DATA PROTECTION NOTICE
At Finsen Technologies Limited we are committed to protecting the privacy of your personal data in accordance with Data Protection legislation. This Data Protection Notice (“Notice”) sets out the basis on which we will process your personal data.
In this Notice, ‘we’ (and any related expression) refers to: Finsen Technologies Limited, registered in England & Wales, no. 08260223, whose registered office is at First Floor Thavies Inn House 3-4, Holborn Circus, London, EC1N 2HA and those companies and/or corporations that are members of the group of which it is the holding company (“Finsen Group”).
This Notice applies whether you are, or you are acting on behalf of, a customer or potential customer of a Finsen Group member, or you are a professional or business contact of a Finsen Group member, or you are a job applicant.The Data Protection Legislation
As from 25th May 2018, the EU General Data Protection Regulation (“GDPR”), as supplemented by UK legislation applies to the processing of most personal data in the UK.
Personal data is any information that directly or indirectly identifies a living individual.
For the purposes of the GDPR, we will be the controller of any personal data that we collect from or about you in connection with the supply of our Finsen products or services, or related activities such as promoting the Finsen Group’s business and market research or, where relevant, dealing with job applications.
Under the GDPR, data controllers are required to process personal data lawfully, fairly and in a transparent manner, and in a manner that ensures appropriate security of the personal data. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, and the data must be adequate, relevant and limited to what is necessary in relation to those purposes, accurate and, where necessary, kept up to date, and kept in a form which permits identification of data subjects for no longer than is necessary for those purposes. Data controllers are responsible for, and must able to demonstrate, compliance with these principles.
What personal data do we collect from or about you?
If you make an enquiry
If you contact us with an enquiry about our Finsen products or services (either through one of the Finsen Group’s websites or by phone, email or post), we will ask you to supply essential contact details (your name, e-mail address, phone number and, where applicable, the company or other person you represent and your job title), which we need in order to identify you and deal with your enquiry.
Depending on the nature of your enquiry, we may collect from you further details, such as the circumstances in which you are making the enquiry, the Finsen products or services that may be of interest to you or, where you are interested in a possible position with us, your CV and related information.
If you are or become a customer
If you are or become a customer (or the company or other person you represent is or becomes a customer), and in the course of the supply of our Finsen products or services, we may collect further personal data from you, depending on the nature of the transaction. We will only ask you to provide the information that is necessary and appropriate.
We may also need to ask you to provide further personal data, and may need to carry out background checks about you with credit reference agencies and fraud prevention agencies, for credit control purposes and in order to satisfy our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and any other applicable legislation concerning money laundering, tax evasion, crime prevention and fraud protection. If you do not provide us with the information we need, we will not be able to engage with you or the company or other person you represent.
When you make a personal payment, details of the method of payment, your bank details or your credit or debit card number will be processed.
If you are a professional or business contact
If you provide us (or one of our employees or other personnel) with your professional or business contact details or other relevant personal data, we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to our and your business or profession.
If you enquire about a job
If you submit a job application or enquire about a potential position with a Finsen Group member, or another person does so on your behalf, we will ask you (or them) to provide relevant personal information about you. Further details of the personal data that we collect, and of the basis on which we will process your personal data, will be provided by our HR Department at the time.
Why and on what basis do we process your personal data?
When you make an enquiry, we will process the personal data that you give us, or we collect from you or about you, so that we can supply you with the information that you have requested about our Finsen products or services (including information about the Finsen products and/or services that other Finsen Group members provide), on the basis that it is necessary for our legitimate interests in promoting and marketing the Finsen Group, or in order to provide a quotation.
If you are or become a customer (or the company or other person you represent is or becomes a customer), we will process the personal data that you give us, or we collect from you or about you, in order to perform the contract that we have with you (or the company or other person you represent).
Where we need to process special categories of data (“sensitive data”) or criminal records relating to you, we will only do so with your explicit consent or where this is necessary for the establishment, exercise or defence of legal claims.
We will also process your personal data for internal record keeping, billing and accounting, and to respond to any queries, complaints or requests for further information, and for the purposes of archiving. The basis on which we do so is that it is necessary for our performance of the contract we have with you (or the company or other person you represent), or is necessary for our legitimate interests in managing our business and improving our performance, and to comply with regulatory obligations.
In appropriate circumstances we will use the personal data that you provide or that we collect about you on the basis that we are required to do so in order to comply with our regulatory obligations, including those under applicable legislation such as that concerning money laundering, tax evasion, crime prevention and fraud protection.
Staying in touch
We provide a wide range of additional services for our customers and our professional and business contacts, such as updates on technical and business developments. We would like to use the details on our database in order to inform you of these and the various Finsen products or services that the Finsen Group provides, on the basis that it is necessary for our legitimate interests in promoting and marketing the Finsen Group. If you do not wish us to use your personal data in this way, please tick the relevant box or click the relevant link on the form or in the email that we send you. All future marketing communications will also contain a simple way to opt out of receiving any further marketing communications from us.
Who do we share your personal data with?
We will not use your personal data for any other purpose, or disclose it to any third party, without your consent unless we are required to do so by law, or as mentioned in this section.
Other Finsen Group members
In the course of providing our Finsen products or services, or subsequently, we may have to share personal data about our customers (or about individuals representing a customer) with other members of the Finsen Group for administrative or regulatory purposes, where this is necessary for the performance of our contract with you (or the company or other person you represent), or for the legitimate interests we have in managing our business and improving our performance, or in order to comply with regulatory requirements. In some cases this will include the establishment, exercise or defence of legal claims.
We may also refer you to another member of the Finsen Group with your consent, in which case we will provide the other member of the Finsen Group with your contact details and other personal data about you which is relevant to the Finsen products or services they are to provide.
External organisations may conduct audits or quality checks for us, either where this is necessary for compliance with our legal obligations or for the legitimate interests we have in improving our business. These external organisations are required to maintain confidentiality in relation to your files. If you do not want your file to be part of this process, please tell us as soon as possible.
Data processing services
Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.
Transferring our rights and duties
We may transfer your personal data to anyone to whom we may transfer our rights and duties under the terms of our contract with you (for instance, for the purposes of Finsen Group re-organisation and administration or if our business is merged with or we are acquired by a third party). We will do this in order to perform our contract with you (or the company or other person you represent) or where this is necessary for the legitimate interests we have in improving our business.
Compliance with legal obligations
We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection.
Transfers outside the EEA
We may share your personal data with one or more third party providers situated in countries outside the European Economic Area (including the USA) that do not have the same standards of Data Protection laws as the EU. We may do so with your consent, or where it is necessary for performance of the contract we have with you or for the establishment, exercise or defence of legal claims. However, we will ensure that contractual or other safeguards are in place to ensure that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects, and will inform you of the nature of these safeguards at the relevant time.
Professional or business contacts
If you are not a customer (or a representative of a customer) but have provided us with your professional or business contact details or other relevant personal data, we may share your personal data with other Finsen Group members and with our other professional or business contacts or those of our other Finsen Group members, on the basis that it is necessary for our legitimate interests in promoting and marketing the Finsen Group, unless you indicate otherwise.
How long do we keep personal data for?
If you contact us with an enquiry about our Finsen products or services but you do not subsequently become a customer (or the company or other person you represent does not do so), it is our policy to delete your personal data after twelve months.
If you are or become a customer (or the company or other person you represent is or becomes a customer), we normally retain contract information (including personal data) for a minimum period after the end of the relevant contract or customer relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so. In some cases it may be necessary for us to retain records indefinitely.
Our full data retention policy is available on request.
Personal data relating to our professional contacts will be retained for so long as is necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis.
In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.
Your rights as a data subject
As a data subject, you have certain legal rights (subject to certain exceptions under the Data Protection legislation) including the right:
- to access the personal data held about you and request a copy of it;
- to ask us not to process your personal data for marketing purposes;
- to withdraw at any time any consent you have given to receive marketing material from us, or in any other case where we process your personal data on the basis of a consent that you have given (and not on some other legal basis);
- to ask us to rectify inaccurate personal data about you;
- to ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required;
- to ask for the transfer of your personal data in a structured, commonly used and machine readable format where appropriate;
- to ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject; and
- to make a complaint to the Information Commissioner’s Office which can be contacted by post via: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by telephone via 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
- Changes to this Data Protection Notice
We may change this Data Protection Notice from time to time. In the case of any substantial change, we will notify you (where practicable) in writing or by email.
How to Contact Us
If you have any questions, comments or requests about this Data Protection Notice, or would like to exercise any of the rights you have, as set out above, please contact us:
- by email to: email@example.com; or
- by post to: The Data Protection Manager, Finsen Technologies Limited 3rd Floor, 17 Carlton House Terrace, London SW1Y 5AH.