Last updated: 15th October 2019
This website is operated by Branded Ltd, a trading division of the Dentsu Aegis Network Group. Branded (also referred to as “we” and “us”) may collect personal data about you when you interact with us. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We will process your personal data at all times in accordance with applicable privacy and data protection laws. This Privacy Notice describes how we collect and use your personal information and the rights you have in relation to that information. Branded is the data controller of any personal data you provide to us, including in relation to this website www.itsagirlthing.live
This Privacy Notice explains the following:
- Information we may collect
- How we use this information
- How long we will keep your information
- How we secure your information
- Information sharing and disclosure
- International and group company transfers
- Your rights
- Our responsibility for website links
- How to contact us
In the Supplementary Information section of this Privacy Notice, we explain what is meant by “personal data” and other terms used in this notice.
Information we may collect
We also collect personal data about you if you make use of any of the interactive features within our website. For example, when you complete a data capture form on our website, subscribe to our newsletters, book a ticket to our event (via third party ticketing platforms), submit a story to us or when you respond to a blog on our website. The personal data we collect includes your full name, email address, year of birth, mobile number location, and your Instagram profile.
Marketing and Communications data
We collect information about your preference in receiving marketing information from us.
We do not actively seek to collect information about children aged 15 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have shared personal data via this website, please contact us at [email protected]. We will delete such information from our records within a reasonable time.
How we use this information
Except where required by law, we only use the personal data you provide for the following purposes:
- To deliver the specific information or services you have requested;
- To enable the download of our content;
- Send you newsletters and information relating to our services; and
- Respond to your requests and feedback.
Under data protection law we are required to advise you on the legal basis for processing your personal data. For the most part, the processing of your personal data is based either on a) our legitimate interests related to us providing you services you have requested, or b) your consent, where requested.
In the table below we set out further information about the purposes for which we use your personal data and the legal basis we rely on for its use. Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
|Purpose/Activity||Types of personal data that may be processed||Lawful basis for processing including the basis of legitimate interest|
|To send you information about our services:|
• To send you information which you have requested e.g. event info, blogs, or newsletters in accordance with your specified preferences
Year of birth
|Where you have requested information from us, such as reports, blogs or newsletters, we send such communications based on your consent.|
You can ask us to stop such communications at any time by clicking on the unsubscribe link at the bottom of the message.
|• To deliver relevant content to you and measure or understand the effectiveness of the content we serve to you.||First Name|
Marketing and Communications
Year of birth
Social media activity
|Necessary for our legitimate interest (to study how clients use our service and engage with our content. To develop our services, to grow our business and to inform our marketing strategy).|
• To respond to any enquiries or feedback that you send us
• To update you with any changes to our terms and conditions/other policies
Year of birth
It is in our legitimate interest to respond to communications that you send to us, inform you of relevant information in relation to the services that we provide and utilise your information to improve our business.
|To share information within the Dentsu Aegis Network group.||First Name|
Year of birth
As a trading division of Dentsu Aegis Network who operate as a global operating media company, it is our legitimate business interest to share your data within the Dentsu Aegis Network group in order to manage our business effectively and provide our products and services.
|To share information with other third parties, such as regulator and law enforcement agencies||First Name|
Ticket purchase information
|We share your data as necessary for compliance with any legal obligation to which we are subject or in order to satisfy our legitimate business interests.|
How long we will keep your information
We will keep your personal data for as long as is necessary for the relevant service, in accordance with our legal obligations. After this time, your personal data will either be securely deleted or anonymised so that it can be used for analytical purposes. You may request further information via the contact details given in this Privacy Notice.
How we secure your information
We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of personal data. We also seek to ensure our service providers do the same.
Information sharing and Disclosure
Information shared with our third-party service providers
We use a number of third parties to perform business functions on our behalf, such as sending our newsletters, providing ticketing services and hosting our online services. We will only disclose the information necessary to enable these third parties to perform their services. Our service providers are contracted to comply with our instructions and we require that they do not use your personal data for their own business purpose.
Information shared with other parties
Where required or permitted by law, personal data may be provided to others, such as regulator and law enforcement agencies, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, and as otherwise required by law.
International and group company transfers
Branded is a trading division of Dentsu Aegis Network, the global media group. Therefore, we may from time to time disclose your personal data within our group of companies. Access will always be controlled on a need-to-know basis, and only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions. Some of our group companies are located outside the European Union, but we always ensure the security of such disclosures and transfers in accordance with the applicable privacy and data protection laws.
We will only transfer your personal data outside the EU, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws. These measures may include the use of standard contractual/data protection clauses adopted by the European Commission and where transfers are to the United States of America, the EU-US Privacy Shield, Swiss-US Privacy Shield or your consent. Where we transfer personal data between our group companies we have covered these transfers by entering into standard contractual clauses adopted by the European Commission.
You may request further information on the measures used for such transfers via the contact details given in this Privacy Notice.
- Object to our processing of your personal data where we are relying on legitimate interest (or those of a third-party), and you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have a right to object where we are processing your personal data for the purposes of direct marketing. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing.
- Access your personal data. If you make this kind of request and we hold personal data about you. We are required to provide you with information on it, including a description and copy of the personal data and why we are processing it. We will require you to prove your identity before granting access to your personal data. We will process your request within the timeframe required under the relevant law.
- Request the transfer of your personal data. We will provide to you or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note, this right applies to the personal data you have provided to us; and if we use your personal data on the basis of consent or where we used the information to perform a contract with you.
- Request erasure (deletion) of your personal data. You have a right to ask us to delete or remove your data where you have successfully exercised your right to object (see above), or where we are required to erase your personal data to comply with local law. Please note, we may be required to retain certain information by law and/or for our own legitimate business purpose. But when we do so, we will inform you.
- Request correction or updating of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place.
- Withdraw your consent. Where you have provided your consent to our processing of your personal data you can withdraw your consent at any time. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent.
- Make a Complaint. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, you have a right to make a complaint to your local data protection authority. For example, in Singapore, the local data protection authority is the Personal Data Protection Commission.
If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
Our responsibility for website links
This Privacy Notice is limited to the personal information which we collect and use via this website. We provide links within this site to other websites, including social media sites such as Facebook, Instagram, Snapchat, TikTok, Twitter , LinkedIn and sites operated by other brands within the Dentsu Aegis Network group (e.g. Branded, Carat, Vizeum and Posterscope). If you follow these links, you should use these sites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Privacy Notice. Further, we can have no responsibility for or control over the information collected by any third party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.
This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal data. The date of the most recent revision will appear at the top of this page. If you do not agree to the changes, please do not continue to use our services and please refrain from sharing your personal data with us. You should check this notice frequently for updates.
If you have any questions about this Privacy Notice, our approach to privacy or you would like to exercise any of the rights mentioned in this Privacy Notice you can contact our Data Protection Officer in any of the following ways:
Address: Data Protection Officer, Dentsu Aegis Network, Regent’s Place, 10 Triton Street, London, NW1 3BF
Telephone: (+44) (0) 207 070 7700
In this Supplementary Information section, we explain some of terminology used in this Privacy Notice.
“data controller” – the person or company that controls the purposes and means of processing personal data.
“personal data” – any information that relates to you (or from which you can be identified).
“processing”– means doing anything with data. For example, it includes collecting it, holding it, disclosing it and deleting it.
“transfer” – sending personal information outside the European Economic Area (e.g. by storing it on equipment located outside the European Economic Area), or allowing someone from outside the European Economic Area to access the personal information.
How we deploy “cookies”
Cookies are small packets of information stored by your web browser when you visit certain websites, including our website. Cookies are generally used by websites to improve your user experience by enabling that website to ‘remember’ you, either strictly for the duration of your visit (using a “Session” cookie which is erased when you close your browser) or for repeat visits (using a “Permanent” cookie).
Our site uses the following types of cookies:
Strictly Necessary Cookies
We deploy cookies to help us to identify how users navigate to and around our website and to enable some of the features within the site that may be beneficial to you (for example, language preferences, or print page features). This helps us deliver an effective online service to you. These are known as “First Party” cookies.
The strictly necessary cookies are listed below:
· __RequestVerificationToken – This is an anti-forgery cookie set by web applications built using PHP technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.
These cookies allow our sites to remember choices you make (such as user name, or region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web page which you can customise. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
The functionality cookies are listed below:
· Language – This cookie is used to store language preferences, to serve up content in the stored language.
You can avoid the use of Google Analytics relating to your use of our site by downloading and installing the Browser Plugin available via this link:
The performance cookies are listed below:
· _gid – This cookie name is associated with Google Universal Analytics. This cookie stores and updates a unique value for each page visited.
· _gat – This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
· _ga – This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on our site or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter or Google+. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
The social media cookies are listed below:
· Google DoubleClick – We use these cookies to measure the effectiveness of our online marketing campaigns; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.
· Google Analytics – These cookies are used to collect information about how visitors use our website. We use the information to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.
· YouTube – YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. The HSID cookies is used by Google in combination with SID to verify Google user account and most recent login time.
How to reject Cookies
If you don’t want to receive cookies, you can alter your browser settings. The procedure for doing so varies from one browser application to another. If you wish to reject cookies from our site, but wish to accept those from other sites, you may choose the option in your browser settings to receive a notice before a cookie is stored on your device. Please consult the “Help” section of your browser for more information.
To find out more, please consult the following: http://www.allaboutcookies.org/manage-cookies and www.youronlinechoices.com . By disabling cookies, you may be prevented from accessing some features of our site or certain content or functionality may not be available.