1) General Information
We’ll tell you:
- how we collect your information
- what purpose we are processing it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country, and
- whether we do automated decision-making or profiling.
2) Contact information
Shared Assets Ltd is the controller for the personal information we process, unless otherwise stated.
You can contact us by email and post.
Our postal address: 63/66 Hatton Garden, Fifth Floor Suite 23, London, EC1N 8LE
Our Data Protection Officer is Mark Walton. You can contact him at firstname.lastname@example.org or via our postal address. Please mark the envelope ‘Data Protection Officer’.
3) How do we get information?
Most of the personal information we process is provided to us directly by you for one of the following reasons (please note this list is not exhaustive):
- You subscribe to our e-newsletter
- You wish to attend, or have attended, an event
- You are representing your organisation
- You contacted with us a query you thought we could help with
- You have applied for a job or secondment with us
We also receive personal information indirectly, in the following scenarios:
- An employee of ours gives your contact details as an emergency contact or a referee
- We may find, through online research, and store, publicly available information about you where we have a legitimate interest (e.g. in relation to ongoing or potential business)
4) What purpose are we processing it for?
The legal basis we rely on to process your personal data is Article 6(f) of the UK GDPR, which allows us to process personal data when it’s necessary for the purposes of our legitimate interests.
Specifically, we will often process your data for the purpose of:
- Keeping in touch with relevant news, offers, research or related correspondence
- Promoting, booking or managing events
- Communicating in relation to ongoing or potential business; and associated correspondence or enquiries
- Employment related matters
5) Your Data Protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this on the ICO website here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this on the ICO website here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this on the ICO website here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this on the ICO website here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our legitimate interests. You can read more about this on the ICO website here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this on the ICO website here.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
6) Sharing your information
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us.
The ICO defines a “processor” as: “data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
“Processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
- organisation, adaptation or alteration of the information or data,
- retrieval, consultation or use of the information or data,
- disclosure of the information or data by transmission, dissemination or otherwise making available, or
- alignment, combination, blocking, erasure or destruction of the information or data (edited)
Don’t worry, this isn’t as onerous as it sounds, but it covers the fact that we store your data in a database (Capsule CRM) and use software like Mailchimp to email you.
We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Where we contract with third parties for the processing of your data, these may be located outside the EU (in the USA). When this is the case, we ensure the contracts we have in place with those third parties meet the requirements of the UK GDPR.
In some circumstances we are legally obliged to share information. For example under a court order (where we have considered we have a lawful basis on which to share the information and document our decision making).
7) Links to other websites
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
8) Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at firstname.lastname@example.org and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the ICO as the UK supervisory authority. Please follow this link to see how to do that.
10) Visitors to our website
When you visit www.sharedassets.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
We will ensure any necessary cookies for functionality and security are not deleted.
Search queries and results on our website are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us.
Purpose and legal basis for processing
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.
11) Automated decision-making or profiling
We do not use automated decision making. We may occasionally profile your data for the purpose of marketing and finding customers with similar interests.