Last Revised: 2023-08-10 08:00:00
Who we are
A controller is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.
What personal data do we collect?
Personal data is information that relates to an identified or identifiable individual.
We may collect, use, store and disclose different kinds of personal data about you which we have listed below:
- Identity Data including first name, middle name, maiden name, last name, title, date of birth gender, job title and photographic identification.
- Contact Data including billing address, delivery address, email address and telephone numbers.
- Financial Data including bank account and payment card details (through our third party payment processor, PayPal).
- Background Verification Data including your passport number, driver licence number, photographic identification or other details requested as part of our onboarding process to comply with our due diligence obligations, anti-money laundering laws and related ongoing monitoring commitments.
- Transaction Data including details about payments to you from us and from us to you and other details of products and services you have purchased from us or we have purchased from you.
- Technical and Usage Data including internet protocol (IP) address, your login data for our online platform, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet Service Provider (ISP).
- Profile Data including your username and password for our website, web services you have requested from us, information you have shared with our social media platforms, your interests, preferences, feedback and survey responses.
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
- Professional Information including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
- Special Categories of Personal Data is a special category of personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In the course of providing our services, we may collect, or come across such special categories of personal data, in different situations, including during the course of conducting a background verification check on you, when providing sensitive services to you and where we ask for your dietary requirements if we are arranging catering for you, including at an event.
- We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data at law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or Prism feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
How we collect personal data
We collect personal data in a variety of ways, including:
- Directly: We collect personal data which you directly provide to us, including when you fill in forms on our website, sign up to our services, request web services, subscribe to our marketing publications or when you request our assistance via email, our online chat function, or over the telephone.
- Indirectly: We may collect personal data which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
- From publicly available sources: We collect personal data from publicly available resources such as Companies House and professional networking sites such as LinkedIn.
Collection and use of personal data
We may collect, hold, use and transfer personal data for the following purposes:
- to enable you to access and use our website, and other associated platforms, and associated social media platforms;
- to onboard you as a client, including performing anti-money laundering and other background checks;
- to provide you with website advice;
- to run conflict checks (for actual and potential clients, and for counterparties);
- where we are seeking your services, to engage your services;
- to contact and communicate with you;
- to interact with governmental or regulatory bodies or other authorities in relation to you;
- for internal record keeping and administrative purposes, invoicing and billing purposes;
- for analytics (including profiling on our website), market research and business development, including to operate and improve our website, services, and associated social media platforms;
- for advertising and marketing, including to send you promotional information about our services and any events we are running and information about third parties that we consider may be of interest to you, or, where you have applied for a job with us, to send you information about future job opportunities that we consider may be of interest to you;;
- to manage your participation in any of our events that you register for;
- to comply with our legal obligations and resolve any disputes that we may have; and
- to consider your application to work with us and to conduct pre-employment reference checks.
Legal bases for processing
We collect and process personal data about you only where we have legal bases for doing so under applicable laws. The legal bases depend on the services you use and how you use them. This means we collect and use your personal data only where:
- it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for the provision of web services, research and development, to market and promote our services and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example we might ask for consent in order to send you third party marketing materials); or
- we need to process your data to comply with a legal obligation.
- If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. Further information about your rights is available below.
Our disclosures of personal data to third parties
We may disclose personal data to:
- our employees, contractors and/or related entities;
- IT service providers, data storage, web-hosting and server providers such as Amazon Web Services, Microsoft Azure Services, Google Cloud Services;
- our background check provider;
- marketing or advertising providers such as MailChimp, Google, Facebook, LinkedIn and Bing;
- third parties involved in hosting or organising events or seminars;
- payment systems operators such as PayPal, Stripe, or any other payment provider we upgrade our website to;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
- third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), or any other relevant analytics businesses.
We have enabled Google Analytics Advertising Features including remarketing and reporting. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.
- only transferring your personal data to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal data; or
- including standard contractual clauses in our agreements with third parties that are overseas.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behave in the exact same way as if the visitor had visited the other website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Your rights and controlling your personal data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Withdraw consent: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (https://ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
For any questions or notices, please contact us at: