lang="en-US" > Privacy & GDPR Policy » HIGHJAM » Experiential and Promotional Marketing Agency

Privacy & GDPR Policy


Below you will find our policies regarding any personal information that you may supply to us through this web site, email, direct face to face or telephone contact or obtained as part of our promotional marketing assignments. Where Highjam is required to process relevant personal data we shall take all reasonable steps to do so in accordance with this Policy.

Highjam is registered under the Data Protection Act.


We acknowledge and agree that any personal data of yours that we handle will be processed in accordance with all applicable data protection laws in force from time to time.  Currently, the Data Protection Act 1998 applies.  With effect from 25 May 2018, the General Data Protection Regulations (“GDPR”) will come into force, which will change the law.

Our goal is to protect your privacy and the information that you submit to us through various channels (Face to Face, Email, Website, Phone Conversation)

Highjam Marketing Ltd operates this web site and its business operations from its offices in London, United Kingdom. All matters pertaining to this web site and business are governed and interpreted in accordance with the laws of England and Wales and any dispute arising hereunder shall be subject to the exclusive jurisdiction of the English Courts.

By accessing this web site or contacting us directly via the various channels listed above, you indicate your acceptance of this Privacy Policy and the Terms of Use posted on this site.

This web site is not directed to children under the age of sixteen and we do not knowingly collect personal information from children under the age of sixteen on the site. If we become aware that we have inadvertently received personal information from a visitor under the age of sixteen on the site, we will delete the information from our records.

Information we collect and how we use it
Personal Information – You may choose to provide personal information to Highjam Marketing Ltd via various channels. Here are some of the ways you may provide the information and the types of information you may submit. We also tell you how we may use the information.

The information about you we may collect, hold and process is set out below:

  • Name and Job Title
  • Business / Company Name
  • Contact information including postal address, email address and telephone number

Where we collect this data from:

Contact Us – Email – If you email us through the “Contact Us” link on this site, we ask you for information such as your name and email address, so we can respond to your questions, queries and comments. You may choose to provide additional information as well.

  • Contact Us – Phone
  • Contact Us – Post
  • Enquiry Form
  • Telephone Conversation – inbound/outbound
  • Face to Face conversation – at networking events/trade shows, taking receipt of business cards

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping
  • We may use the information to improve our products and services
  • We may periodically send promotional marketing emails about new products, services or other information which we think you may find interesting using the email address which you have provided.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Internet Protocol Address
We collect an Internet Protocol address from all visitors to our site. We use your IP address to help us administer our site. Your IP address is also used to help identify you when you visit our site.

How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Information We Share
We do not sell or otherwise disclose personal information about our visitors (by all channels), except as described here. We may share information provided by our visitors to this site with service providers we have retained to perform services on our behalf. These service providers are restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal information you have provided through this web site in a manner that is consistent with this Privacy Policy.

How We Protect Personal Information
We maintain administrative, technical and physical safeguards to protect against unauthorized disclosure, use, alteration or destruction of the personal information you provide on this web site. We use secure socket layer (SSL) technology to help keep the personal information you provide on this site secure.

How we hold the information
All the personal data we have is stored on our database in the UK.

Disclosure of your information
Your personal information and related information will be kept on Highjam Marketing Ltd servers only.  All servers will be located inside the European Economic Area (EEA).  Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms.  Before such a transfer takes place outside of the EEA, we will provide you with further information concerning this.
Other trusted third parties that we may share your data with are as follows: HM Revenue and Customs, pension scheme providers, legal advisors and other companies for the purpose of undertaking pre-engagement checks for the role or for paying or working with you.

Your rights
You currently have the right at any time to ask for a copy of the information about you that we hold.  At this time, we have the right to charge an administration fee for this service.  When the GDPR comes into force, we will no longer have the right to charge a fee.  If you would like to make a request for information please email
In addition to this right of access, when the GDPR comes into force, you will also have the following rights: erasure, restriction of processing, objection and data portability.  We will update you further in connection with these rights when they come into force.

Retention of your data
Your data will be retained for no longer than is necessary and in accordance with our Data Retention Policy.

Withdrawal of consent
If you have provided us with your consent to process your data, for the purpose of using our services, you have the right to withdraw this at any time.  In order to do so you should contact us by emailing

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible at the above addresses. We will promptly correct any information found to be incorrect.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to Information Commissioners Office at https:\\\concerns

If you have any questions or comments about this Privacy Policy please address any questions, comments and requests regarding our data processing practices to Dena Stafford, Group Operations Director –

Updates to Our Privacy Policy
This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our information practices. We will post a notice on this web site to notify you of any significant changes to our Privacy Policy and indicate when it was most recently updated.


General Statement
Highjam is required to process relevant personal data regarding members of staff, promotional staff, customers, customers consumers, suppliers and as part of its operation and shall take all reasonable steps to do so in accordance with this Policy.
We recognize that the GDPR will help us move towards the highest standards of operations in protecting our data subject’s data. We are committed to:

  • Ensuring that we comply with the eight data protection principles, as listed below
  • Meeting our legal obligations as laid down by the Data Protection Act 1998
  • Ensuring that data is collected and used fairly and lawfully
  • Processing personal data only in order to meet our operational needs or fulfil legal requirements
  • Taking steps to ensure that personal data is up to date and accurate
  • Establishing appropriate retention periods for personal data
  • Ensuring that data subjects’ rights can be appropriately exercised
  • Providing adequate security measures to protect personal data
  • Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
  • Ensuring that all staff are made aware of good practice in data protection
  • Providing adequate training for all staff responsible for personal data
  • Ensuring that everyone handling personal data knows where to find further guidance
  • Ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
  • Regularly reviewing data protection procedures and guidelines within the organisation

Data Protection Controller
Highjam has appointed the Group Operational Director as the Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy. Highjam recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period and the application date of 25 May 2018 and is actively working towards compliance with that directive.

The Principles
Highjam shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the Data Protection Act to ensure all data is
1. Fairly and lawfully processed
2. Processed for a lawful purpose
3. Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Accurate and up to date
5. Not kept for longer than necessary
6. Processed in accordance with the data subject’s rights
7. Secure
8. Not transferred to other countries without adequate protection


  • A Data Controller is a natural or legal person or organisation which determines the purposes and means of processing personal data
  • A Data Processor is a natural or legal person or organisation which processes personal data on behalf of a controller
  • A Data Subject: An individual who is the subject of personal data

Data Controller

  • Highjam – for employee & client data held on databases
  • Highjam Client – for when Highjam collects consumer data on marketing campaigns on their behalf

Data Processor:

  • StaffWise – Highjam Promotional Staff Database
  • Zoho – Highjam Client database
  • Highjam (via password protected files/servers) – when processing personal data on behalf of the controller
  • Any processor who employees another processor (i.e. if Highjam collect data on the client’s behalf using a cloud based system i.e. Zoho Survey or if we employee another supplier to analyse the data)

Data Subject:

  • Highjam Employees
  • Highjam Clients
  • Customers of our clients

Personal Data
Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary. Personal data may also include sensitive personal data as defined in the Act.

Processing of Personal Data
Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be disclosed to third parties with appropriate consent.
Highjam processes some personal data for direct marketing (for both Highjam and Highjam’s clients), data subjects have the right to request an opt-out to these activities, which must be respected.

Sensitive Personal Data
Highjam may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information, gender, religion, race, sexual orientation, trade union membership and criminal records and proceedings.

Rights of Access to Information
Data subjects have the right of access to information held by Highjam, subject to the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the DPC. Highjam will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 14 days for access to records and 7 days to provide a reply to an access to information request. The information will be imparted to the data subject as soon as is reasonably possible after it has come to Highjam’s attention and in compliance with the relevant Acts.

Certain data is exempted from the provisions of the Data Protection Act which includes the following:

  • National security and the prevention or detection of crime
  • The assessment of any tax or duty
  • Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon Highjam, including Safeguarding and prevention of terrorism and radicalisation

The above are examples only of some of the exemptions under the Act. Any further information on exemptions should be sought from the DPC.

Highjam will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.

If an individual believes that Highjam has not complied with this Policy or acted otherwise than in accordance with the Data Protection Act, the member of staff should utilise Highjam’s grievance procedure and should also notify the DPC.

Data Security
Highjam will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the Act. Highjam and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite. Other personal data may be for marketing purposes therefore having a lower requirement for data security.

External Processors
Highjam must ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.

Secure Destruction
When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.

Retention of Data
Highjam may retain data for differing periods of time for different purposes as required by statute, clients or best practices, individual departments incorporate these retention times into the processes. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data. Highjam may store some data such as passports, photographs, reviews, CV’s etc. indefinitely in its archive.

Data Security Breach Reporting
Confirmed or suspected data security breaches should be reported promptly to the Group Operation Director via The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Once a data breach has been reported an initial assessment will be made to establish the severity of the breach and who the lead responsible officer should be to lead the data breach management plan. This plan will involve the following four elements and will be conducted in accordance with the guidelines for Data Security Breaches by the Information Commissioner
A. Containment and Recovery
B. Assessment of Risks
C. Consideration of Further Notification
D. Evaluation and Response

Data Classification
All reported incidents will need to include the appropriate data classification in order for assessment of risk to be conducted.
1. Public Data: Information intended for public use, or information which can be made public without any negative impact for Highjam
2. Internal Data: Information regarding the day-to-day business of Highjam our clients businesses. Primarily for Highjam staff use, though some information may be useful to third parties who work for Highjam
3. Confidential Data: Information of a more sensitive nature for the business operations of Highjam and our clients, representing the basic intellectual capital and knowledge. Access should be limited to only those people that need to know as part of their role within Highjam
4. Highly Confidential Data: Information that, if released, will cause significant damage to Highjam or Highjam’s clients business activities or reputation, or would lead to breach of the Data Protection Act. Access to this information should be highly restricted.

Information Commissioner:

Back to Top