several levels; the principles of privacy by design and the baseline controls of ISO27001 & ISO27701, for example, are incorporated in these measures. These measures comply with a legal framework that is appropriate to Briggs+Walker’s services.
Furthermore, Briggs+Walker strictly monitors the compliance with and the functioning of all measures taken. The monitoring is documented in our management information system. If desired, Briggs+Walker can provide its commissioning parties with a copy of ISO27001 & ISO27701 and the corresponding declaration of applicability.
In order to act correctly and adequately in the event of a data breach, Briggs+Walker uses an internal protocol for data breaches with sufficient safeguards.
In addition to the internal monitoring by Briggs+Walker itself and the external auditing by our ISO27001 & ISO27701 auditing party, the customers of Briggs+Walker have the right (contractually determined) to audit Briggs+Walker. They can check for themselves whether Briggs+Walker is in compliance with the legal and contractual rules.
At a higher level, the Data Protection Authority monitors the protection of personal data. The customers of Briggs+Walker have notified the Data Protection Authority of the fact that they process personal data.
For questions related to our privacy and integrity statement reach out to: firstname.lastname@example.org