Your Quick Guide To Managing Ethics & Compliance

Privacy Policy

Privacy Policy

Ethics Insight Ltd (“we”) are committed to the highest standards of privacy and data protection compliance. We are bound by the UK Data Protection Act 2018 and the EU General Data Protection Regulation 2016 (“GDPR”) (“GDPR”) and the regulations enacted under it (as may be amended from time to time). We act in accordance with the GDPR and this Privacy Policy.
This Privacy Policy sets out how and why we collect, store, use, transfer and disclose your personal data and how you may access your personal data and correct it offline and also on our website www.ethicsinsight.co (our “site”).

1. Collection, use and disclosure of personal data

Collection of general information

Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. We collect non-personally identifying information to better understand how our visitors use our site. The information collected will also help us troubleshoot problems, analyse our resources and improve our services and/or products. There is nothing in that kind of information that could enable anyone to identify who you are.

We also collect potentially personal data like Internet Protocol (IP) addresses for logged-in users. We only disclose logged in user IP addresses under the same circumstances that we use and disclose personal data as described below in this Privacy Policy.

Collection of personal information

We collect personal data in a number of ways, including:

  • when you or a third-party contacts us independently of our site, such as by email, phone or in person;
  • when you visit and interact with our site and related software (including any mobile applications);
  • when you engage in transactions with us, whether online or offline;
  • when you sign up for a client account;
  • through cookies and other technologies that allow us to give you a better experience on our site;
  • when you contact us via our site or sign up for our newsletter/mailing list.

In each case, we collect such personal data only insofar as is necessary or appropriate to fulfil the purpose of your interaction with us. We do not disclose personal data other than as described below in this Privacy Policy.

You may refuse to supply personal data, however this may prevent you from engaging in certain site-related activities and we may not be able to provide our services and/or products or assistance to you or on your behalf.

You must not provide us with the personal data about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal data will be handled in accordance with this Privacy Policy (including where to find it).

Consent

This Privacy Policy applies to the site you are currently viewing. By visiting our site, using any of our services or providing us with your personal data in any other way (or authorising it to be provided to us by someone else), you agree to this Privacy Policy and consent to your personal data being collected, used and disclosed as set out in this Privacy Policy. This Privacy Policy should be read in conjunction with our Website Terms of Use.

Purpose

We collect your personal data to enable you to receive the benefit of our site and services and/or products. Subject to this Privacy Policy, you agree that we may use your personal data for the following purposes:

  • to carry out our obligations and to provide you with agreed services and/or products;
  • to establish, maintain and administer your account;
  • to send notifications about the service and/or product you have purchased;
  • to notify you about changes to the services and/or products you have purchased;
    to send you relevant marketing material;
  • for quality assurance and training purposes;
  • any other uses identified to you at the time of collecting your personal data or as reasonably contemplated by this Privacy Policy and our Website Terms of Use,
    (the “Purposes”).

 

Disclosure of your personal information

We may disclose your personal data to other entities or individuals for the Purposes including but not limited to:

  • our employees, trusted third parties and other people we work with to provide services and/or products to you;
  • third party service providers for the purpose of enabling them to provide a service such as (but not limited to) IT service providers, data storage, web-hosting and server providers, debt collectors, payment processing and insurers;
  • any third-party partners or entities with whom we have a commercial relationship;
  • any related entity of ours;
  • prospective sellers or buyers of our business or assets;
  • any applicable or relevant regulator or third party for the purpose of legislative or contractual compliance and/or reporting or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, those of third parties or the public at large; or
  • other entities or individuals, provided you have given your consent.

2. Legal basis of processing

The General Data Protection Regulation (GDPR) require us to explain the valid legal bases we rely on in order to process your personal data. As such, we may rely on the following legal bases to process your personal data:

  • Consent. We may process your data if you have given us permission (consent) to use your personal data for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your personal data when we believe it is necessary to fulfil our contractual obligations to you, including but not limited to providing our services through the Ethics Insight Platform or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your data when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
  • Legal Obligations. We may process your data where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your data as evidence in litigation in which we are involved.
  • Vital Interests. We may process your data where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

3. Access to and correction of personal data

Accessing your personal data

You may review, edit, correct or delete any personal data you submit to us.

On request we will, as soon as reasonably possible, provide you with:

  • personal data about you that is in our possession or under our control; and
  • data about the ways in which the personal data referred to in paragraph (a) has been or may have been used or disclosed by us during the year preceding the date of the request.

However, we reserve the right not to provide you with your personal data or other related data if providing it could reasonably be expected to:

  • threaten the safety or physical or mental health of another individual;
  • cause immediate or grave harm to your safety, physical or mental health;
  • reveal personal data about another individual;
  • reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; or
  • be contrary to the national interest.

If you wish to access the personal data we hold about you, you should contact us on [email protected], and we will respond to your request within a reasonable period after the request is made. If we deny you access, we will provide our reason for doing so at the time of your request.

While we do not charge a fee for a request for accessing your personal data, we may charge a reasonable fee (which will be notified to you once you make a request) for time and cost in the following circumstances:

  • if an extended amount of time is required to collate and prepare material for you; and
  • if you wish to have your files photocopied for you.

 

Correcting and updating your personal information

Please contact [email protected] as soon as possible if there are any changes to your personal data or if you believe the personal data we hold about you is not accurate, complete or up-to-date so that we can update your file accordingly. We will process any requested changes as soon as practicable and send the corrected personal data to every other organisation to which the personal data was disclosed during the year preceding the date of the correction, unless that other organisation no longer needs the corrected personal data for any legal or business purpose or you otherwise agree that we do not need to resend the corrected data to any other organisation.

4. Care of personal data

Accuracy

We take reasonable steps to ensure that the personal data we hold about you is accurate, complete and up-to-date. However, we also rely on you to advise us of any changes to your personal data.

Protection of personal data

We take reasonable steps to ensure that your personal data is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Although we aim to create a safe, secure environment by trying to limit access to the site to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal data.

Please contact [email protected] immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.

Retention of personal data

We will cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the Purpose for which that personal data was collected is no longer being served by retention of the personal data, or retention is no longer necessary for legal or business purposes. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize such data, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Transfer outside EEA

We will not transfer any personal data to a country or territory outside the European Economic Ares (“EEA”) except in accordance with the requirements prescribed under the GDPR to ensure that organisations provide a standard of protection to the personal data transferred that is comparable to the protection under the GDPR and this Privacy Policy.

5. Cookies

A cookie is a string of data that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Our site uses cookies to help us identify you from other users, track your usage of our site, and your website access preferences.

We do or may use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this data to make our site and the advertising displayed on it more relevant to your interests. We may also share this data with third parties for this purpose.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

If you do not wish to have cookies placed on your computer you should set your browsers to refuse cookies before using our site, with the drawback that certain features of our site may not function properly without the aid of cookies.

6. Business transfer

If we, or substantially all of our assets, were acquired, or in the event that we go out of business or enter bankruptcy, user data would be one of the assets that is transferred or acquired by a third party. You acknowledge and agree that if such transfers occur, that any acquirer of our business may continue to use your personal data as set forth in this
Privacy Policy.

7. Use of personal information for direct marketing

From time to time we may use the personal data we collect from you to identify particular services and/or products that we believe may be of interest to you. We may then contact you to let you know about these services and/or products, new features and how they may benefit you, solicit your feedback, or just keep you up to date with what’s going on with us and our services and/or products.

Direct marketing from us generally takes the form of an electronic marketing email. Where we use your personal data to send you marketing data by email, SMS, MMS or other electronic means we may do so with your express or deemed consent. Every directly addressed marketing contact sent or made by us will include a means by which you may unsubscribe (or opt out) of receiving further marketing data. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Contact [email protected] to make a request.

8. Links to third party websites

Our site may contain links to and from third party websites. If you click on such links, you do so at your own risk and subject to whatever privacy policy and/or website terms may govern the use of such websites. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any data you provide to them. You should read the privacy policy of these third parties to find out how they handle your personal data when you visit their websites.

9. Personal data about minors

We do not knowingly solicit personal data from or about minors under 18 years of age. By using the site, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the site. If we learn that personal data from users less than 18 years of age has been collected without parent or guardian consent, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any personal data we may have collected from minors under age 18, please contact us at [email protected].

10. Your rights under GDPR

Under the General Data Protection Regulation, you possess several rights in relation to your personal data. These rights include

  • The right to be informed – You have the right to be informed about how and why your personal data is being collected or processed by us.
  • The right to access – You have the right to request a copy of your personal data currently being collected and/or stored by us.
  • The right to rectification – You have the right to request that we correct any data you believe is inaccurate or incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

We are committed to upholding these rights at all times. If you wish to exercise any of these rights, please send us a request that (a) provides sufficient detail to allow us to verify that you are the person about whom we have collected personal data, and (b) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it as soon as possible. Please note we cannot respond to requests that do not adequately meet the above criteria.

As per GDPR guidelines, Ethics Insight has a “Data Protection Officer” (DPO) who is responsible for all matters relating to privacy and data protection and can be reached at –

Attn: Rupert Evill, Data Protection Officer, Ethics Insight

Address: 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE

Email: [email protected] 

Tel: +44 7480 800435

You also have the right to complain to a supervisory authority according to Article 51 of GDPR where you feel that our processing of your personal data has infringed your rights. The supervisory authority in UK is the Information Commissioner’s Office (ICO) at https://ico.org.uk/  

If you have any further questions or comments about this Privacy Policy, you may email us at [email protected] 

This Privacy Policy was last updated in October 2022.

 

Your Quick Guide To Managing Ethics & Compliance