Introduction

Diogeledd Labs, its subsidiaries and all affiliated entities (“we”, “us” or “our”) are committed to respecting and protecting your privacy. 

This Privacy Policy (the “Policy”) explains how we will collect, store and use any personal data you provide via our website, email or networking with our people and when you, or third parties who hold your data, otherwise communicate with us (including in the course of the services we provide or the running of our business). 

Our details are as follows: 

Data Controller: Diogeledd Labs

This Policy may change from time to time, and if it does, the up-to-date version will always be available on our website and becomes effective immediately. 

Please take the time to read this Policy, which contains important information about the way in which we process personal data. 

For the purposes of this Policy, “Data Protection Legislation” is defined as, for the periods of which they are in force and to the extent applicable to to us, the General Data Protection Regulation (EU) 2016/670) (“GDPR”), Data Protection Act 2018 (as amended from time to time), the UK legislation known as the “UK GDPR, and any other law as applicable to us and otherwise relating to data protection. 

Information we may collect about you 

We may collect and process information about you and your personnel through various means, including; 

• In the course of carrying out work for you (or your business); as noted above, we will almost always act as a data controller in this capacity but there might be very limited circumstances in which we will act as a data processor. Where we are acting as a data processor, we will separately let you know and ensure that appropriate contract terms are in place. 
• Via our website
• By email or other electronic correspondence (including through the technical monitoring tools and other tracking technologies which we use for purely administrative/technical reasons in respect of emails to check our emails are sent to the intended recipients and are read/engaged with in the way we want. 
• From third party sources including publicly available sources and service providers, your representatives, and regulatory bodies. 
• From third party sources including publicly available sources and service providers, your representatives and regulatory bodies. 
• By telephone, video conferencing or collaboration software
• Networking (such as, at client events and or other meetings or events both in person or virtual events either hosted or attended by us). 
• Through the extranet or other document storage, management or review sites or platforms that we make available in the context of the services that we provide. 
• Through an online or emailed form, questionnaire, survey or similar. 
• Otherwise through providing our services or operating our business 

The Personal Data You Give To Us May Include 

• Your name, title and contact information, including telephone number, postal address and email address. 
• Information relating to your location, preferences and/or interests. 
• Information collected through one of our digital services
• Employment and job application details 
• Photographic identification 
• In certain circumstances, yours and/or others’ signature(s), National Insurance number or Unique Tax Reference number, financial details such as bank account or payment information, and address information
• The content of any online event or via any of our social media accounts. 
• Where you have subscribed or responded to our marketing mailings, your communication preferences and, if required, any dietary requirements.
• Survey responses and feedback 
• Any other personal data we collect in the context of our work for our clients in the course of operating our business. 

Each time you visit our website or use one of our digital services, we may automatically collect the following information: 

• Web or app usage information (e.g. IP address), browser type and version, time zone setting, operating system and platform. 
• Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs). 
• Location, device and demographic information

We may ask you for information when you report a problem with our website or other digital or professional services. 

If you contact us, we may keep a record of that correspondence. 

The personal data described above may relate to any of the following categories of person:

• Our clients and clients personnel 
• Our prospective employees, secondees, work experience students or other job applicants
• Any current and former employees, consultants or any other person engaged or employed by us 
• Emergency contacts or references whose details have been provided to us
• Third parties whom we have contacted by virtue of providing services
• Our prospective target clients
• Our contractors and suppliers 
• Those we work with in the context of our Corporate Social Responsibility (CSR) commitments. 
• Attendees and/or participants at events hosted by us either virtually or in person
• Those who submit enquiries or whose details are otherwise entered into our client relationship management system. 

Cookie Policy

We may use your information for the following purposes 

• To respond to any query that you may submit to us. 
• To manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes.
• To complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Terms or Business (including any associated administration). 
• To carry out any relevant conflict checks, anti-money laundering sanctions checks and fulfilling obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017). 
• To send to you by email any relevant information on our services and invite you to events and networking opportunities that may be of interest to you (such as our email briefings, podcasts or other news) using the email which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation.
• To manage and administer events (either virtual or in person) hosted or sponsored by us, including managing your communication preferences, for example, if you opt our from our mailings, to operate suppression lists to ensure that you do not receive marketing communications from us. 
• To process any job application you (or your representative has submitted).
• To administer our corporate social responsibility initiatives.
• To manage and administer our support and other third-party relationships and to comply with our contractual and legal obligations pursuant to those relationships
• To ensure that our website and digital services content is presented in the most effective manner for you and your devices. 
• To customise our website or other digital services according to your interests
• To administer our website and digital services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses.
• To allow you to participate in interactive features on our website and other digital services when you choose to do so.
• As part of our efforts to keep our website and other digital services safe and secure 
• To measure or understand the effectiveness of advertising we send to you and others, and to deliver relevant advertising to you.
• To ensure we appropriately administer any attendance to our events.
• To comply with other professional, legal and regulatory obligations which apply to us or policies and procedures that we have in place (including procedures by which we use software tools to review and access information stored on our system in order to assess, verify or otherwise process the personal data we hold).
• As we feel is necessary to prevent illegal activity or to protect our interests. 

Legal Grounds For Processing Your Information

We will rely on the following legal bases under Data Protection Legislation for processing your personal data; 

• Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any other personal, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract – we would not be able to act for you without this personal data.
• Comply with a legal obligation to which we are subject.
• We have a legitimate interest in doing so as a service provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our people, clients, prospective clients, suppliers and their contact personnel, administering visitors to and maintaining the security of our services, IT systems and network in addition to administering events hosted by us and ascertaining achievement of proper standards/compliance with policies, practices or procedures and/or fulfil our collective responsibilities.

Sharing Your Information 

We may share your details with carefully selected third parties. These may include service providers, support services, joint event hosts and organisations or persons that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and/or our clients in the course of business. 

We may share personal data internally between our subsidiaries and affiliated entities when providing services or as necessary to fulfil our obligations under Data Protection Legislation. 

If we share your information with third parties, they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with Data Protection Legislation. 

We may disclose your information to third parties when:

• You specifically request this or it is necessary to provide our services to you 
• In the event that we sell or buy any business assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. 
• If our website or other digital services or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• It is necessary to administer and manage any events that you are invited to and/or attend and/or participate in that is either hosted at on of our offices, virtually or elsewhere; or
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

The Third Parties Include

• Diogeledd Labs subsidiaries and affiliated entities.
• Our insurers.
• Our auditors, including external accreditation bodies. 
• Other professional advisors or third parties 
• Our regulators 
• Our data processors providing goods and services to us including catering, security, email security, data governance, archiving and other IT and business support services. 
• Our email marketing provider, our website provider(s), and any other digital service platform provider that we use. 
• Other attendees or participants on communication or collaboration software used by you and/or us on which you attend and where it is not possible to hide your identity or contact details (e.g. Microsoft Teams, or other video conferencing software, direct messaging apps etc).
• Selected partner digital agencies, online job application provider(s) and our recruitment job boards we may use. 
• Analytics and search engine providers that assist us in the improvement and optimisation of our website, apps and other digital services. 
• Any third party you ask us to share your data with

Our website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibilities or liability for these policies. Please check these policies before you submit any personal data to these websites. 

We will not rent or sell users or other contacts details to any organisation or individual

Storage and Retention of Your Personal Data 

We follow strict procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. We have implemented appropriate technical, physical and organisational security measures, including working to ISO27001 standards and Cyber Essentials certification as well as maintaining a wide range of information security and data protection-focussed policies and processes. 

All personal information you register with us will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data. 

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data. 

We will keep your information stored on our systems for as long as it takes to provide the services to our and in accordance with our Terms of Business. Any data collected via one of our digital services will be stored in accordance with the Terms of that Business. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research and development or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and only used for those purposes. 

Any contact details stored on our client relationship management database will be removed from our mailing lists if they do not interact with our emails (i.e. open emails or click links within them) for a certain period following which they will be moved to an archive folder before being deleted permanently. 

Third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as it is necessary to provide the services to you. 

Sending Your Information Overseas 

From time to time, we may need to disclose your personal data to entities outside of the United Kingdom for the purpose of our internal business processes (such as administration and billing) and for the purposes of providing our services. Where we transfer personal data between entities, we will comply with any transfer requirements applicable under Data Protection Legislation. 

If we need to share your personal data with any other recipient outside of the United Kingdom (e.g. a professional advisor or third party engaged by us or as you or as part of our work under an engagement) we will ensure we do so in compliance with Data Protection Legislation, including, where applicable, by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. 

Our people may access our systems remotely when working within or outside of the UK. Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures. 

Withdrawal of Consent 

Where we process your personal data we do so on the basis that you have provided your consent for us to do so for the purposes set out in this Policy when you submitted your personal data to us. 

You may withdraw your consent to this processing at any time by contacting us at hello@diogeledd.uk 

If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of those at such time. 

Your Information Rights 

Data Protection Legislation gives you the right to access information held about you. You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold; details of the purposes for the processing of your personal information; and details of any third parties with whom your personal information has been shared. 

You can access the personal information we hold on your by making your request in writing and sending it to hello@diogeledd.uk 

We will ask you to provide evidence of your identity before we show you your personal information – this is so that we can prevent unauthorised access. 

You will not usually have to pay a fee to access your personal information (or to exercise any other rights). However, in the event that an access request is unfounded, excessive or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. Alternatively, we may refuse to comply with your request in such circumstances. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information. 

You have the additional rights to request rectification and erasure of your personal data and to request restriction of, and to otherwise object to, our processing of your personal data and you can exercise these rights at any time by contacting hello@diogeledd.cuk 

You are also entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit data to another data controller. You can exercise this by contacting us at hello@diogeledd.uk 

Complaints 

If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know. 

You also have the right to make a complaint to the UK’s data protection regulator, the Information Commissioners Office (ICO). For more information, please visit the ICO website [https://ico.org.uk/] 

Contact 

Questions, comments and requests regarding this Policy should be addressed to our Data Protection Officer: Natalie Wild.