1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
Account - means an account required to access and/or use certain areas and features of our Site;
Cookie - means a small text file placed on your computer or device by our Site when you visit certain parts of our Site and/or when you use certain features of our Site. Details of the Cookies used by our Site are set out in Part 17, below.
2. Who we are
Our Site is owned and operated by DIACLE LIMITED, a limited company, registered in England and Wales
with number 08597553.
Registered address: Suite 2, 1st Floor, 151 Rye Lane, London, SE15 4TL.
Email address: email@example.com
3. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
4. Data Protection Principles
Lawfulness, fairness and transparency - data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation - data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation - data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy - data must be accurate and, where necessary, kept up to date.
Storage limitation - data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality - data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
5. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
The right to access the personal data we hold about you. Part 15 will tell you how to do this.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 20 to find out more.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 20 to find out more.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to us using your personal data for a particular purpose or purposes.
The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. [We do not use your personal data in this way.]
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 20.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 20.
6. Information we collect
Information you provide us
You may choose to provideus with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via our site or otherwise.
The categories of personal data you provide us may include:
first and last name;
job title and company name;
marketing and communications data includes your preferences in receiving marketing from us and your communication preferences
Information we collect from third parties
We collect most of this information from you directly. However, we also collect information about you:
from publicly accessible sources, e.g. Companies House;
from third party sources of information, e.g. client due diligence providers;
which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn;
from a third party, e.g. a person who has introduced you to us or other professionals (such as accountants) you may engage.
Information we collect online
We collect, store and use information about your visits to our Site and about your computer, tablet, mobile or other device through which you access our Site. This includes the following:
technical information, including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location;
information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and Site navigation and search terms used;
information collected by cookies on our Site (for more information on cookies, please see the section on cookies below).
Sensitive personal data
We do not generally seek to collect sensitive (or special categories of) personal data. Sensitive personal data is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health. If we do collect sensitive personal data, we will ask for your explicit consent to our proposed use of that information at the time of collection.
Our Site is not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.
7. Email marketing
For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing.
Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to opt out of receiving email marketing communications from us at any time by:
contacting our Privacy Manager using the contact details set out in Part 20; or
using the “unsubscribe” link in emails.
8. How we use your information
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests. If you want further information on the balancing test we have carried out, you can request this from our Privacy Manager.
The following table describes the purposes for which we will process your personal data, and the legal basis for doing so:
|Purpose for which we will process your personal data||Legal basis for processing personal data
|To provide you with information and services that you request from us.||It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.|
|To enforce the terms and conditions and any contracts entered into with you.||It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.|
|To send you alerts, newsletters, bulletins, announcements, and other communications concerning FW, legal developments or notifications we believe may be of interest to you.||It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. You can always opt-out of receiving direct marketing-related email communications or text messages by following the unsubscribe link.|
|To invite you to seminars, events, or other functions we believe may be of interest to you.||It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. You can always opt-out of receiving direct marketing-related email communications or text messages by following the unsubscribe link.|
|To send you information regarding changes to our policies, other terms and conditions and other administrative information.||It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you and it will not be detrimental for you.|
|To administer our Site including troubleshooting, data analysis, testing, research, statistical and survey purposes; To improve our Site to ensure that consent is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our Site; and to keep our Site safe and secure.||It is in our legitimate interests to continually monitor and improve our services and your experience of our Site and to ensure network security and it will not be detrimental for you.|
9. Who we share your personal data with
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
in some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
if necessary to protect the vital interests of a person; and
to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Diacle Limited, our staff, customers or others.
10. International transfers
We do not transfer your personal data outside the UK or the European Economic Area (EEA).
11. How can you control your personal data
In addition to your rights under the Data Protection Legislation, set out in Part 5, when you submit personal data via our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails).
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
12. Where we store your data.
We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
Please contact us using the details below in Part 20 for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.
13. Security of your personal data
We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.
Despite these precautions, however, Diacle cannot guarantee the security of information transmitted over the Internet or that unauthorized persons will not obtain access to personal data. In the event of a data breach, Diacle have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
14. How long we keep your personal data
Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed and for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria we use for retaining different types of personal data, includes the following:
General queries - when you make an enquiry or contact us by email or telephone, we will retain your information for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than one year if we have not had any active subsequent contact with you;
Direct marketing - where we hold your personal data on our database for direct marketing purposes, we will retain your information for no longer than two years if we have not had any active subsequent contact with you.
Legal and regulatory requirements - we may need to retain personal data for up 7 years after we cease providing services and products to you where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.
15. How you can control your personal data
In addition to your rights under the Data Protection Legislation, set out in Part 5, when you submit personal data via our Site, you may be given options according to the rights to:
Access - you have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“data subject access request”). We may refuse to comply with a subject access request if the request is manifestly unfounded or excessive or repetitive in nature.
Data Portability - You may also have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller. The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Update - We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can update your details or change your privacy preferences by contacting us as provided in Part 20. We may refuse to comply with a request for rectification if the request is manifestly unfounded or excessive or repetitive
You have the right to object at any time to our processing of your personal data for direct marketing purposes.
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Be forgotten and restrict the processing - You also have the following rights under data protection laws to request that we rectify your personal data which is inaccurate or incomplete. Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive or repetitive in nature.
16. Exercising your rights
In order to improve our Site, we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from our Site and is stored on your device’s browser or hard drive. The cookies we use on our Site won't collect personally identifiable information about you and we won't disclose information stored in cookies that we place on your device to third parties.
By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. For more details, please refer to the table below. These Cookies are not integral to the functioning of our Site and your use and experience of our Site will not be impaired by refusing consent to them.
All Cookies used by and on our Site are used in accordance with current Cookie Law.
This Site deploys the following cookies:
|ss_cpvisit||Identifies unique visitors and tracks a visitor’s sessions on a site||2years|
|ss_cid||Identifies unique visitors and tracks a visitor’s sessions on a site||2years|
|ss_cvisit||Identifies unique visitors and tracks a visitor’s sessions on a site||30minutes|
|ss_cvt||Identifies unique visitors and tracks a visitor’s sessions on a site||30minutes|
|ss_cvr||Identifies unique visitors and tracks a visitor’s sessions on a site||2years|
|crumb||Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.||Session|
18. Google Analytics
Diacle uses Google Analytics, a web analysis service provided by Google Inc. (“Google”), CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, for customising and optimising our website.
Google Analytics uses ‘cookies’, which are stored on your computer, to help the website analyse how users use the website.
As a rule, the information generated by the cookies about your use of this website will be transmitted to and stored by Google on servers in the United States. The information generated by the cookies includes:
the website from which this website was accessed (referrer URL),
date and time of the server request.
This website uses Google Analytics with the IP anonymisation feature (“anonymizeIp”).
This means your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Treaty on the European Economic Area. The full IP address will be transmitted to a Google Server in the USA and shortened there only on an exceptional basis.
On behalf of Diacle, Google will use this information for evaluating your use of the website, compiling reports on website activity for website operators and providing other services to Diacle relating to website activity for market research and tailoring the offer to suit market needs. Google will not associate the IP address transmitted under Google Analytics by your browser with other data held by Google.
You may prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we must advise you that in this case, you might not be able to use all functions of this website to the full extent. You may prevent Google from recording the data generated by the cookie and pertaining to your use of the website (including your IP address), or processing these data by downloading and installing the following browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Our Site may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Diacle does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
20. Email Monitoring
Emails which you send to us or which we send to you may be monitored by Fox Williams to ensure compliance with professional standards and our internal compliance policies.
Monitoring is not continuous or routine, but may be undertaken on the instruction of a partner where there are reasonable grounds for doing so. Occasional spot checks or audits may also be undertaken on the instruction or with the authority of a partner.
21. How you can contact us
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: firstname.lastname@example.org
Postal Address: Suite 2, 1st Floor, 151 Rye Lane, London, SE15 4TL
or telephone on 0303 123 1113.
Updated and effective as of 3 June, 2019