In this notice, the following terms have the following meanings:
2.1 As a data subject, you have the following rights under the GDPR, which this notice and our use of personal data have been designed to uphold:
2.2 If you have any cause for complaint about our use of your personal data, please contact us using the details provided in this notice and we will do our best to resolve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
We may collect and process personal data and non-personal data (such as contact data, financial data, transaction data, technical data, profile data, usage data, marketing and communications data) depending on the purpose of the processing:
We will process contact and verification data including your name, title, surname, address, email address, IP address and telephone number in order to manage your account and to provide you with services and support as described in our contract - this will include sharing some personal data (such as your name and IP address) with our third party sub-processors, details of which can be found here. We may also process client IP addresses, audit logs (which may include personal data), interaction and user data in order to validate and monitor access to our service and to provide service data to enable our clients and users to get the best out of our service. This notice does not override or supersede the provisions in our contract that describe how we use personal data.
We may process your data in connection with our marketing activities, for example we may process contact data such as your name, job title and email address to provide you with information or updates about our services, in connection with events that we are running, to manage your preferences, and to provide you with marketing communications that you have subscribed to or that we reasonably consider you might be interested in. From time to time we may process your data (such as your email or postal address) to invite you to an event or in connection with feedback that you have provided to us or a survey that you have completed. We may also monitor some of our communications with you in order to track and improve our communications with you or to comply with a request that you have made (e.g. to download thought leadership content or to update your preferences). We use a limited number of third party providers to obtain personal data for the purposes of contacting individuals who we think are likely to be interested in our product, services or events. For more details on how we process personal data gathered from these third parties, please refer to our Transparency Notice.
We will process your personal data (such as your name, surname, email address and postal address) in order to facilitate the provision and payment of services from you to us. We may process financial data that you have shared with us for the purposes of payment.
We may process your personal data in order to progress or consider a career or role with us. For details of how we process your personal data in this regard, please refer to our Candidate Privacy Notice.
In addition to those analytics providers referred to in section 10 below, we may also receive and process personal data from referees or third parties that we have relationships with (such as social media organisations, recruitment agencies, our contractors, partners and business contacts). This data is used in accordance with the provisions of this notice and in particular section 4 below.
We may process your personal data to comply with our legal rights and obligations (e.g. where it is necessary to do so to comply with a legal obligation such as a court order).
4.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was collected.
4.2 Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to newsletters), to comply with our legal obligations or in connection with our (or those of a third party’s) legitimate interests. Specifically, we may use your data for the purposes set out below subject to our legitimate interests:
4.3 With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by post, telephone or email with information, news and offers in connection with our services. We will take all reasonable steps to ensure that we protect your rights and comply with our obligations under the DPL.
4.4 You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. Under the DPL, you have the right at any time to object to us:
4.5 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period if it relates to a complaint or in connection with our legal rights or obligations.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, together with any applicable legal, regulatory, tax, accounting or other requirements.
5.1 We only keep your personal data for as long as we need to in order to use it as described in section 4 and/or for as long as we have your permission to keep it.
5.2 Some or all of your data may be stored outside of the UK or the European Economic Area (“the EEA”). If we do store data outside the UK or the EEA, we will take all reasonable steps to ensure that your data is treated safely and securely in compliance with the DPL.
5.3 Data security is very important to us and to protect your data we have taken suitable measures to safeguard and secure the data we collect, including: suitable measures to protect data we collect via our website, secure servers, use of strict procedures and security features to prevent unauthorised access and the maintenance of our ISO27001 and Cyber Essentials Plus accreditations.
6.1 We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. From time to time, we may restructure, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to the change, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
6.2 We may sometimes contract with third parties to supply services (such as payment processing, search engine facilities, advertising and marketing services) to you on our behalf or use third party tools (such as Microsoft, Salesforce, DocuSign) within our business to support our operations. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights (including under any contract that you have in place with us), our obligations, and the obligations of the third party under the law.
6.3 We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, and other information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Such data will only be shared and used within the bounds of the law.
6.4 We may sometimes use third party data processors that are located outside of the UK or the EEA. Where we transfer any personal data outside the UK or the EEA, we will take all reasonable steps to ensure that your data is treated safely and securely as described in section 5 above and in accordance with any contract that we have in place with you.
6.5 In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
7.1 In addition to your rights under the DPL, you will be given options to restrict our use of your data. This includes the ability to opt-out of receiving marketing emails from us, by contacting us or unsubscribing using the link provided in our communications. We maintain a marketing suppression list to ensure that where you have opted out of our communications, you are not contacted again. You may also decline or delete Cookies in accordance with section 10 below.
7.2 You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
8.1 You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
You have the right to ask for a copy of your personal data held by us. Under the GDPR, there is generally no fee payable for this and we will respond to your request without charge. Please contact us for more details at: email@example.com
10.2 When you visit our website for the first time, you will be shown a pop-up requesting your consent to our Cookie settings. By giving your consent, you are enabling us to provide the best possible experience and service to you. You may, if you wish, choose the type of Cookies that are acceptable however certain features of our website may not function fully or as intended if you alter the recommended Cookie settings.
10.3 Our website uses analytics services provided by Google analytics and other third party analytics service providers from time to time. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our website is used. This, in turn, enables us to improve our website and the services offered through it. You do not have to allow us to use these Cookies, however whilst our use of them does not pose any material risk to your privacy or your safe use of our website, it does enable us to continually improve our website and services, making it a better and more useful experience for you.
10.6 In addition to the controls that we provide, you can choose to delete, enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
10.7 You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our website more quickly and efficiently including, but not limited to, login and personalisation settings.
10.8 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
10.9 Our website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We have appointed a DPO. To contact our DPO or if you have any questions about our website or this privacy notice, please contact us by email at firstname.lastname@example.org, by telephone on +44 (0)207 192 8218, or by post at 24 Cornhill, London, EC3V 3ND.
We may change this privacy notice from time to time (for example, if the law changes). Any changes to this privacy notice in the future will be posted on our website and, where appropriate, may be notified to you via email. Please check back frequently to see any update or changes to our privacy notice because you will be deemed to have accepted them on your first use of our website following the alterations and it represents the current and applicable version of the notice.
Last updated: 7th October 2021