What categories of personal data do we collect?
Personal data is any information relating to an identified or identifiable individual. The personal data we collect about you depends on the particular services we provide to you.
The personal data we may collect includes:
- Contact details including name, company name, job title, work and mobile telephone numbers, work and personal email and postal address and information to check and verify your identity e.g date of birth.
- Professional details including job and career history, educational background, professional memberships and published articles.
- Family and beneficiary details for insurance and pension planning services including names and dates of birth of our employees.
- Financial information including taxes, payroll, pensions, bank details.
- [your personal [or professional] interests]
- [your professional online presence, eg LinkedIn profile]
- Information about how you use our website, IT, communication and other systems
- Your responses to surveys, competitions and promotions
We collect and use personal data for the purposes described in the section ‘Why do we need personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
Sensitive personal data
We typically do not collect sensitive or special categories of personal data about individuals other than our own employees. When we do need to process sensitive personal data from data subjects who are not our employees, it is either on the instructions of a third party, with the express consent of the individuals or as required by law.
How do we collect personal data?
- We obtain most of the personal data we collect directly from individuals in a variety of ways, including those that; provide us with their business card(s), complete our online forms, subscribe to our newsletters, register for training, webinars and meet ups, attend meetings or events we host, visit our offices or for recruitment purposes.
- We obtain personal data indirectly about individuals from a variety of third parties, including recruitment services and our clients. This data is always obtained with the individuals consent.
- Personal data may be obtained from publicly accessible sources such as Companies House, news articles, and internet searches.
- If you register or login to our website using social media (e.g. LinkedIn, Google or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us.
What lawful reasons do we have for processing personal data?
Under data protection law, we can only use your personal data if we have a proper reason, eg:
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
We may rely on the following legitimate interests when we collect and use personal data to operate our business and provide our products and services:
- Delivering services to our clients – To deliver the professional services our clients have engaged us to provide.
- Direct marketing – To deliver timely market insights and speciality knowledge we believe is welcomed by our business clients, subscribers and individuals who have interacted with us.
Why do we need personal data?
We aspire to be transparent when we collect and use personal data by telling you why we need it, this typically includes:
- Providing professional services – our services may include reviewing client files for data analytics which may involve processing personal data for the relevant client.
- Promoting our professional services, products and capabilities to existing and prospective business clients.
- Sending invitations and providing access to guests attending our events and webinars or our sponsored events.
- Administering, maintaining and ensuring the security of our information systems, applications and websites.
- Authenticating registered users to certain areas of our sites.
- Seeking qualified candidates, and forwarding candidate career inquiries to our HR team, which may be governed by different privacy terms and policies.
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
- Travel arrangement assistance.
- Helping support clients to run a series of development programs for education and learning purposes.
- Complying with legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud and other forms of financial crime.
- Compiling health and safety data (directly or indirectly) following an incident or accident.
We will use your personal data to send you updates about our services including exclusive offers, promotions or new services. These updates may be sent by email, text message, telephone or post.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘What lawful reasons do we have for processing personal data?). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it to other organisations, outside the Ascent group, for marketing purposes.
Do we link to other websites?
Do we share personal data with third parties?
We routinely share personal data with:
- companies within the Ascent group;
- third parties we use to help deliver our services to you;
- other third parties we use to help us run our business;
- third parties approved by you, eg social media sites you choose to link your account to or third party payment providers;
- payment services providers;
- marketing services providers;
- recruitment services providers.
We or the third parties mentioned above occasionally also share personal data with:
- our and their external auditors, eg in relation to the audit of accounts, in which case the recipient of the information will be bound by confidentiality obligations;
- our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
- law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
- other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Transferring your personal data out of the UK and EEA
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
Where we transfer your personal data outside the UK and/or the EEA, we do so on the basis of an adequacy regulation or decision or (where that is not available) standard contractual clauses recognised by the UK and/or EU. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK and/or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law.
What are your data protection rights?
- Access – the right to be provided with a copy of your personal data
- Rectification – the right to require us to correct any mistakes in your personal data
- Erasure (also known as the right to be forgotten) – the right to require us to delete your personal data—in certain situations
- Restriction of processing – the right to require us to restrict processing of your personal data in certain circumstances, eg if you contest the accuracy of the data
- Data portability – the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
- To object – the right to object:
*at any time to your personal data being processed for direct marketing (including profiling);
* in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
- Not to be subject to automated individual decision making – the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
The right to withdraw consent – if you have provided us with consent to use your personal data you have a right to withdraw that consent easily at any time. Withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
How do we protect personal data security and customer information?
Appropriate technical and some additional organisational security policies and procedures are in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We are using dedicated technology for protection of personal data, by following internal data classification and handling guidelines. We aim to ensure that access to your personal data is limited only to those who need to access it while following the principle of minimisation. Those individuals who have access to the data are required to maintain the confidentiality of such information and follow internal data classification guidelines.
If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to contact us
The Data Protection Officer
2 Redcliffe Way
We aim to respond within 30 days from the date we receive privacy-related communications and may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.
Alternatively, you may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.