1.2 If you are an existing customer of ours, further details about how we use your personal information is set out in your customer contract with us. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided when we collect personal information from you.
1.3 Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
(a) What personal information about you we may collect
(b) How we may use your personal information
(c) How we protect your personal information
(d) Contacting us & your rights to prevent marketing and to access and update your personal information
(e) Our Cookies Policy
2 Information we may collect about you
2.1 We will collect and process all or some of the following personal information about you:
(a) Information you provide to us ► personal information that you provide to us, such as when using the contact form, when attending events or conferences, or purchasing a product on our website, including your name, email address, “business card information” and other contact details;
(b) Credit and Anti-Fraud information ► information relating to your financial situation, your creditworthiness or any criminal or fraudulent activities provided to us by you or third parties [including information which establishes your identity, such as driving licences, passports and utility bills; information about transactions, credit ratings from credit reference agencies; fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included];
(c) Our correspondence ► if you contact us, we will typically keep a record of that correspondence;
(d) Survey information ► we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey;
(e) Your transactions ► details of transactions you carry out through our websites or through other channels and of the fulfilment of the services we provide; and
(f) Website and communication usage ► details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
3 Uses made of your personal information
3.1 In this section, we set out the purposes for which we use personal information that we collect and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.
3.2 These “legal grouds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law (the full description of each of these grounds can be found at Annex 1 of this policy.
3.3 Please note that in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of Ecosphere that perform activities on our behalf, as well as other members of the Ecosphere group.
(a) To communicate effectively with you and conduct our business ► to conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us;
Legal bases: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you)
(b) To provide you with marketing materials ► to provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you by email, SMS, and phone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contacting Us” section below.
Legal bases: consent (in relation to electronic marketing), legitimate interests (in relation to postal marketing) (to keep you updated with news in relation to our products and services)
(c) In relation to fraud prevention ► we and other organisations may also access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
Legal bases: legal obligations, legitimate interests (to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud). Where this includes Special Categories of Personal Data, we justify this processing as it is in the substantial public interest (prevention and detection of fraud and crime)
(d) For research and development purposes ► to analyse your personal information in order to better understand your and our other clients’ services and marketing requirements, to better understand our business and develop our products and services;
Legal bases: legitimate interests (to allow us to improve our services)
(e) To monitor certain activities ► to monitor queries and transactions to ensure service
quality, compliance with procedures and to combat fraud;
Legal bases: legal obligations, legal claims, legitimate interests (to ensure that the quality and legality of our services)
(f) To inform you of changes ► to notify you about changes to our services and products;
Legal bases: legitimate interests (to notify you about changes to our service)
(g) To ensure website content is relevant ► to ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers;
Legal bases: legitimate interests (to allow us to provide you with the content and services on the websites)
(h) To reorganise or make changes to our business ► in the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy
Legal bases: legitimate interests (in order to allow us to change our business)
(i) In connection with legal or regulatory obligations ► We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
4 Transmission, storage and security of your personal information
Security over the internet
4.1 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
4.2 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Export outside the EEA
4.4 Where you are based in the EEA and we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international- transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements
4.5 Please contact us as set out in the “Contacting Us” section below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
4.6 Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
5 Your rights & contacting us
5.1 You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in the “Contacting Us” section below.
5.2 We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in the “Contacting Us” section below.
5.3 If you have any questions in relation to our use of your personal information, you should first contact us as per the “Contacting Us” section below. Under certain conditions and if you are based in the EEA , you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the personal information we hold (please see paragraph 5.2);
(d) delete any personal information the we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing (see paragraph 5.1 for marketing);
(f) to ask us to transmit the personal data you have provided to us and we still hold about you to a third party electronically;
(g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(h) restrict how we use your information whilst a complaint is being investigated.
5.4 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
5.6 If you have any questions in relation to this policy, you can contact us by: Post – 3rd Floor 12 Gough Square, London, United Kingdom, EC4A 3DW; Telephone – +44 (0)20 38765228; and/or Email: firstname.lastname@example.org
5.7 If you are based in the EEA and are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office (U.K). Alternatively, you may contact your local data protection regulator – a list of European data protection regulators and their contact details can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
6 Cookies policy
These are the principal legal grounds that justify our use of your personal data:
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
These are the principal legal bases that justify our use of Special Categories of your Personal Data and Criminal Convictions Data:
Legal claims: where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party.
In the substantial public interest: Processing is necessary for reasons of substantial public interest, on the basis of EU or local law.