Last updated: December 2021

US & International Privacy Policy | EU Privacy Policy

US & International (Non-EU) Privacy Policy

Compliance Week has created this privacy statement to demonstrate our firm commitment to protect your privacy and to fully disclose what information we collect and how we use it. Please note your use of our Digital Offering is also governed by the Terms and Conditions of use.

Information Collection and Dissemination

General Principles

  • In general, you may visit this Digital Offering or use the companion mobile applications (collectively referred to as the “Digital Offering”) without identifying yourself or revealing any personal information.
  • As you browse our Digital Offering, the Digital Offering collects log file, IP address of your computer, and other standard tracking data we use to evaluate Digital Offering traffic and usage patterns. Such information is aggregated with tracking data from all Digital Offering visitors. We will use the information to personalize the Digital Offering according to your preferences based on the aggregated information. We also use the aggregated information to evaluate products and services we may offer to you.
  • Some portions of this Digital Offering may require you to give us personally identifiable information such as your name, job title, company, physical mailing address, e-mail address, telephone and fax numbers (Personal Information) and, if applicable, financial information such as your credit card information (Financial Information), for, without limitation, (i) registration for attendance at certain Compliance Week trade shows, conferences and events; and (ii) subscriptions to our publications. If you communicate with us by e-mail, post messages to any of our chat groups, bulletin boards or forums, or otherwise complete online forms, surveys or contest entries, any information provided in such communications may be collected as Personal Information.
  • If you elect to provide us Personal Information, we use it primarily to deliver the service you requested. Other uses of Personal Information are described elsewhere in this Policy.
  • If you submit Financial Information, we use that information primarily to verify your credit and collect payments for your purchases, orders, registrations etc.
  • Compliance Week uses a third party to process credit card transactions and does not store financial information, such as credit card information on its website. We do retain the last four digits of the credit card number solely for customer service purposes.

Information Sharing

Unless you opt-out, we share your Personal Information with Wilmington plc’s affiliates and partners and third parties licensed to access your Personal Information by any of the foregoing. To opt-out, send us an email to info@complianceweek.com

Except as otherwise provided in this Privacy Policy, we will keep your Personal Information and your Financial Information private and will not share it with third parties, unless such disclosure is necessary to (a) comply with a court order or other legal process; (b) protect our rights or property; or (c) enforce our terms of service.

Several companies unaffiliated with Compliance Week provide email deployment services for our email messages. The personally identifiable information, such as e-mail address, we provide to these vendors for the purposes of e-mail deployment is only used by them for that purpose and not for any other business activity.

In order to comply with the Federal CAN-SPAM Act of 2003, we also may provide lists of customers who have opted-out of email promotion for Compliance Week products to other companies, so they can be suppressed from mailings those companies send on Compliance Week’s behalf. In addition, if you unsubscribe from a mailing we send to our own list on behalf of a third party, your removal instruction may also be supplied to the third party and added to their own suppression file. If you continue receiving email after opting out, please contact us at info@complianceweek.com

For the Compliance Week app-only user data will be shared with Compliance Week’s software partner, Crowd Compass. To view the Crowd Compass app’s privacy policy please go to https://www.cvent.com/en/privacy-policy.

Compliance Week will share user data with accredited provider(s) of CE activities in which users participate, and/or education and communications companies who assisted in the development of CE activities in which users participate.

Aggregated information

We sometimes provide aggregated usage or tracking information collected from this Digital Offering to third parties.

Information on Children

As a business-to-business company, we do not knowingly collect information from children under the age of 13. On-line registration and Digital Offering usage is restricted to adults who are professionally engaged in the businesses we serve.

Updating Visitor Information

You have the option of accessing, correcting, updating and modifying your Personal and/or Financial Information, or visitor profile, at any time and as often as desired. If you desire to delete your Personal and/or Financial Information please contact us at info@complianceweek.com

Update Your Newsletter Subscriptions

You can opt-in to newsletter mailing lists, or remove yourself (opt-out) at any time through the subscription management page (this page will display all of your newsletter subscriptions) or by following the instructions at the end of the newsletters you receive. Please allow 3-5 business days for changes to take effect. You can locate the subscription management page through the “Log In” link at the top right hand corner of the Digital Offering. For Compliance Week Digital Offerings not offering the subscription management page, please send your email preferences to info@complianceweek.com

Update Your Print Subscription Information

You can correct or change your print subscription information by sending an email to info@complianceweek.com. Please allow 2-4 weeks for changes to take effect.

Third Party and Affiliated Links

Our Digital Offerings contain external links to other Digital Offerings including suppliers, advertisers and affiliates. We have no control over, and are not responsible for, the content of, or information gathered by, these other Digital Offerings. We do not endorse any of these Digital Offerings or the products or services associated with such Digital Offerings merely because they are linked to our Digital Offering.

Google

Compliance Week uses all features of Google Analytics for Display Advertisers. Google Analytics does not store any visitor specific data and we will not use visitor specific data in any way related to Google Analytics, Google Adwords, and Remarketing. Compliance Week uses remarketing with Google Adwords and analytics to display content specific advertisements to visitors that have previously visited our site when those visitors go to other websites that have the Google Display Network implemented. Compliance Week and other third-party vendors, including Google, use cookies together to inform, optimize, and serve ads based on visitors past visits to our website. Visitors can opt out of Google Analytics for Display Advertisers and opt out of customized Google Display Network ads by visiting the Ads Preferences Manager.

Wilmington plc Magazines, Seminars, Events, Sites and Other Publications and Services

As a Compliance Week customer you can also expect to receive relevant email and postal offers for Wilmington plc publications, seminars, events, Digital Offerings and other services. From time to time we are also able to secure and offer to our customers specially-negotiated discounts and new products from other leading companies. If you would prefer not to receive such mailings in the future, you can change your preference via the subscription management page which can be located by using the “Log In” link at the top right hand corner of the Digital Offering. For Compliance Week Digital Offerings not offering the subscription management page, please send your email preferences to info@complianceweek.com.

Compliance Week Events

Compliance Week Events are produced for a variety of companies (Sponsors). All data collected during the registration of such events may be shared with those Sponsors. This data is governed by the individual Sponsor’s privacy policy and may be used by the Sponsor for follow-up purposes. Please visit the Sponsor’s web site to review its privacy policy. Similarly, Compliance Week events will have the same access to this data as the Sponsors, and this Privacy Policy continues to govern how Compliance Week uses the data. For details on how event Sponsors use the information you provide, please contact the Sponsor directly.

If you have any questions, please contact info@complianceweek.com.

Compliance Week eSeminars

Compliance Week eSeminars produces sponsored webcasts and online trade shows for a variety of Sponsors. All data collected during the registration for such events will be shared with those Sponsors. This data is governed by the individual Sponsor’s privacy policy and may be used by the Sponsor for follow-up purposes. Please visit the Sponsor’s web site to review its privacy policy. Similarly, Compliance Week eSeminars will have the same access to this data as the Sponsors, and this Privacy Policy continues to govern how Compliance Week uses the data. For details on how eSeminar Sponsors use the information you provide, please contact the Sponsor directly.

Compliance Week eSeminars also automatically receives and records information on our server logs from your browser, including your IP address, Internet connection speed, Internet connection duration, and Real Media and Windows Media player information. This is done in conjunction with our broadcast providers. Your data is collected and retained by our broadcast providers for the sole purposes of delivering eSeminars content appropriately, traffic reporting, and enabling re-registration for future events. In addition, our broadcast providers use cookie technology to identify you as a registered user of the eSeminars service.

If you have any questions, please contact info@complianceweek.com.

Email a Friend

If you choose to use our referral service to inform a friend about our Digital Offering, products, or services, we will ask you for your friend’s name and email address. We will send your friend a one-time e-mail inviting them to visit the Digital Offering. We may store this information for the purpose of sending this one-time e-mail and tracking the success of our referral program. Your friend may contact the us at info@complianceweek.com to have their information removed from our database.

Online Ad Serving

We use third-party advertising companies to serve ads when you visit our Digital Offering. These companies may use information (not including your name, address email address or telephone number) about your visits to this Digital Offering and other Web sites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here: http://www.networkadvertising.org/consumer/opt_out.asp

Cookies

A “cookie” is a bit of data sent by a Web site through the browser to the computer of the user visiting the site, and enables the site to return the results the browser expects. Compliance Week uses temporary, session-specific cookies to ensure visits to its Web site are smooth and customized for the visitor. Such cookies allow us to provide a visitor’s browser with information tailored to the visitor’s preferences and needs. Compliance Week also uses permanent or persistent cookies that remain on a visitor’s computer after the visitor leaves a Compliance Week Web site.

If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in the browser’s settings. However, disabling the cookie support function of the browser will prevent our Web site from functioning properly and you may not be able to utilize fully all of the site’s features and information.

We use advertising companies to develop banner ads for our Digital Offering. These ads may contain cookies. These companies collect cookies sent to your browser through the banner ads and we do not have control or access to this data. Information may be collected from a third party through the use of cookies and web beacons to measure website traffic.

Notwithstanding any other provision, we may also engage a data provider who may collect web log data from you (including IP address and information about your browser or operating system), or place or recognize a unique cookie on your browser to enable you to receive customized ads or content. These cookies contain no personally identifiable information. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, that we may share with a data provider solely in hashed, non-human readable form. To opt-out of these data provider cookies, please go to http://www.aboutads.info/choices.

Pixel Tags

Like many web sites, Compliance Week may also use pixel tags, also known as beacons, spotlight tags or web bugs, to improve our understanding of site traffic, visitor behavior, and response to promotional campaigns, as a supplement to our server logs and other methods of traffic and response measurement. Pixel tags are sometimes used in conjunction with small Javascript-based applications, also for the purpose of traffic measurement. We may also implement pixel tags provided by other companies, for the same purpose. You can disable pixel tags by changing your browser settings to omit images and disable Javascript; or there are commercial software packages available that can omit pixel tags and most advertisements.

Opt-Out Option

Visitors to this Digital Offering can decide if they want to receive promotional information from Compliance Week. On the visitor registration pages, prospective visitors can choose to request Compliance Week not to e-mail them advertising and promotional information. Should visitors accept promotional e-mail from Compliance Week, any e-mail they receive will include instructions on how to be removed from Compliance Week’s promotional e-mail list. If you continue receiving email after opting out, please contact us at info@complianceweek.com.

Security and Encryption

This Digital Offering takes commercially reasonable precautions to protect your information. When appropriate, we use SSL encryption technology on our Digital Offering and a secure server to encrypt information transmitted between your browsers and our server. As a result, data you submit to our Digital Offering such as credit card and payment information is transmitted using commercially reasonable security over the Internet.

This Digital Offering also uses password encryption to keep ensure your privacy when registering for newsletters, events, and other Compliance Week related media.

Notification of Changes

Compliance Week reserves the right, at any time and without notice, to add to, change, update or modify this Privacy Policy, simply by posting such change, update or modification on the Digital Offering. Any such change, update or modification will be effective immediately upon posting on the Digital Offering. Please check back often to review the latest version of our Privacy Policy.

Your Acceptance of these Terms

By using our Digital Offering, products or services, you signify your acceptance of the terms of the Compliance Week Privacy Policy. If you do not agree to the terms of the Compliance Week Privacy Policy, please do not use the Digital Offering, products and/or services and exit the Digital Offering immediately.

Questions?

If you have any questions on our Privacy Policy, or complaints about our handling of your Personal and/or Financial Information, you can contact us at info@complianceweek.com.

EU Privacy Policy

This privacy policy sets out the basis on which your personal data will be processed by us as the data controller of your personal data for the purposes of the GDPR (“the Regulation”). Please read our policy carefully to understand our views and practices regarding your personal data and how we will treat them.

Access to information

The Regulation gives you various rights including the right to access information held about you. Questions about this privacy policy may be addressed to dataprotection1@wilmingtonplc.com.

About this Notice
Wilmington Compliance Week Inc, part of Wilmington plc, is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law. Please read it carefully.

  • Data protection law says that the personal information we hold about you must be:
  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely

This notice is separated into the following sections for ease of reference (see section links below). If you have any questions about this notice or how we collect and use personal information about you please contact us using the details below.

  1. Information About Us
  2. Contract Information and Other Correspondence
  3. Marketing
  4. Website Information
  5. Content
  6. Employee Information
  7. Information Collected at Our Premises
  8. Job Applicants
  9. Legal Claims
  10. Information We Receive from Third Parties
  11. Why Else Do We Use Your Information?
  12. Sharing Your Information
  13. Where We Store Your Information
  14. Data Security
  15. How Long Will We Keep Your Information?
  16. Your Rights
  17. Changes to this Privacy Notice


INFORMATION ABOUT US
1.1    We are Wilmington Compliance Week. Our registered office is at 129 Portland Street FL 6, Boston MA 02114-2014, USA.
1.2    If you have any questions, our contact details are:
1.2.1    129 Portland Street FL 6, Boston MA 02114-2014, USA
1.2.2    +1 617 570 8600
1.2.3    info@complianceweek.com
1.3    We also have a dedicated Data Protection Officer, who is responsible for data compliance issues. Their contact details are below:
1.3.1    +44 20 7324 2346
1.3.2    dataprotection1@wilmingtonplc.com
1.4    As we are based outside the EU, our nominated representative for the purposes of data protection law is Wilmington plc their contact details are below:
1.4.1    5th Floor 10 Whitechapel High Street, London E1 8QS
1.4.2    +44 20 7324 2346
1.4.3    dataprotection1@wilmingtonplc.com


2    CONTRACT INFORMATION AND OTHER CORRESPONDENCE
2.1    When you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, contract details, delivery details, and correspondence with us about the contract.
2.2    We need certain information to carry out our contract with you and you must provide this in order to enter into a contract with us (or as required under that contract), if you do not, we may not be able to carry out our contract with you. Mandatory information fields are generally set out when you are entering into the contract, but in particular, you must provide the following information:
2.2.1    Your name and contact details.
2.2.2    Your delivery address.
2.2.3    Your payment details.
2.2.4    Information to verify your identity and other information for us to carry out anti money laundering checks.
2.2.5    Name and contact details of individual consumers of our products or services covered by the contract.
2.3    Other correspondence or interaction (for example by email, fax, telephone, mail, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.
2.4    Call information. We may also collect details of phone numbers used to call our organisation and the date, time and duration of any calls. Please note that we may record your calls to or from us for quality and training purposes.
2.5    We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your organisation’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
2.6    Where your information relates to a contract, it is kept for a period of up to 7 years after your account is closed to enable us to deal with any after sales enquiries or claims and as required for tax purposes and may be stored in our archive for reference purposes for as long as our business need which we will review after 7 years.
2.7    Payment information is collected by our payment card processing provider and is retained for a period of up to 16 months after the date of the order.


3    MARKETING
3.1    We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, we will process your professional data based on legitimate interests to send you a fair processing notice and then respect any communication preferences you give us.
3.2    You always have the right to “opt out” of receiving our marketing. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing.
3.3    If you are an existing customer or are acting as a business we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.
3.4    We only share your name or contact details with event sponsors for marketing purposes where we have informed you that we will do so.
3.5    We use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
3.6    We retain your details on our marketing list until you “opt-out” at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.


4    WEBSITE INFORMATION
4.1    We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
4.2    We, or third party advertisers, may also use this information to serve adverts on you. Where those adverts are targeted, this may involve using website information and information we (or our third party advertisers) have obtained from third parties. This won’t include information such as your name or contact details. Where our adverts are displayed to you using your information, your information is used as necessary for our legitimate interests in marketing to you.
4.3    For detailed information on the cookies we use and the purposes for which we use them see our Cookie information in our US privacy policy.
4.4    We keep this website information about you from when it is collected until the relevant cookie expires or you disable it.
4.5    Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


5    CONTENT
5.1    This is information about you which you provide when you post content on our website. This may include reviews photographs, videos and other content which you post on our website.
5.2    We may display and publish this information on our platforms as part of our contract with you or as necessary for our legitimate interests in providing content to our users.
5.3    This information is kept for as long as you have an account with us and may be retained and displayed indefinitely after you close your account. You are able to remove or delete any content which you post at any time while your account is active.



6    EMPLOYEE INFORMATION
6.1    If you work for one of our customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
6.2    We keep this information for up to 7 years after the end of our relationship with your organisation.


7    INFORMATION COLLECTED AT OUR PREMISES
7.1    Visitor information. We collect information about visitors to our premises. We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident.
7.2    CCTV. We, or our building management company, may operate CCTV at our premises which may record you and your activities. We display notices to make it clear what areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes.
7.3    We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and visitor safety, and administering parking.
7.4    Visitor information is kept for a period of up to 3 months. If you have an accident on our premises, our accident records are retained for a period of up to 3 years.
7.5    CCTV recordings may be kept for a period of up to 35 days (unless there an incident occurs and it is necessary for us to keep recordings for longer to properly deal with it).

 

8    JOB APPLICANTS
8.1    We will collect and hold information on job applicants, including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide.
8.2    We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations and rights.
8.3    If you are successful in your application, your information will be used and kept in accordance with our internal privacy notice. If you currently work for us, or used to work for us, you can request a copy of this from us. If you are not successful in your application, you information will be held for up to 6 months after the relevant round of recruitment has finished.
8.4    You must provide certain information (such as your name, contact details, professional and educational history) for us to consider your application fully. If you have not provided all of this information, we may contact you to ask for it. If you do not wish to provide this information, we may not be able to properly consider your application.
8.5    If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information.
8.6    If you are listed as an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that worker. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that worker, and for our legitimate interests in administering our relationship with that worker. Your information will be kept until it is updated by that worker, or we no longer need to contact that worker after they have stopped working for us.


9    LEGAL CLAIMS
9.1    Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.


10    INFORMATION WE RECEIVE FROM THIRD PARTIES
10.1    We may also receive information about you from the following sources:
10.1.1    Our service providers. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide us with information about you, to be used as set out above.
10.1.2    Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice.
10.1.3    Our other channels. This is information we receive about you if you use any of the other websites we operate or the other services or products we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data.
10.1.4    Publicly available sources. We obtain information from the following publicly available sources: your organisation/employer’s website or LinkedIn.
10.1.5    Credit information. We may also collect credit information on you from third party reference agencies.


11    WHY ELSE DO WE USE YOUR INFORMATION?
11.1    Common uses of your information. We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:
11.1.1    we need to perform a contract we have entered into with you.
11.1.2    we need to comply with a legal obligation.
11.1.3    it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
11.1.4    we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).
11.2    Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


12   SHARING YOUR INFORMATION
As well as any sharing listed above, we may also share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. 
12.1    Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
12.2    Which third-party service providers process your personal information?

12.3    We also may need to share your personal information for third-party service providers (including contractors and designated agents) so that they can carry out their services.

12.4    The following activities are carried out by third-party service providers: business consultants, CRM systems, data research partners, digital customisation platform, email engagement platforms, event administration, event management technologies, event venues, feedback and review platforms, IT services, legal advice, order fulfilment, payment processing, speakers at events, webinar platforms and website hosts.

12.5    When might we share your personal information with other entities in the group?

12.6    We may share your personal information with other entities in our group in our shared finance and IT systems, as part of our regular reporting and for system maintenance support and hosting of data.
12.7    How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
12.8    What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.


13    WHERE WE STORE YOUR INFORMATION
13.1    Our office headquarters are based in London, UK and our main data centre is located in Telford, UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. Our group of companies operate in the following countries: UK, Spain, France, Ireland, USA, Dubai, Singapore and Hong Kong.
13.2    We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
Some countries or organisations outside of the UK and the EU which we may transfer your information to will have an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place. These are set out on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
13.3    If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.


14    DATA SECURITY
14.1    As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
14.2    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.


15    HOW LONG WILL WE KEEP YOUR INFORMATION?
15.1    We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
15.2    To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
15.3    In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.


16   YOUR RIGHTS
16.1    Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO).  Under certain circumstances, by law you have the right to:
16.1.1    Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
16.1.2    Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
16.1.3    Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
16.1.4    Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
16.1.5    Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
16.1.6    Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
16.1.7    Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
16.1.8    Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
16.1.9    Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us on dataprotection1@wilmingtonplc.com.
16.2    No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
16.3    What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
16.4    Timescale. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.


17    CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.