Privacy Notice

This privacy notice applies to you and describes how and why we collect and use personal data and provides information about your rights. It applies to any personal data we collect or obtain about you or that you provide to us through the Website, or any platforms, websites or apps, including social media sites, when you purchase a product or service, contribute, speak, feature, attend or participate in any of our podcasts, webinars, workshops, events or sessions or related publications or marketing materials, or communicate or interact with us in any other way.

The Website and our services are not intended for children under the age of majority in their place of residence (which may be 13, 14, 16 or 18 depending on applicable laws). We do not knowingly collect data relating to children. If we become aware that we have collected such data, we will delete it promptly, unless we are legally required to keep it.

It is important that you read this privacy notice together with any other privacy/data protection notice or clauses or fair processing notice (other privacy notices – available via the Legal Information) we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them, except where otherwise stated in those other privacy policies.

Please also read the Glossary which explains the meanings of some of the terms used in this privacy notice.

(1) IMPORTANT INFORMATION AND WHO WE ARE

Controller
The Business described in the Legal Information is the data controller and responsible for your personal data (collectively referred to as “Business”, “we“, “us” or “our” in this privacy notice). We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the Contact Details in the Legal Information.

Contact Details
If you have any questions about this privacy notice or our privacy practices, please contact our data privacy manager using the Contact Details in the Legal Information.

Complaints
You have the right to make a complaint at any time to your local data protection authority in your country of residence. For example, if you are in the UK, this is the Information Commissioner’s Office (ICO): contact the ICO. We would, however, appreciate the chance to deal with your questions or concerns, and invite you to contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes
We keep our privacy notice under regular review. We reserve the right to change it at any time without notice and we encourage you to read it periodically to ensure that you are at all times fully aware of it. Any changes are effective immediately upon posting to our Website or written notice to you. This version was last updated on update date first mentioned above. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links
This Website may include links to third-party websites, plug-ins, applications and/or other materials which are not provided by us. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. These are not under our control and we are not responsible for their privacy notices/policies. Please note that they and any services that may be accessible through them should have their own privacy notices/policies and that we do not accept any responsibility or liability for the activities, privacy policies/notices or levels of privacy compliance of any third-party websites, plug-ins, applications and/or other materials operated by any third party or for any content which is not under our control. We recommend that you check their privacy policies/notices before you submit any personal data to any of them.

(2) THE DATA WE MAY COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, place of birth, date of birth and gender; job title, profession and photograph; and information contained in your curriculum vitae or your profile on social media.
• Contact Data includes billing address, delivery address, previous addresses, email address and telephone numbers, business address, business email addresses and telephone numbers.
• Financial Data includes bank account and payment card details, personal and business financial records.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes information about how you use our website, products and services, and device-specific data such as device’s IP address (captured and stored in an anonymized format), device screen resolution, device type (unique device identifiers), operating system and browser type, geographic location (country only), and user interactions (mouse events (movements, location and clicks) and keypresses and log data (referring URL and domain, pages visited, geographic location (country only)), preferred language used to display the webpage and date and time when website pages were accessed).
• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our Website, products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Not all categories of personal data listed in this notice will apply to every individual. We only process the personal data necessary for the specific purposes relevant to our relationship with you.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

In some cases, it may be necessary to collect Special Categories of Personal Data about you (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data). We do not routinely collect information about criminal convictions and offences. In either case, such information will only be processed where necessary, permitted by law, supported by a lawful basis (such as performance of a contract, your explicit consent, the establishment, exercise or defence of legal claims, or substantial public interest), and accompanied by appropriate safeguards.

If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform any contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

(3) HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

(a) Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, via an account dashboard or otherwise. This includes personal data you provide when you:

• apply for our products or services;
• purchase and use our products and services;
• register as a customer or user;
• create an account on the Website;
• join any subscription or membership;
• join any of our groups on social media or in person;
• subscribe to our service or publications, including newsletters;
• request marketing to be sent to you;
• enter a competition, promotion or survey;
• engage with us and content on the Website or via any platform, website or app, including any social media site;
• take part in our market research;
• give us feedback or contact us;
• contribute, speak, feature, attend or participate in any of our podcasts, webinars, workshops, events or sessions (in person, virtual, live or recorded) (collectively, the “Sessions”) or other audio-visual or written publications and related marketing materials in any form (“Publications”);
• via third parties authorised by you, including your business, any partner, shareholders, authorities, the revenue service, Electronic ID verification providers, and other third parties (e.g. advisors, banks, investment managers)
• interact with us in any other way.

(b) Automated technologies or interactions. As you interact with the Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other Websites employing our cookies. Please see our cookie notice below for further details.

(c) Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below, operating in the UK, your country of residence and globally:

(i) Technical Data is collected from the following providers:

• global analytics providers;
• global advertising networks; and
• global search information provider.

(ii) Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
(iii) Identity, Contact and Financial Data from credit checking and compliance screening service providers.
(iv) Identity and Contact Data from publicly available sources such as Companies House.

(4) HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.
• Where we have obtained your active agreement to use your personal data for a specified purpose.

Please read the Glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although, where legally required, we will get your consent before sending third party direct marketing communications to you via phone, email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

(5.A) PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL DATA

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.

Purpose/Activity: To register you as a new customer.
Type of data: (a) Identity, (b) Contact.
Lawful basis for processing, including basis of legitimate interest: Performance of a contract with you.

Purpose/Activity: To process and deliver your order for products or services, manage payments, fees, and charges, and collect and recover money owed to us.
Type of data: (a) Identity, (b) Contact, (c) Financial, (d) Transaction, (e) Marketing and Communications.
Lawful basis for processing, including basis of legitimate interest: (a) Performance of a contract with you, (b) Necessary for our legitimate interests (to recover debts due to us).

Purpose/Activity: To manage our relationship with you, including notifying you about changes to our terms and conditions, policies, or privacy notice, and requesting reviews or surveys.
Type of data: (a) Identity, (b) Contact, (c) Profile, (d) Marketing and Communications.
Lawful basis for processing, including basis of legitimate interest: (a) Performance of a contract with you, (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests (to keep our records updated and study customer usage patterns).

Purpose/Activity: To enable your participation in prize draws, competitions, or surveys.
Type of data: (a) Identity, (b) Contact, (c) Profile, (d) Usage, (e) Marketing and Communications.
Lawful basis for processing, including basis of legitimate interest: (a) Performance of a contract with you, (b) Necessary for our legitimate interests (to study customer usage patterns, develop products/services, and grow our business).

Purpose/Activity: To administer and protect our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting.
Type of data: (a) Identity, (b) Contact, (c) Technical.
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (running our business, providing administration and IT services, network security, preventing fraud, and business reorganization or restructuring), (b) Necessary to comply with a legal obligation.

Purpose/Activity: To deliver relevant website content and advertisements to you, and measure the effectiveness of the advertising served.
Type of data: (a) Identity, (b) Contact, (c) Profile, (d) Usage, (e) Marketing and Communications, (f) Technical.
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (studying customer usage patterns, developing products/services, growing our business, and informing marketing strategy) (b) consent (for targeted advertising).

Purpose/Activity: To use data analytics to improve the Website, products/services, marketing, customer relationships, and experiences.
Type of data: (a) Technical, (b) Usage.
Lawful basis for processing, including basis of legitimate interest: Necessary for our legitimate interests (defining customer types, keeping the website updated, developing our business, and informing marketing strategy).

Purpose/Activity: To make suggestions and recommendations about goods or services that may be of interest to you.
Type of data: (a) Identity, (b) Contact, (c) Technical, (d) Usage, (e) Profile, (f) Marketing and Communications.
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (developing products/services and growing our business), (b) consent.

Purpose/Activity: To be involved in our Sessions or Publications, and any activities which arise during the course of or after thee these or in their preparation or development.
Type of data: (a) Identity, (b) Contact, (c) Financial Data (if you are paid).
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (developing products/services and growing our business), (b) consent (c) Performance of a contract.

Purpose/Activity: To recruit the best and most appropriate speakers, contributors, and participants and crew for our Sessions and Publications.
Type of data: (a) Identity, (b) Contact.
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (developing products/services and growing our business), (b) consent (c) Performance of a contract.

Purpose/Activity: To film, record and photograph you for the purpose of your inclusion in our Sessions or Publications, and their distribution and exploitation and their advertising and marketing.
Type of data: (a) Identity, (b) Contact,
Lawful basis for processing, including basis of legitimate interest: (a) Necessary for our legitimate interests (developing products/services and growing our business), (b) consent (c) Performance of a contract.


(5.B) TECHNOLOGY AND AUTOMATION
We, and where relevant our approved service providers, may use technology (including artificial intelligence, machine learning, and other automated systems) as part of delivering and improving our services. These tools may be used for purposes such as:

• delivering and enhancing our products, services, and technology;
• managing operations, systems, and customer support;
• carrying out research, analytics, and marketing activities;
• supporting legal, regulatory, and risk management requirements; and
• generally supporting the activities and purposes set out in section 5A above.

Where such tools involve the processing of personal data, this will be done in accordance with applicable laws, with appropriate safeguards, and only for the purposes described in this notice. Not all categories of personal data listed in section 2 will apply in every case, and we apply data minimisation appropriate to the context.

Lawful bases for processing may include:
(a) our legitimate interests (for example, to operate efficiently, improve services, and safeguard our business);
(b) your consent, where required by law;
(c) performance of a contract; and/or
(d) compliance with legal obligations.

We do not carry out automated decision-making that has legal or similarly significant effects on you without ensuring this is permitted under applicable laws and subject to appropriate safeguards.

(6) MARKETING

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can change your preferences by following the opt-out links on any marketing message sent to you, or by contacting us at any time using the Contact Details or, if we offer this functionality, by logging into the Website and checking or unchecking relevant boxes.

Please read the Glossary to find out more about how the law applies to digital marketing to businesses and consumers.

Marketing and promotional offers from us if you are a business
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

Marketing and promotional offers from us if you are a consumer
Where you have indicated your consent to receiving marketing information including offers or promotions about our products or services by ticking the relevant box(es), we will use your Contact Data for these purposes. You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

Third-party marketing: businesses and consumers
We will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, by contacting us at any time using the Contact Details, or (if we offer this functionality) by logging into the Website and adjusting your preferences. Where we rely on consent, you may withdraw it at any time, and it will always be as easy to withdraw as it was to give. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions or service-related communications that are essential for administrative, customer service or legal/compliance purposes.

(7) COOKIE POLICY

We use the cookies set out in/via the Legal Information above, and/or as detailed in/via the cookie consent tool, settings, or banners on the Website.

(8) CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using our Contact Details. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


(9) DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below, and as further detailed in our Third Party Processors & Service Providers list (or similar name), which we update from time to time, for the purposes set out in the section ‘Purposes for which we will use your personal data’ above.

• External Third Parties – as described in the Glossary.
• Affiliates – our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• Business transaction parties – third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
  If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
  We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
  
  

(10) INTERNATIONAL TRANSFERS
Different countries have different rules for how personal data can be transferred internationally. We follow the standards required under the data protection laws that apply to you, so that your personal data is protected wherever it goes.

We may share your personal data with Affiliates and External Third Parties who are or become based outside the country in which our business is registered or operates, including, where relevant, the United States, the European Economic Area, Canada, Australia, South Africa, and other jurisdictions where those persons are located. This means your personal data may be transferred outside of your country of residence.

Whenever we transfer your personal data internationally, we ensure that it is protected in accordance with the standards required under the applicable data protection laws in your location, by implementing at least one of the following safeguards:

• Transferring personal data only to countries that have been officially recognised as providing an adequate level of protection under the applicable data protection laws; and/or
• Using specific contractual safeguards, such as standard contractual clauses, international data transfer agreements, or other mechanisms approved under the applicable data protection laws (including any other legally recognised transfer mechanisms introduced in the future), to ensure your personal data receives a level of protection equivalent to that provided in your country of residence.

Where your personal data is transferred internationally, we take reasonable steps to ensure it is protected in line with applicable laws, including through the use of recognised safeguards such as adequacy decisions, contractual clauses, or other lawful mechanisms

(11) DATA SECURITY

• We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
• We seek to apply data protection principles by design and default where appropriate, and implement security measures that are reasonable and proportionate under applicable laws, taking into account the nature of the data, the risks involved, and the available technology.
• We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
• Where we use AI tools to process personal data, we apply additional safeguards as required by law (if applicable – as described in our AI Privacy/Confidentiality Notice, available via the Legal Information above or on request via our Contact Details).
• They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
• However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Accordingly, although we will do our best to protect your personal information, transmission of personal information to and from our Website is at your own risk.

(12) DATA RETENTION

How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see your legal rights below for further information. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Third party technologies
Where we use third-party technology service providers, including software and artificial intelligence (AI) tools, some of these providers may retain limited data for their own limited purposes and for longer periods than our standard retention practices. We take steps to minimise the personal data shared with such providers and to use providers that apply appropriate confidentiality and data protection safeguards.

Extended retention of your personal data
In accordance with relevant/applicable law, for example anti-money laundering regulations, and recognised good practice within the tax and accountancy sector, we may retain your personal data (as necessary) (including Contact, Identity, Financial and Transaction Data) for seven years after you cease to be a customer. Please note that this is not an offer of storage or any commitment by us to retain information and materials that you should obtain/download/retain yourself when your contract with us ends, such as data held by third party accounting software or platforms used in the course of the services, or any other third party provider.

(13) YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please see the Glossary to find out more about these rights:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Additional rights. Depending on your location and the laws that apply to you, you may have additional rights. We will respect and facilitate these rights where and to the extent required by applicable laws.

(14) GLOSSARY

Affiliates: our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
Legal Information means the information and documentation about our business supplied to you in writing and/or published on the Website, or available upon request, including at the start of this document (as applicable).

LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
Consent means that you have given us permission to process personal information for a given purpose. You have the right to withdraw this consent at any time. You can manage your preferences within your account or by using the Contact Details in the Legal Information.

THIRD PARTIES
External Third Parties

• Service providers based in the United Kingdom who provide consultancy services, IT services, accountancy or book-keeping services, anti-money laundering and ID checks, management services, marketing services, business administration and support services, and associated services.
• Professional advisers including lawyers, bankers, accountants, and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• International revenue services, regulators and other authorities acting as processors or joint controllers based in the internationally who require reporting of processing activities in certain circumstances.
• Any other third party with whom we are required by law or regulation to share your personal data (such as in connection with an investigation of fraud or other legal enquiry) or in connection with other legal proceedings (including where we believe that your actions violate applicable laws or any agreement with us).
• Service providers based outside the United Kingdom and EEA to whom we subcontract, outsource or use to provide services for the purposes set out in this notice.
• Other third parties based within or outside the United Kingdom to whom you require us to correspond with (for example, insurers, finance providers, pension providers, and investment brokers.
• Your personal representative(s).
• Our professional body (if applicable – e.g. Chartered Institute of Management Accountants (CIMA)) or an external reviewer in relation to quality assurance.
  If the law allows or requires during the period of our contractual arrangements or after we have ceased to act we may give information about you to:
  – the police and law enforcement agencies courts and tribunals
  – the Information Commissioner’s Office (ICO)
  – Service providers based outside the United Kingdom and EEA to whom we subcontract, outsource or use to provide services for the purposes set out in this notice, including but not limited to those set out in the Third Party Providers/Processors list (or similar name) – accessible via the Legal Information.
  
  In addition, after we have ceased to act we may give information about you to:
  – our professional indemnity insurers or legal advisers where we need to defend ourselves against a claim
  – our professional disciplinary body where a complaint has been made against us in order to defend ourselves against a claim
  – your new advisers or other third parties you ask us to give information to.

YOUR LEGAL RIGHTS

You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you’d like a template to use, please ask us.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

• If you want us to establish the data’s accuracy.
• Where our use of the data is unlawful but you do not want us to erase it.
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Please note that these rights do not apply in all situations and may be subject to the provisions of relevant data protection laws. We may not be able to comply with any request from you in connection with the rights set out above. (For example, even if you request that we delete your personal data, we may be required by law to retain some personal data in order that we comply with our legal and regulatory obligations).

If you have any questions or would like more information, please reach us via the Contact Details in the Legal Information.

Privacy notice powered by New Legal.