If there’s something vague, weird or confusing in here, send us an email about it and we’ll get back in touch as quickly as we can. You can reach us at privacy@archetype.co.
Setting the standard for the next generation of global agencies, Archetype partners with category creators and industry leaders to build the world’s most magnetic brands. We are 650 curious and creative individuals in 20 offices around the world that work together knowing that our clients’ success is our success.
In this privacy policy, we’re going to tell you about how we use personal information that we have about you as a business, whether we’ve collected that personal information through our website, working with our clients or suppliers or in any other way. Personal information is anything that identifies you personally like your name, your contact details, photograph etc.
Archetype is made up of different legal entities, details of which can be found here. This privacy notice is issued on behalf of Archetype Agency so when we mention “Archetype”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Archetype Agency responsible for processing your data. Archetype Agency Limited is the controller and is responsible for this website.
We only collect your information in the following ways:
Information you give us
These are the details that you have shared with us. For example, if you’ve filled in a form on our website or sent an email to one of our office email addresses. This may also be where you’re applying for a job and have sent us your CV. Alternatively, it could be information you provide to us for work we are doing on behalf of one of our clients, for example when setting up an event for them, or where you enter competitions that we’re running on social media on behalf of a client, or where we are assisting a client with their customer enquiries.
Information we collect automatically
Our cookie policy can be referenced here.
Information we receive from third parties or other sources
Where we are working with a client they may provide us with information about you – perhaps you are an employee of our client or are a contact that they want us to get in touch with. We may also purchase access to services that provide personal information relating to media contacts, for example through Cision or IrisPR.
Who do we share your personal information with?
Most commonly, we will use your personal data in the following circumstances:
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
What personal information do we collect about you?
In providing our Sites and Services, we may collect and process different types of personal information about you for different processing purposes. The types of personal information we collect depends on who you are and how you use our Site and Services and includes the following:
First name; last name.
Home address; billing and/or delivery address; email address; telephone number.
Account username; password; first name; last name; date of birth; gender; country; nationality; username; job title; social status; sexual orientation; whether you have participated in any survey or questionnaire responses and feedback; survey responses, participation in any promotions or competitions.
Photos; video recordings.
Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed or purchased through the Sites.
IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device.
Date of birth; gender; country; nationality; CVs; work experience; dietary requirements; any other personal information you may provide in advance of/during your supply of services to us.
Marketing preferences; service communication preferences.
Information about articles (or similar) that you may have published; information about your interests or affiliations or publicly stated positions on political matters, corporate matters and similar.
You may give us your personal information directly, for example, when you provide your Contact Data as part of a survey, purchase services via our Site, contact us with enquiries, complete forms on our Site, subscribe to receive our marketing communications or provide feedback to us.
When you access and use our Site, we will collect certain Behavioural Data and Technical Data. We collect this personal information by using cookies and other similar technologies (see the “Insight, analysis and retargeting through Cookies” section below).
We may receive personal information about you from third parties. Such third parties may include our clients, market research sample and list suppliers, analytics providers, data brokers and third party directories.
From time to time, we may collect personal information about you (Identity Data and Contact Data) that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms).
We use your personal information for the purposes set out in this section. If we wish to make any changes to these purposes, or if we wish to use your personal information for any purpose that is not listed in this section, we will notify you using the contact details we hold for you.
It is in our legitimate interest to use personal information in such a way to ensure that we provide access to our Sites in a secure and effective way and so that we can make improvements to our Sites or it is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you for the Services.
It is in our legitimate interest to use personal information in such a way to ensure that we can respond to your enquiries, provide access to our Sites in a secure and effective way and make improvements to our Site.
It is in our legitimate interest to use your personal information in the ways described above to ensure that we are able to help you with your enquiry, provide a good standard of service and improve our customer services.
It is necessary for us to use your personal information in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that the event is operated in an effective way.
In certain circumstances, we may rely on another lawful basis when we use your personal information collected via the use of cookies. For example, where we use personal information collected through the use of analytics cookies to analyse how you use our Sites, it is in our legitimate interest to use your personal information in such a way to improve our Sites and Services.
It is in our legitimate interest to use your personal information for marketing purposes, for example to decide what marketing content we think may appeal to you.
It is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you or the organisation you represent.
It is in our legitimate interests to process your personal information so that we can keep our premises secure and provide a safe environment for our personnel and visitors to our premises.
We have a legal obligation to use your personal information to comply with any legal obligations imposed upon us, such as a court order.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. We will only hold personal data for as long as is necessary to service a client relationship or other type of contract. If you apply for one of our employment opportunities and are unsuccessful, we will delete your details after six months.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. These retention periods are set out in our internal retention policy.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
There are instances where you can ask us to delete your data: see The Right to Erasure below for further information.
We may share your personal information internally (but only with the teams that need access) or with certain third parties. Also, as a member of the Next 15 Group, there is certain personal data that we may share within the Next 15 Group, usually because we use a shared service (such as Next 15 IT or Legal).
We will only do this for a purpose set out in “How do we use your personal information?” above.
We may share your personal data with the following types of third party:
We store personal information using several different IT service providers, however we only work with vetted suppliers that have the right security processes in place to protect this data.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
What happens if you don’t provide us with your personal information? Or what happens when you ask us to stop processing your information?
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
No, we do not carry out automated decision making about you.
Do we use Cookies to collect personal data on you?
We do, but only to understand better how you use our website. See our cookie policy here to learn more.
We have multiple offices spread across the globe, and there are instances where we need to share personal information with teams in locations outside of the EEA. We have therefore entered into a specific intra-group contract approved by the European Commission which gives these transfers of personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
We may also transfer your personal data outside of the EEA as a result of storing your information within our technology services (for example, Dropbox).
Whenever we do transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we have entered into specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
By law, you have nine important rights when it comes to your personal information. To get more details about these rights, talk to the data protection regulator in your country.
You have the right to object to certain types of processing, including processing for direct marketing.
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.
You have the right to access your information (if we’re processing it).
This is so you’re aware of what we have and can check that we’re using your information in accordance with data protection law.
You’re entitled to correct your information if it’s inaccurate or incomplete.
This is also known as ‘the right to be forgotten’. What it means is that you can tell us to delete all the personal information we have on you (where there’s no compelling reason for us to keep using it). This isn’t a general right to erasure; there are exceptions.
But if you ask us to delete, we’ll do it.
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but we may not use it any more.
We keep a list of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
You have rights to obtain and reuse your personal information for your own purposes across different services.
For example, you can move, copy or transfer your information easily between our tech services and theirs safely and securely, without affecting its usability.
You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time.
(Although if you do, it doesn’t mean that anything we’ve done with your personal information with your consent before that point was unlawful).
This includes your right to withdraw consent to us using your personal information for marketing purposes.
We usually act on requests and provide information free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may contact you by phone, email or social media. If you prefer a particular means of contact, please let us know.
If you have any questions you can contact us at:
Archetype Agency Limited
60 Great Portland Street
LondonW
1W 7RT
privacy@archetype.co
+44 20 3128 8000
United States Residents Additional Information
This California Consumer Privacy Statement (“Statement”) supplements the Archetype Privacy Notice. It applies solely to California consumers and addresses personal information we collect online and offline.
Categories of Personal Information We Collect
We have collected the following categories of personal information in the past twelve (12) months:
A. Identifiers
Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Internet service providers; Data analytics providers; Operating systems and platforms; Social networks
B. Personal information as defined in the California Customer Records statute
Name, contact information, education, employment, employment history, and financial information
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Internet service providers; Data analytics providers; Operating systems and platforms; Social networks
D. Commercial information
Transaction information, purchase history, financial details, and payment information
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Data analytics providers; Operating systems and platforms
F. Internet or other similar network activity
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Internet service providers; Data analytics providers; Operating systems and platforms; Social networks
G. Geolocation data
Device location
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Internet service providers; Data analytics providers; Operating systems and platforms; Social networks
H. Audio, electronic, sensory, or similar information
Images and audio, video or call recordings created in connection with our business activities
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Operating systems and platforms
I. Professional or employment-related information
Business contact details in order to provide you our Services at a business level
Our affiliates and subsidiaries; Vendors who provide services on our behalf; Professional services organizations, such as auditors and law firms; Our business partners; Advertising networks; Internet service providers; Data analytics providers; Operating systems and platforms; Social networks
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
We will use and retain the collected personal information as needed to provide the Services or for:
Learn more about how we disclose personal information to in the section, Who do we share your personal information with?
Your Rights. You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
To exercise these rights, you can contact us by emailing us at privacy@archetype.co.
Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you request access to or deletion of your personal information, we may require you to provide any of the following information: your email address, the name of the Archetype representative with whom you typically interact, and the date of your last interaction with an Archetype representative. In addition, if you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
California "Shine The Light" Law. California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section ‘How can you contact us?’
Controls for DO-NOT-TRACK features. California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honouring DNT signals, we do not respond to them at this time.
Other Country Specific Requirements
Australia
International Data Transfers
If your personal data is to be transferred out with Australia, we will take allreasonable step to ensure that the overseas recipient does not breach the APPSin relation to your personal data. This will include at a minimum, duediligence in relation to the third party and ensuring that the contractcontains the relevant clauses to ensure the protection of your personal data.
Regulatory Body
Office of the Australian Information Commissioner (OAIC)
China
International Data Transfers
If your personal data is to be transferred out with China we will execute a data transfer agreement which will include the standard contractual clauses as provided by the Cyber Space Administration of China (CAC).
Regulatory Body
Cyberspace Administration of China (CAC) (国家互联网信息办公室)
Singapore
International Data Transfers
If your personal data is to be transferred out of Singapore, we will take all reasonable step to ensure that the overseas recipient will provide an equivalent level of protection as afforded to you under the PDPA.
Regulatory Body
Personal Data Protection Commission (PDPC).