1 – INTRODUCTION
1.2 – Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 13.
2 – ABOUT US
2.1 – We are registered in England under company number 06617628, with our registered address at: DS House, 306 High Street, Croydon, CR0 1NG
2.2 – You can contact us at our postal address: 16 Berkeley Street, London W1J 8DZ or, email us at: firstname.lastname@example.org
3 – INFORMATION WE MAY COLLECT ABOUT YOU
3.1 – Information that you provide to us
3.1.1 – We will collect any information that you provide to us when you:
(a) make an enquiry, provide feedback, make a complaint over, or submit correspondence to us via phone, post, email, or our website;
(b) provide information to us as part of the receipt of services from us;
(c) register for and/or attend our events or interact with us during events organised by third parties;
(d) submit a CV or an application to a job vacancy;
(e) attend an interview or assessment; and
(f) ‘follow’, ‘like’, post to, or interact with our social media accounts, including LinkedIn.
3.2 – INFORMATION WE RECEIVE FROM THIRD PARTIES
3.2.1 – In certain circumstances, we will receive information about you from third parties who may be based either inside or outside of the EEA. For example:
(a) Former, current, and future employers as well as recruitment agencies and referees, either to process job applications you submit to us or as part of the provision of our services to you or our clients;
(b) Fraud detection agencies: where permitted or required by law, we may receive information about you, including demographic data or fraud detection information from third party service providers and/or partners
(c) Service providers, such as our website developer, website security service partners, IT support provider as well as financial crime compliance and KYC solutions provider;
(d) Publicly available sources: we currently use publicly available sources such as Companies House or websites or social media platforms including Facebook, LinkedIn, Twitter, Pinterest, Instagram and Google+, for instance to carry out identity and compliance checks. We also use such publicly available sources in providing our services to our clients including the compilation of reports regarding the online profile of individuals or companies; and
(e) Other third parties, such as your family members, relatives, acquaintances, work colleagues, business partners, personal contacts, etc., who we may contact, or who may contact us, in the course of the performance of our services to you or our clients.
3.2.2 – We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
3.3 – INFORMATION WE COLLECT ABOUT YOU
3.3.1 – Depending on the circumstances, we will collect the following information about you:
(a) Identity data such as title, names, job title or position, the company you work for, and your relationship to a person;
(b) Contact information, including physical addresses, email addresses, and phone numbers;
(c) Identification and background information, including your passport details and other personal identification documents, or information about your outside directorships and external business interests;
(d) Financial data, including billing addresses, credit/debit card details, bank account details, credit history, and benefits and entitlements data;
(e) Employment and background data, such as information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your current level of remuneration (including benefits), and any other such similar information;
(f) Family, lifestyle, and social circumstances, such as information about your marital status, your dependants, spouse, partners, family members, and other relations or friends or associates, your home or personal interests;
(g) Media coverage, where you have been referred to in publicly available reports published by third party media organisations;
(h) Profiles and identifiers, such as your social media platform usernames, nicknames, identifiers, and profile information as well as information you have shared, or others have shared about you, on such social media platforms;
(i) Your preferences, including information about your preferences, interests, habits, choices, events attended, and other profile information;
(j) Visual and audio information, including photos, video footage, or sound recordings;
(k) Information contained in correspondence between us: for example, if you contact us using a form on our website or by email or telephone, we may keep a record of that correspondence;
(l) Technical data, such as certain information about how you use our website and the device that you use to access it. This might include your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data and the resources that you access. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the section headed “Cookies” below;
(m) CCTV footage: if you visit our offices, your image and voice may be captured by our CCTV cameras; and
(n) Other personal information provided to us by, or on behalf of, you or generated by us in the course or providing our services to you and/or our clients.
3.4 – SENSITIVE INFORMATION
3.4.1 – We will also collect, depending on the circumstances, “special categories” of particularly sensitive personal information, including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offences.
3.4.2 – We need to have further justification for collecting, storing, and using sensitive personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We process special categories of personal information in the following circumstances:
(a) in limited circumstances, with your explicit written consent;
(b) where we need to carry out our legal obligations or exercise rights in connection with employment;
(c) where it is needed for reasons of substantial public interest, such as for equal opportunities monitoring; promoting or maintaining diversity of individuals who hold senior positions; prevention or detection of an unlawful acts; or protecting the public against dishonesty or fraud;
(d) where it is needed in relation to the establishment, exercise of defence of legal claims;
(e) where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent; or
(f) where you have already made the information public.
3.4.3 – If you are an applicant or an employee, we will collect special categories of information about:
(a) your race, ethnicity, religious or philosophical beliefs and sexual orientation for the purpose of our diversity and equal opportunities records (on the basis that it is needed for reasons of substantial public interest, for equal opportunities monitoring);
(b) your health as necessary for the purpose of arranging your interview if you are an applicant or supporting your needs and access to our workplace if you are an employee (on the basis of your explicit consent if you are an applicant and for compliance with our legal obligations or exercise of employment rights if you are an employee); and
(c) your criminal record for the purposes of completing background checks necessary for you to be able to work with us (on the basis such processing is necessary for reasons of substantial public interest under applicable laws).
4 – HOW WE USE INFORMATION ABOUT YOU
4.1 – We use your information for the following purposes:
4.1.1 – To provide access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers;
4.1.2 – To provide our services as well as other information and products you or our clients have requested;
4.1.3 – To process and facilitate transactions with us and to collect and recover money owed to us;
4.1.5 – To conduct business with you or your employer: we use your information to contact you and manage and facilitate our business relationship with you and your employer;
4.1.6 – To provide customer service and support, deal with enquiries or complaints about the website and/or our services, and share your information with our services providers as necessary to provide customer support;
4.1.7 – To process any job applications, whether directly submitted by you to us or via an agent or recruiter including sharing this with our third party recruitment agency;
4.1.8 – To conduct marketing, including to keep in contact with you about our news, events, new website features or services that we believe may interest you, provided that we have the requisite permission to do so;
4.1.9 – To interact with users on social media platforms such as LinkedIn by, for example, responding to comments and messages, posting, and ‘liking’ posts;
4.1.10 – To use data analytics to improve our website, services, marketing, customer relationships and experiences;
4.1.11 – To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity,including identity fraud; and
4.1.12 – To comply with policies, procedures, and laws, and to enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors.
4.2 – LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
4.2.1 – We will only use and otherwise process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we collect and use your personal information. In almost every case the legal basis will be one of the following:
(a) Consent: for example, where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you;
(b) Our legitimate interests or the legitimate interests of third parties, including our clients: for example, where it is necessary for us to understand our customers, promote our services, and operate a safe and lawful business, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. In particular, we will rely on this legal basis when we process the personal data of non-clients where it is necessary to do so in order to be able to provide our services to our clients where the purpose is for our clients to:
(i) Identify reputational, security or cyber risk;
(ii) Conduct litigation or to obtain legal advice;
(iii) Carry out suitable checks on their employees or prospective employees; or
(iv) Carry out appropriate checks on parties in the context of transactions;
(c) Performance of a contract with you (or in order to take steps prior to entering into a contract with you): for example, where you have asked us to provide one of our services to you and we need to use your contact details and financial information in order to deliver this service; or
(d) Compliance with law: where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.
4.3 – OUR LEGITIMATE INTERESTS
4.3.1 – As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, our clients, and/or other third parties, including the legitimate interest we have in:
(a) providing the correct products and services to our website users and clients;
(b) personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you and our clients;
(c) detecting and preventing fraud and operating a safe and lawful business;
(d) improving security and optimisation of our network, sites and services;
4.3.2 – Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to section headed “Your rights to the information we hold about you” below.
5 – WHO WE MIGHT SHARE YOUR INFORMATION WITH
5.1 – In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties (who may be based both inside and outside the EEA) depending upon the circumstances such as:
5.1.1 – Our clients as part of the provision of our services to them;
5.1.2 – Our group of companies (i.e. our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006);
5.1.3 – Our service providers, suppliers, and business partners who we work with to deliver our business, such as providers of website development and hosting services; IT, system administration and security services; payment and banking services; identity verification, fraud prevention and detection services; recruitment services; and legal, accountancy, auditing, insurance and other professional advice services;
5.1.4 – Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities who require reporting of processing activities in certain circumstances;
5.1.5 – Prospective buyers of our business: any prospective buyer of our business or assets, only in the event that we decide to sell any of our business or assets; and
5.1.6 – Other third parties: any other third parties (including courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
5.2 – We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
6 – COOKIES
6.2 – If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
6.3 – The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:
7 – HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
7.1 – We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
7.1.1 – ensuring the physical security of our offices and other sites;
7.1.2 – ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
7.1.3 – maintaining a data protection policy for, and delivering data protection training to, our employees; and
7.1.4 – limiting access to your personal information to those in our company who need to use it in the course of their work.
7.2 – Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission over the Internet can ever be guaranteed to be secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer over the Internet to us.
7.3 – We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
8 – INTERNATIONAL TRANSFERS OF YOUR INFORMATION
8.1 – Our company is located in the UK.
8.2 – Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
8.3 – Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
(a) we will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
(b) where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
(c) where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
9 – YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
9.1 – You have certain rights in respect of the information that we hold about you, including:
9.1.2 – the right to ask us not to process your personal data for marketing purposes;
9.1.3 – the right to request access to the information that we hold about you;
9.1.4 – the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
9.1.6 – the right to object to our using your information on the basis of our legitimate interests or those of a third party, and there is something about your particular situation which makes you want to object to processing on this ground;
9.1.7 – the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;
9.1.8 – in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
9.1.9 – the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence. If you have any concerns about the way we have processed your personal information, we request that you initially contact us (using the contact details above) so that we can investigate, and hopefully resolve, your concerns.
9.2 – Please note that we may need to retain certain information for our own record-keeping and research purposes.
9.3 – How to exercise your rights
9.4 – What we need from you to process your requests
9.4.1 – We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9.4.2 – You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10 – THIRD-PARTY LINKS
10.1 – As a convenience to you, we may provide links to third-party websites from within our website (e.g. YouTube, BBC, Reuters). We are not responsible for the privacy practices or content of these third-party sites, and by providing a link we are not endorsing or promoting such third-party sites. When you link away from our website, you do so at your own risk. We encourage you to read the policies and terms of every website you visit.
10.2 – You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your personal information, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties.
11 – CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES