At LDC we are committed to our compliance with UK and European privacy and data laws and to being open and transparent about our collection, processing and usage of both business and personal data. Data is what we do, therefore we treat it with the utmost respect at all times and this document will outline the processes we have in place to maintain the security of the data that we hold.
At the Local Data Company, we collect and process business information regarding business name, address, telephone, opening hours and business type for retail and leisure businesses across the UK. Considering the nature of this business data, it is very low risk data within the context of personal data.
We employ 30 full time staff who are based in Farringdon, London and a team of field researchers who physically visit towns and cities across GB to carry out tens of thousands of field surveys each month.
Data Protection Officer – Melissa Edwards – 0203 111 4393
We maintain a database of over 600,000 retail and leisure premises across GB. Parts of the business data we hold on each occupier are used within a few sites and services, including:
Local Data Online
Local Data Search
We physically survey premises every 6 or 12 months. During this survey we collect public domain information: business name, address, telephone number, business classification, opening hours, websites and images of the fascia.
Our Field Research team upload information on all premises and businesses located within an area into a tablet via Wi-Fi connection (access to the tablet and the in-house application is password protected). The data for the updated town centre is sent back to the office where it is quality checked and stored within our in-house data management platform which is fully password protected.
Beyond the scheduled 6 or 12 monthly survey cycles, we have a desk research team who monitor the news daily and update our database with these additional changes, which are then reflected on both websites Local Data Online and Local Data Search.
In addition, we also capture mobile phone and tablet/laptop hardware public MAC addresses. These are captured using wireless sensors placed in retail locations on the high street and are only used to count footfall. Data is not shared between devices, and the MAC addresses are encrypted on the device.
LDC processes business information for the purposes of:
Business data which can be identified as personal data is held where it has met the following conditions:
We may collect and process data that is publically available, which will be used under deemed consent for relevant marketing communications, under the EU Data Protection Directive.
Personal data collected comprises of:
The Local Data Company will never sell any personal data collected on any of its websites.
Personal data is held where it has met the following conditions:
LDC will never request or process any personal data of a sensitive nature.
LDC processes personal information for the following activities under legitimate interests:
LDC processes personal information for the following activities in order to fulfil an existing or future contract.
LDC processes personal information for the following activities under consent.
We only collect personal information when relevant and we will inform you at the time when it is being collected and what it will be used for (normally for marketing communications).
By consenting to the processing of your personal data with LDC you:
You may withdraw consent at any time by emailing email@example.com or unsubscribing via the link in all marketing email communications sent from LDC. We will aim to respond to your request within 48 hours.
All personal data is held securely on LDC’s secure server and Microsoft Azure – our data storage service provider, with all levels of reasonable security, employed, including password and IP protection. Access is limited to our researchers and employees by seniority and relevance. Our employment contracts prohibit the unauthorized storage or transfer of all data held by LDC.
We have a clean desk policy at LDC to ensure that no data of any nature is left unattended overnight and all staff are required to log-off before leaving their computer or laptop.
Personal data will only be held for as long as necessary and will be securely removed from our marketing or human resources database as soon as it is no longer required. The maximum period for storage of personal data without it being used is two years, after which the data will be securely removed from LDC’s marketing database.
No personal data is ever sold to third parties.
As the data subject you have the right to:
All requests to exercise the above rights should be made to firstname.lastname@example.org
LDC’s proprietary footfall tracking technology, SmartStreetSensor, captures counts of passing footfall. The sensors work by passively monitoring Wi-Fi probe requests from mobile devices, which are then captured on the device.
Whilst the probe requests have the mobile device MAC address in them, this is hashed (encrypted) and anonymised on the sensor and we only send the hashed address back to LDC’s servers.
The hashed MAC addresses are sent by secure data transfer to our servers. The addresses are then aggregated in 5 minute intervals and displayed in 1 hour intervals to the client.
Our servers never see the actual MAC address. The raw data is stored in a non-relational data store that is separate to the analysis data store. The location of each device is stored in the analysis store so there is no direct link between location and device in the raw data store. All access to the raw and analysis data stores are via https and only a small set of high level staff have access to both.
Our SmartStreetSensors do not track people. They are counting how many mobile phones are passing a store at any given time and we do not track the phone from store to store. We count and aggregate these figures to publish a proxy for footfall and at no point do we collect any personal data via these sensors.