We know you care about your privacy and security, so we treat your information with the highest standards of confidentiality and security.
We are committed to protecting your privacy. We will only use the information that we hold about you lawfully, in accordance with the Data Protection Act (2018),The General Data Protection Regulation 2016/679 (GDPR), the Privacy and Electronic Communications Act (2003) and other regulatory requirements.
We will never process sensitive information about you without your explicit consent. The information we hold will be accurate and up to date. You can check the information that we hold about you at any time by contacting our Data Protection Officer: Chris Hadland, Aura Media Group Limited, Ground Floor, Suite F, Breakspear Park, Breakspear Way, Hemel Hempstead, HP2 4TZ
Aura Media Group Limited (“Aura Media Group” or “we”) Company registration 11239047. Registered in England and Wales with registered office of Aura Media Group Ltd, 178 Bishopsgate, London, United Kingdom, EC2M 4NJ.
Aura Media Group is registered as a data controller with the ICO Office (Information Commissioner’s Office) in the United Kingdom with registration ZA324659. We seek to fully comply with the General Data Protection Regulation (“GDPR”) 2018 and the Data Protection Act 2018.
Aura Media Group will act on behalf of marketing companies purchasing data for their outbound telemarketing teams. As an agency, Aura Media Group has existing sources of data, the sources will continuously change to give choice, variation to ensure consistency to the data supplied.
All the below information will be available at any point to be viewed by clients regarding the sources we procure for their campaigns.
Before receiving data from a Data Source, Aura Media Group will always;
Make comprehensive quality checks on the data collection source to ensure the data is fairly and unambiguously collected.
Ensure the supplier source has completed and passed the Due Diligence required by Aura Media Group prior to orders being placed.
Complete a GDPR Risk Assessment of the individual data collection points. The consumer must also have the ‘Right to be forgotten’ and any opt in must being a ‘positive’ action.
Why Aura Media Group processes personal data:
To enable the business to fulfil its function of supplying lists to its clients for use in their outbound direct marketing activities
For the performance of a contract
Under the GDPR there are six identified reasons for processing these are:
Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Who do we share you data with:
The data we receive from a data source may be shared with one or more data controller; the data controller(s) may have been named or described by the data source and point of collection.
Some of the data controllers and trading styles we work with and on behalf of, who may receive your data are below: *the below list is not exhaustive list but is reviewed and maintained on a regular basis.
- Scottish Power
- Your Lottery Services
- Your Legacy Matters
- Home OK
- Legal Life Cover
- Dignity Funeral Plans
- Homeshield Direct
- One Family
- Prominence Support
- Niagara Healthcare
- Goodwin Barrett
Occasionally the data controller would not have been named at point of collection; in these scenarios Aura Media Group, along with the data source(s) and the data controller(s) would ensure that data processed would be done so in line with the DPA 2018 and GDPR to ensure any processing is in line with a legitimate business purpose.
To find out more specific information about if and how Aura Media Group have processed your data please contact us using the contact details below.
Aura Media Group processes personal data on behalf of its clients for data that falls under one of the following two categories for direct marketing:
“Consent” – The consumer has opted into a specific channel of communication (telephone, email, SMS, postal) in a positive manner. At the point of opting in the consumer will have been given the specific company brand who will be contacting them.
When receiving data from a source, Aura Media Group will complete regular checks on each data source including the below processes:
The compliance team assesses each source of data with Aura Media Group’s inhouse auditing system.
Aura Media Group will listen to, validate and audit a representative number of opt ins per supplier ordered per month for each of its client’s.
A report regarding the findings from this will be provided for data sources and for the clients alike.
Aura Media Group ensure that all our suppliers respect and adhere to the GDPR and ICO guidelines when collecting data whether online or through telephone surveys. Regular checks are carried out monthly to further safeguard that standards are being maintained. Our clients and agency partners, who purchase data are all registered with the ICO and Aura Media Group monitor how they use the data post data delivery.
On receiving consumers queries, we record the details and respond to the individual’s requirements in a timely manner.
What the law says and what it means for Aura Media Group
The law requires us to be open with you about what personal data we process, and what we do with it. We receive data on behalf of clients with either consent or a legitimate reason for processing.
Under GDPR we have 28 days in which to respond to a Subject Access Request.
Your data and what we do with it
We are a Data Marketing Agency and have not collected your data, but we do keep very clear records of who we receive data from and who we share that data with. Being open with you means being clear about how and why we use your personal data.
What personal data do we process?
By law, the data Aura Media Group processes on behalf of their clients must be limited to what is necessary and relevant to the purpose.
The information collected maybe (including but not exclusively):
Your postal address(es)
Your telephone number(s)
Other contact details such as an email address
Any specific information you have given about your age and gender.
Selected information regarding any positive variables for a specific question answered. i.e Utility provider, telecoms provider – these will vary depending on the marketing survey answered.
The details of any complaint you make
Records of correspondence if you contact us
IP addresses linked to cookies
Special categories and sensitive personal data
Data protection law treats certain types of personal data as sensitive (called ‘special categories data’ within the law) and has further rules about how it is used. This includes information about racial or ethnic origins, political or other views, sexual orientation and health. Aura Media Group do not process, or seek to process, data classified as “Special category or “sensitive”.
What do we do with the information that has been collected?
The information collected by suppliers and processed by Aura Media Group Ltd is used for marketing purposes by our clients to potentially offer consumers a better product or service, it is entirely the consumers right to refuse and ask for their details to be removed from the companies database(s) and for any further information about the source of the data subject’s details.
How long do we keep your personal data?
By law, personal data must not be kept any longer than necessary for the purpose. We retain certain types of personal data in case we need to refer to it later for compliance purposes or are requested for legal reasons to share the data with authorised persons. Unless requested to, or obliged to retain for longer (or less) we delete the data we process within 18 months.
We keep details of complaints for three years.
Data Protection and Data Security
What the law says and what it means for Aura Media Group Ltd and your data:
Data protection law instructs us to take all appropriate measures to keep your personal data secure. This means we must take steps to protect your data against unauthorised or unlawful use, and against accidental loss, destruction or damage.
Will your personal data be kept secure?
Your personal data is personal to you and it should stay safe and private. We know this is crucial in maintaining your trust in Aura Media Group Ltd. We protect your details in many ways. These include staff training, investing in technology and following strict handling and storage procedures.
The personal data processed is limited to information that is relevant and necessary. We take all appropriate steps to keep your data secure. We always follow data protection law and aim to apply best practice for information security.
Our technology and information security systems are there to protect your personal data. We apply up to date data encryption tools and have specific policies in place, with dedicated staff training materials and contracts to ensure personal data is fully protected. This aims to prevent your data being lost, damaged or destroyed, or its unauthorised or unlawful use.
We train our staff to take care of your personal data and give them detailed guidance on security requirements. So, if you contact us, we’ll always ask you to identify yourself before we share any of your data with you.
All data is only kept for 18 months on our secure platform before being deleted. If necessary, it maybe stored indefinitely in our suppression files for compliance purposes.
Will your data be moved outside the European Economic Area?
Most of your personal data is handled and stored within the UK, Channel Islands and the Isle of Man. Some maybe processed outside the European Economic Area (EEA), we only allow data to be transferred when we are completely satisfied that data is secure. Our suppliers are contractually obliged to incorporate technical, organisational and auditable measures into their own processes, to ensure any data is transferred safely.
Most browsers accept cookies automatically, however, this can be disabled by activating the setting on your browser to reject cookies.
Your IP address and information could also be collected if you make a submission on any of our contact forms.
What the law says and what it means for Aura Media Group Ltd and your data.
Data protection law gives you clear rights relating to your personal data and gives us clear rules about using it. The law says we must use your data lawfully, fairly and transparently. This means telling you how we use your data, who we share it with, and informing you about what data we hold about you, if requested you can also ask us to remove the data record.
How to find out what personal data we hold on you
You have the right to know what information we hold about you. You can ask to see specific personal data that we hold about you. This is known as a Subject Access Request, or SAR (under GDPR this is known as the right of access).
We don’t charge for the first request, but we may charge a reasonable fee if the request is repetitive or unreasonable. A request for information under data protection law should be responded to within 28 days.
Your rights as a data subject
Data protection law gives you the below rights:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling. to object to the processing of your personal data.
To exercise your right please contact using the details in the communication section below
If you ever feel your complaint has not been dealt by us to your satisfaction, you also have the right to complain to a relevant supervisory body - the Information Commissioner’s Office (ICO) can be found at: https://ico.org.uk
What the law says, and what it means for Aura Media Group Ltd and your data
Your personal data must be kept accurate and up to date, with every reasonable step taken to ensure that inaccuracies are removed or rectified. This means that if a mistake or an error is discovered, by you or by us, we will put it right.
How accurate is the data held on our systems?
We will take all appropriate measures to make sure our records are correct. You can ask us to update any personal data if you think it’s wrong, out of date, or incomplete.
How you can contact us
If you have any questions, comments or complaints about Aura Media Group, please contact using the below details:
Chris Hadland, Aura Media Group Limited, Ground Floor, Suite F, Breakspear Park, Breakspear Way, Hemel Hempstead, HP2 4TZ
Changes to this policy
We may amend this policy if the way we process your data, or the law relating to this, changes.
This Policy was last updated in January 2020.
How to opt out
If you have received marketing and would like to stop these please contact us using the details provided above in the communications section - you will receive a response within 24 working hours to confirm your request has been received.
A member of the compliance team will then investigate and respond to your queries.
Aura Media Group will contact the source and get them to remove you from further marketing calls/being passed to any other organisations.
Aura Media Group will also add you to our internal ‘Do Not Call’ list. This means that if Aura Media Group is to receive your information again from another collection source of data this would immediately override this new feed of data and ensure Aura Media Group does not pass on your information again.
Right to be forgotten; as a data subject you do have the right to be forgotten – again if you wish to exercise this right please contact us using the details provided above in the communications section. This may mean that Aura Media Group would not keep any trace of your record, therefore if the record was received again by Aura Media Group there would be no way of screening this data to prevent it not being passed to another client for marketing calls.
To reduce unsolicited telemarketing, we would recommend that you go to and register – this is the Telephone Preference Service. When required, Aura Media Group screens any data against the Telephone Preference Service.
To reduce unsolicited direct mail, we would recommend that you got to and register – this is the Mailing Preference Service. When required, Aura Media Group screens any data against the Mailing Preference Service.