Privacy policy
Updated: 29th September 2024
Our mission is to transform the world’s video advertising workflow by automating processes and connecting people. Central to this mission is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.
This Privacy Policy applies in conjunction with our Cookie Policy (https://www.peach.me/cookie-policy/) when you use our Services (defined below) or visit our website. We only collect the information we require to provide our Services to you or to enable you to access and use certain functions on our website. When we do so we are subject to the UK General Data Protection Regulation (“UK GDPR”). We are also subject to the EU General Data Protection Regulation (“EU GDPR”) in relation to the Services we offer and our wider operations in the European Economic Area (“EEA”). We do not share your information with third parties for marketing purposes.
Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
Introduction
IMD Media Ltd, trading as Peach (company number 03238065 registered in England and Wales with its registered office at 24-28 Bloomsbury Way, London, England, WC1A 2SN), its subsidiaries and licensees (“IMD”/“we”/”our”/”us”) offer a cloud-based service for the workflow management and delivery of digital video advertising.
Our registered users (“Users”) share their name, email address and geographic location with the other users of our Services in order to enable collaboration. We use the information you provide, or which is provided to us to manage your access whilst using our Services and/or visiting our website. We use third parties to help us provide our Services and may share information with them so that they are able to do this.
We are the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
What is personal data?
Personal data is defined by the EU GDPR as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This includes obvious information such as your name and contact details but it also includes less obvious information such as identification numbers, electronic location data and other online identifiers.
Services and Websites
This Privacy Policy applies to your use of our website and your use of services (“Services”) offered by IMD and its subsidiaries and licensees on our website, including Peach (www.peach.me), Peach Go (go.peach.me), Peach Connect (peach.me/connect), Peach Plus (peach.me/plus/), Caria (peach.me/caria/), Cape (peach.me/cape/) and Advalidation (peach.me/advalidation/).
Future changes
We may modify this Privacy Policy from time to time, and if we make material changes to it, we will always aim to notify you so that you have the opportunity to review the changes before they become effective. If you object to any changes, you may close your account. If we are unable to notify you before the changes become effective, for example because the changes need to be made urgently to comply with a legal or regulatory obligation, we will notify you as soon as possible thereafter.
You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection and use of your personal data is subject to the updated Privacy Policy. We recommend that you check this page regularly to make sure that you have seen the latest version of the Privacy Policy.
1. Data we collect and how we collect it
1.1 Data you provide to us
To create an account and subscribe to our Services you may need to provide data including
- Identity Data: your first name, last name, email address, contact phone number, city, the company you work for, a username and a password.
- Contact Data: this includes your billing address, delivery address, email address and telephone numbers.
- Financial Data: this includes bank account and payment card details.
- Transaction Data: this includes details about payments to and from you and other details of products and services you have purchaser from us.
1.2 Posting and uploading
We collect personal data from you when you provide, post or upload it to our Services and/or our website, such as when you fill out a form (e.g. contact us forms) or when you submit a resume.
1.3 Service use
We log usage data when you use our website to access the Services, such as when you view, upload, receive or click on content (e.g., video), or perform a search. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.
1.4 Cookies, identifiers and other similar technologies
As further described in our Cookie Policy, we use cookies and similar technologies (e.g., browser identifiers) to recognize you. We also allow some others to use cookies as described in our Cookie Policy. You can control cookies through your browser settings and other tools. You can also opt-out from our use of cookies by following instructions in our Cookie Policy.
1.5 Your device and location
When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons.
1.6 Messages
We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you use the contact us page on our website or if you email our sales or support teams. We also collect information about your preferences in receiving marketing from us and our third parties and your communication preferences.
1.7 Workplace provided information
Your employer may provide us with personal data about you and your eligibility to use the Services that they purchase for use by their workers. For example, we will get contact information for creating your account so that you can place an order using our Services.
1.8 Other sources of information
We may obtain your name, location and email address from a User of our Services if they wish to connect you with an order on our Services.
1.9 Other
Our Services are dynamic, and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.
2. How and why we use your data
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
- Performance of a contract with you: where we need to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: we may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Legal obligations: we may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
- Consent: we rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
We use the data that we have about you to provide and personalise our Services so that they can be more relevant and useful to you and enable you to use our Services and/or to access and use certain functions on our website.
The headings below explain what we use your personal data for and why.
2.1 Creating and managing your account with us and providing Services to you
We use your data to authorise access to our Services and to create and manage your account with us.
Our Services allow you to collaborate with colleagues or other users of our Services and our support staff. Our Services allow you to notify other Users of an order submission. Our Services allow you to place an order and upload content for onward distribution to broadcasters globally.
Our reasons for using your personal data for these purposes are for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you, to perform our contract with you or to take steps at you request before entering into a contract.
2.2 Communications with you not related to marketing
We may use the personal data you provide to communicate with you. This may include responding to emails or calls from you. We will send you messages about the availability of our Services, security, features, or other service-related issues. We also send messages about how to use the Services, updates, reminders and any changes to our terms or policies or changes to the Services or other important notices.
We also enable communications between you and others through our Services, including for example order submissions between our Users.
2.3 Marketing
With your permission and/or where permitted by law, we may also use your personal data for our marketing purposes, which may include contacting you by email and/or telephone and/or post with information, news and offers on our Services or services similar to the Services. You will not be sent any unlawful marketing or spam and you will always have the opportunity to opt out. You can opt out at any time by contacting us at dataprotection@peach.me or by clicking on the unsubscribe link on the email you receive from us.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business.
Our reason for using this data is for our legitimate interests, i.e. to promote our business to existing and former customers. For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your data and rights’ below.
2.4 Development & research
We use data, including your feedback, to further develop our Services in order to provide our Users with a better, richer experience when using our Services. Our reason for using this data is for our legitimate interests, i.e. to be as efficient as we can so that we can deliver the best service to you.
2.5 Customer support
We use data (which can include your communications via our online chat, telephone and email) needed to investigate, respond to and resolve any queries you may have with our Services as well as to identify Service issues (e.g., bugs, exceptions). Our reason for using this data is for our legitimate interests, i.e. to be as efficient as we can so that we can deliver the best service to you.
2.6 Security and investigations
We use your data (including your communications) if we think it’s necessary to replicate and/or investigate possible problems with our Services as well as other violations of our Terms and Conditions (www.peach.me/terms, as updated from time to time) or this Privacy Policy and/or attempts to harm our Users and/or our Services. Our reasons for using your data for these purposes are to comply with our legal and regulatory obligations. We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, ie to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
3. How we share information
3.1 Marketing
We do not share your personal data with any third parties for marketing purposes.
3.2 Service providers
We routinely share personal data with third parties we use to help deliver our Services and run our business (e.g. maintenance, distribution, website analytics providers, auditors, payment service providers, website hosts, marketing agencies). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated to not disclose or use it for other purposes. We will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations and the third parties’ obligations under the law. If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK/EU and under the GDPR.
Please note that in order to enable the YouTube integration, the Service uses YouTube API Services as a third-party provider, and if you use this integration through the Service, you agree and are subject to the Google Privacy Policy, usually located at https://policies.google.com/privacy.
If you would like more information about who we share our data with and why, please contact us (see ‘Contact information’ below).
3.3 Change in control or sale of our business
We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in accordance with this Privacy Policy unless you agree otherwise. In such cases, information will be anonymised where possible and only shared where necessary.
3.4 Legal disclosure
It is possible that we will need to disclose information about you when required by law, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of IMD, our Users, personnel, or others. We attempt to notify Users about legal demands for their personal data when appropriate in our judgement, unless prohibited by law or court order or when the request is an emergency.
4. Your data and rights
4.1 Data retention
We retain the personal data you provide while your account is in existence or as needed to provide you with the Services. We will retain your information and keep your profile open until you decide to inform us you wish to close your account. In some cases we will retain certain information (e.g., order submissions and communications) in a depersonalized or aggregated form to fulfil our obligations with your current/then employer and to comply with the law.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
4.2 Right to be informed about our collection and use of your personal data
This Privacy Policy should tell you everything you need to know but you can always contact us at dataprotection@peach.me to find out more or to ask any question.
4.3 Right to access your personal data
You may request a report of the personal data we have about you. The request should be made in writing and sent to dataprotection@peach.me or by post to IMD Media Ltd., 24-28 Bloomsbury Way, London, England, WC1A 2SN. There is not normally any charge for such a request unless the request is manifestly unfounded or excessive (for example, you make repetitive requests), in which case a fee may be charged to cover our administrative costs. We will keep you informed of the progress of your request.
4.4 Other rights
You also have the following rights:
- Right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. You may also amend your details under profile management on our Services.
- Right to erasure (also known as the right to be forgotten) i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
- Right to restrict (i.e. prevent) the use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
- Right to object to us using your personal data for a particular purpose or purposes.
- Right to data portability - this means that if you have provided personal data to us directly or we are using it with your consent or for the performance of the Services and that data is processed using automated means, you an ask us for a copy of that personal data to re-use with another supplier.
- Rights relating to automated decision making and profiling: we do not use your personal data in this way.
- Right to withdraw consents – if you have provided us with a consent to use your personal data, you have the right to withdraw that consent easily at any time. You may withdraw consents by emailing dataprotection@peach.me. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
Please contact us at dataprotection@peach.me if you wish to exercise any of these rights or to find out more about them.
4.5 Account closure
We will only retain your personal data even after you have closed your account for as long as reasonably necessary to comply with our legal obligations (including law enforcement requests and contracts with your employer), meet regulatory or contractual requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfil your request to “unsubscribe” from further messages from us.
5. Transferring your personal data out of the UK and EEA
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data. We may transfer your personal data to our service providers located outside the UK.
This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK/EU and under the GDPR as follows:
- where we share your data with external third parties we will enter into contracts with those parties which ensure that the same levels of personal data protection that would apply under the GDPR; and
- where we transfer your data to a third party based in the US, this may be protected if that third party is part of the EU-US or Swiss-US Privacy Shields. These require that third party to provide data protection to standards similar to those in the EEA.
6. Keeping your personal data secure
The security of your personal data is essential to us and to protect your data we take a number of important measures including the following:
- We implement security safeguards designed to protect your data, such as HTTPS and storing your personal data in encrypted form.
- We regularly monitor our systems for possible vulnerabilities and attacks.
- We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully.
- We limit access to your personal data to those who have a genuine need to access it.
- We have procedures in place to deal with any suspected data security breach and we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
7. Contact information
If you have questions or complaints regarding this Privacy Policy please first contact us by emailing dataprotection@peach.me.
If you feel you haven’t received a timely or satisfactory response from us to your question or complaint, please contact the Information Commissioner’s Office: https://ico.org.uk/ or by telephone 0303 123 1113.