EIZO Limited is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law. Please read it carefully.
Data protection law says that the personal information we hold about you must be:
Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about.
If you have any questions about this notice or how we collect and use personal information about you please contact us.
INFORMATION ABOUT US
We are EIZO Limited. Our registered office is at 1 Queens Square Ascot Business Park, Lyndhurst Road, Ascot, Berkshire, England, SL5 9FE and our registered company number is 07738824. We are the UK-based subsidiary of EIZO Corporation, listed on the Tokyo Stock Exchange. This privacy notice deals with our use of your data, our other group companies will also have their own privacy notices dealing with how they use personal data.
If you have any questions, you can contact us through our contact page at https://www.eizo.co.uk/contact/
We also have a dedicated Data Protection Officer, who is responsible for data compliance issues. You can contact them at firstname.lastname@example.org
CONTRACT INFORMATION AND OTHER CORRESPONDENCE
If you are an individual, when you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, payment information, contract details, delivery details, and correspondence with us about the contract.
If you are an individual, we need certain information to carry out our contract with you and you must provide this in order to enter into a contract with us (or as required under that contract), if you do not, we may not be able to carry out our contract with you. Mandatory information fields are generally set out when you are entering into the contract, but in particular, you must provide your name, contact and payment details.
Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation. If you use the contact form on our website, or you submit a service case for repair via our website, you will need to provide an email address in order for us to be able to respond.
Social media. If we engage with you on social media, we may use information you share with us (including your social media handle or profile) or which is available from your account to inform our correspondence with you.
Facebook. If you visit our Facebook page, Facebook may be a joint controller with us in relation to information Facebook collects about you regarding your visit to interaction with our page or its content. Facebook will provide us with Page Insights, which are aggregated data to help us understand how people are engaging with our page. Page Insights do not show us details of individual visitors. For more information on the responsibilities of Facebook and us in relation to our Facebook page, please see https://www.facebook.com/legal/terms/information_about_page_insights_data. For more information about how Facebook uses your information, please see https://en-gb.facebook.com/privacy/explanation.
We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications and money laundering checks, and/or for our legitimate interests in preventing fraud, dealing with a complaint or enquiry and administering your (or your organisation’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
Where your information relates to a contract, it is kept for a period of up to 7 years after your last interaction with us to enable us to deal with any after sales enquiries or claims and as required for tax purposes.
If your information is on social media, it will be retained in accordance with the relevant social media platform’s policies.
Any other information set out above such as initial enquiries or correspondence which doesn’t relate to a customer is kept for 6 weeks from the last correspondence.
We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services which you might be interested in.
You always have the right to “opt out” of receiving our marketing. You can exercise the right at any time by contacting us. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.
For individuals. We may use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers (including, in particular, if we collected them as part of a sale to you or a negotiation with you about a sale). Otherwise (in particular if you are not a customer and we haven’t discussed a sale with you) we will only send you marketing emails or texts with your consent.
For businesses. If you are a company or LLP (or are acting in a professional capacity as part of one) we use your contact details as necessary for our legitimate interests in marketing to you (by various channels) and maintaining a list of potential customers.
We never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing. We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We retain your details on our marketing list until you “opt-out” at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.
When we send marketing emails to you, we use “web beacons” to collect information about when you open the email, your IP address and browser or email client type, and other similar information. We do this as necessary for our legitimate interests in reviewing and improving our direct marketing activities.
WEBSITE INFORMATION, COOKIES AND SOCIAL MEDIA PLUGINS
We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. This may include your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access a website as well as the date and time of your access, what you interact with on our website, and the website from which access is made. We use this as necessary for our legitimate interests in administering and improving our website and its content, to ensure it operates effectively and securely, to develop our business and inform our marketing strategy, and for other administrative purposes. We may also create aggregate statistical data from that information (for instance, overall numbers of website visitors) which is not personal information about you. We do not use any of this information to draw conclusions about specific individuals.
Third party websites. Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The cookies explained below are managed in a consent management platform (CMP for short). With this application, we enable website visitors to see the cookies used. In addition, it is recorded which cookies the user has given permission to be set (opt-in management). The CMP itself is integrated on our site using the Google Tag Manager. As explained below, the Google Tag Manager itself does not set any cookies.
Cookies make using our website more convenient for you. For example, we use so-called session cookies to recognise that you have visited individual pages of our website during the current session. These are automatically deleted after leaving our page. In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it automatically recognises that you have already been with us and what inputs and settings you have made in order not to have to re-enter them.
Google Analytics. We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the purpose of customising and continually optimising our pages. In this context, pseudonymised usage profiles are created and cookies used. The information generated by the cookie about your use of this website such as
operating system used
referrer URL (previously visited page)
host name of accessing computer (IP address)
time of server request
You can also prevent the collection of data generated by this cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection of data by Google Analytics by clicking the link above. This will place an opt-out cookie on your computer, which prevents future collection of your data when visiting our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
For more information about privacy related to Google Analytics, please see the following link in Google Analytics Help: support.google.com/analytics/answer/6004245
Google Adwords conversion tracking. To statistically record the use of our website and to evaluate it for the purpose of optimising our website, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie on your computer if you have reached our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are provided with the total number of users who clicked their ad and were redirected to a page tagged for conversion tracking. However, they do not receive information that personally identifies users.
Conversion tracking: Facebook Pixel, Facebook Custom Audiences and Facebook Conversion. Based on our legitimate interests, our website uses ‘Facebook Pixel’ from the social networking site Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). We have a legitimate interest in analysing user behaviour in order to optimise both our web offering and our advertising.
With the help of Facebook Pixel, Facebook can identify you as a visitor to our website as a target group for the presentation of advertisements ( ‘Facebook ads’). We use Facebook Pixel accordingly to show Facebook ads operated by us only to those Facebook users who have shown an interest in our website or have specific characteristics (for example, an interest in certain subjects or products, which is identified using the websites visited), which we pass on to Facebook ( ‘Custom Audiences’). We also want to ensure with the help of Facebook Pixel that our Facebook ads correspond to the potential interests of users and are not annoying. Facebook Pixel can help us understand the effectiveness of Facebook ads for statistical and market research purposes in that we can see whether users are redirected to our website after clicking on a Facebook ad ( ‘Conversion’).
Facebook processes data in the context of the Facebook Data Policy. General information about the presentation of Facebook ads is provided in the Facebook Data Policy (https://www.facebook.com/policy.php). Specific information and details about Facebook Pixel and how it works can be found on the Facebook help page. https://www.facebook.com/business/help/651294705016616
Conversion tracking: Twitter Pixel Based on our legitimate interests, our website uses Twitter Pixel, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as ‘Twitter’).
Twitter Pixel can help us track actions by users after they have seen a Twitter ad or clicked on one. This process allows us to evaluate the effectiveness of Twitter ads for statistical and market research purposes and can help optimise future advertising campaigns. Statistical, pseudonymised data is sent to Twitter in order to provide us with relevant statistics based on this and allow us to show you offers that are specific to your interests. These data are stored in a cookie.
The data collected are anonymous to us and therefore we are not able to draw any conclusions as to the identity of users. The data are however stored and processed by Twitter and therefore a connection to the respective user profile is possible and Twitter may use the data for its own advertising purposes in accordance with the Twitter Data Privacy Statement: http://www.twitter.com/privacy. We have no control over the scope and further use of data that is collected by Twitter using Twitter Pixel.
You can object to the collection of data by Twitter Pixel as described above as well as to the use of your data to present Twitter ads. You can configure which types of ads you see on Twitter at the following URL: https://twitter.com/personalization. You can change your privacy settings and consent on Twitter in your account settings at twitter.com/account/settings. Use the following link to disable (all) cookies that are used to measure coverage and for advertising purposes: Disable Twitter Pixel https://www.aboutads.info/choices. Bear in mind that this setting will be deleted if you delete your cookies. If you use a mobile device, you can enable the setting ‘No ad tracking’ (iOS) https://support.apple.com/de-de/ht202074 or ‘Disable personalised ads’ (Android) https://support.google.com/ads/answer/2662922?hl=en on your device.
Consent Management Platform (CMP) With the consent management platform “Consentmanager” from Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, we manage your consent to data processing via our website, in particular the setting of cookies, as well as your right of withdrawal for consent that has already been given. The purpose of data processing is to obtain and document the necessary consents for data processing and thus to comply with legal obligations. Cookies can be used for this. The following information is collected and transmitted to the consent manager: Date and time of the page view, information about the browser and device you are using, anonymized IP address, opt-in and opt-out data. This data will not be passed on to other third parties. You can find more information on data protection at Consentmanager at: https://www.consentmanager.net/privacy.php.
Lead Forensics. Lead Forensics (https://www.leadforensics.com) products and services are used on this website for marketing and optimisation purposes. The Lead Forensics headquarters are located at Communication House 26 York Street, London, W1U 6PZ, England. Lead Forensics identifies details pertaining to your company, including the corporate phone number, website and SIC code as well as a description of your company. During the process, Lead Forensics records the actual history of your visits to this website, including all pages that you have visited and viewed as well as how long you spent on this page. This data will never be used to personally identify individual users. When IP addresses are collected, they are immediately anonymised following collection. Lead Forensics acts on behalf of this website’s operator to use the collected information to evaluate your visit to this website, compile reports on the website activities and provide additional services connected with usage of the website and Internet usage to the website operator. If you do not agree to this, you can object to the collection, processing and storage of data at any time, with future effect, by clicking the following link: lfwebproxy.westeurope.cloudapp.azure.com
SOCIAL MEDIA PLUGINS
Facebook. Our website uses social media plugins from Facebook to personalise the use of the site. We use the ‘LIKE’ and/or ‘SHARE’ buttons for this purpose. This is a service offered by Facebook. If you open a page of our website that contains such a plugin, your browser will create a direct connection to the Facebook servers. The contents of the plugin will be transferred directly from Facebook to your browser, which will embed them in the website.
The embedded plugin provides Facebook with the information that you have opened the relevant page on our website even if you do not have a Facebook account or are currently not logged into Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can connect your visit to our website directly to your Facebook account. If you interact with the plugins, for example, by clicking the ‘LIKE’ or ‘SHARE’ button, the relevant information will be transferred by your browser directly to Facebook, where it is then saved. The information will also be published on Facebook visible to everyone.
Facebook may use this information for the purpose of advertising, market research and custom Facebook pages. For this purpose, Facebook creates user, interest and relationship profiles, for example, to evaluate your use of our website in relation to the advertisements displayed for you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to connect the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. The purpose and scope of data collection, as well as additional processing and use of the data by Facebook, as well as your associated rights and potential settings for protecting your privacy can be found in the Facebook data protection policy: www.facebook.com/about/privacy/
Twitter. Our website integrates plugins from the short message network of Twitter Inc. (Twitter). The Twitter plugins (tweet button) can be recognised by the Twitter logo on our site. For an overview of tweet buttons, see this link on Twitter: dev.twitter.com/web/tweet-button.
If you open a page of our website that contains such a plugin, your browser will create a direct connection to the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click the Twitter ‘tweet button’ while logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. Please note that we, the provider of the websites, have no knowledge of the contents of the data transferred or its use by Twitter.
If you do not want Twitter to associate your visit to our pages, please log out of your Twitter user account. You can find more information in Twitter’s data protection statement at twitter.com/privacy
Other plugins from Pinterest, Vimeo and others. We sometimes embed additional plugins from other selected platforms (for example, Pinterest, Dailymotion or Vimeo) in order to make our Internet services more attractive and user friendly for our visitors. These plugins are usually marked by the logo of the cooperation partner and a written note.
Your browser will create a direct and short connection with the plugin servers as soon as you open one of our websites that contains such a plugin. This is done mainly in order to display the contents of the plugin. The cooperative partner will be able to view your IP address in this case. In practice, this IP address cannot be associated to your name without taking additional steps. In certain circumstances, the owner of the platform can save a cookie to your computer during this process (see the information on cookies above). Whether you wish to accept this cookie can be determined using your Internet browser settings.
PHOTOS, CONTENT AND PROMOTIONAL MATERIAL
This is information about you which you provide to us (whether through our website or otherwise), or images or recordings of you which you allow us (or someone on our behalf) to take (including at our premises or events), for publication or display. This may include reviews, comments, testimonials, photographs (including stock photos and advertising material) and videos.
We may display and publish this content (and, if relevant, attribute it to you) on our platforms as necessary for our legitimate interests in providing content and for promotional purposes (or, in some circumstances, because you have specifically consented to us doing this). This information is kept and published or displayed by us for as long as we consider it relevant for those purposes. You can ask us to remove or delete your content at any time (subject to any agreements about our right to use it) by contacting us. If we are displaying or publishing the information based on your consent, you have the right to withdraw that consent at any time.
If you work for one of our customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
We keep this information for up to seven years after the end of our relationship with your organisation.
INFORMATION COLLECTED AT OUR PREMISES
Visitor information. We collect information about visitors to our premises. We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number and any information required for Track and Trace or equivalent programs. If you have an accident at our premises, this may include an account of your accident. Visitor information is kept for a period of up to 21 says. If you have an accident on our premises, your visitor information and any information relating to your accident may be kept for longer.
CCTV. We may operate CCTV at our premises which may record you and your activities. We display notices to make it clear what areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes. CCTV recordings may be kept for a period of up to 21 days (unless an incident occurs and it is necessary for us to keep recordings for longer to properly deal with it).
We use the information above as necessary for our legitimate interests in administering your visit and ensuring site security and visitor safety.
APPLICATIONS, REFEREES AND EMERGENCY CONTACTS
We will collect and hold information on job applicants (including applications for work experience or internships), including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide. We may also collect information about your professional history which you make available on LinkedIn, or which are on your employer’s website.
We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations and rights. Where you voluntarily provide us with special categories of data, such as information about your race, health or sexuality, we will store this as part of your application on the basis that you have decided to make it public to us for this purpose, and to ensure that our record of your application is accurate so we can comply with (and demonstrate our compliance with) our obligations under employment law.
We operate an equal opportunities monitoring process as part of some of our application rounds, in which you can provide details of your gender, age, marital status, health, ethnicity, and other relevant details. We use the information you provide as necessary for our legitimate interests in monitoring aggregate recruitment statistics and complying with our legal obligations regarding equal opportunities. This information is only used to create aggregate statistics. Providing information for these purposes is entirely voluntary, and the information you (or your decision not to provide any information) will not affect the handling of your application in any way. This information is only stored until the aggregate statistical data (which you cannot be identified from) has been created.
If you are successful in your application, your information will be used and kept in accordance with our internal privacy notice. If you currently work for us, or used to work for us, you can request a copy of this from us. If you are not successful in your application, your information will be held for up to 6 months after the relevant round of recruitment has finished.
You must provide certain information (such as your name, contact details, professional and educational history) for us to consider your application fully. If you have not provided all of this information, we may contact you to ask for it. If you do not wish to provide this information, we may not be able to properly consider your application.
If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information.
If you are listed as an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that member of staff. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that member of staff, and for our legitimate interests in administering our relationship with that worker. Your information will be kept until it is updated by that member of staff, or we no longer need to contact them after they have stopped working for us.
Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
WHY ELSE DO WE USE YOUR INFORMATION?
Common uses of your information. We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:
we need to perform a contract we have entered into with you.
we need to comply with a legal obligation.
it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).
Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Information we receive from third parties
We may also receive information about you from the following sources:
Our service providers. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, and cookie providers and social media companies, as set out in “Website Information, Cookies and Social Media Plugins” above) who may provide us with information about you, to be used as set out in this privacy notice.
Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice. If we are reviewing whether to acquire a business, or substantially all of its assets, which holds your personal data (whether you are a customer or employee of that business or otherwise) we may receive limited personal data about you from that business or professional advisors involved in the transaction, as necessary for our legitimate interests in making decisions about that acquisition. If we do not acquire that business, any information we receive about you will be deleted as soon as practicable following the decision not to acquire.
Our other channels. This is information we receive about you if you use any of the other websites or the other services or products provided by us or our group companies. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data.
Publicly available sources. If relevant as part of our relationship with you, we may obtain information from publicly available sources such as LinkedIn.
Credit information. We may also collect credit information on you from third party reference agencies, such as Dun & Bradstreet Credit Reference Agency and Trade, where any necessary consent has been given.
SHARING YOUR INFORMATION
We never sell your data to third parties. But we may need to share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law.
Why might we share your personal information with third parties? We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Which third-party service providers process your personal information? We may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can carry out their services. We may use third-party service providers in relation to the following types of activity: legal advice, contract administration, order fulfilment, delivery, administration, IT services, payment processing. In particular, we use Microsoft Dynamics (cloud based), RadiNET Pro Web Hosting, ColorNavigator Network, TWT reality bytes GmbH, TYPO3 and managedhosting.de GmbH.
When might we share your personal information with other entities in the group? We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
How secure is your information with third-party service providers and other entities in our group? All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
What about other third parties? We may share your personal information with other third parties, for example with potential buyers and professional advisers in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.
WHERE WE STORE YOUR INFORMATION
Our office headquarters are based in the UK and our main data centre is located in the UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. In particular, our website is hosted in Germany and some data will be transferred to Ireland.
We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
Some countries or organisations outside of the UK and the EU which we may transfer your information to will have an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place. These are set out on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
Request accessto your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correctionof the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another compelling legitimate interest in doing so.
Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.
Timescale. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.