2020-06-09 new entry 7.2 to cover Global Horizons and subsequent renumbering
1.1 At Oxford Analytica, we are committed to protecting and respecting your privacy. We work very hard to keep your information safe and we want our use of your data, and your use of our services, to be secure. We follow strict security procedures on how personal information is stored and used and who sees it, to help stop any unauthorised person getting hold of it.
2. Identity and Contact Details
2.1 We have a legal duty to protect personal information that we collect under the General Data Protection Regulation (EU) 2016/679, (the “GDPR”).
3. Personal Information We Collect from You
3.1 We may collect and use various types of personal information about you. Details of this information are set out below:
- When you make enquiries of us we will collect your name, contact information and details about the services you are interested in so that we can provide you with the information that is of interest to you.
- If you have a user account for our systems, we will collect and use your e-mail address and password to administer this, along with any other information your organisation may require us to collect from you or that we may need to provide the services for which we have contracted.
- We will collect and use certain technical information about you and your visit when you visit our websites (covered under Cookies below).
- We will record whether or not you want to receive other communications about our services, and will give you the option to unsubscribe whenever we send those to you.
- We may collect certain other information that you give us, for example, if you register with us for our client login areas, complete a survey or report problems with our websites.
3.2 In some cases your organisation may have given us your personal information in order that we can fulfil our contract with them; we operate under the reasonable assumption that they are legally empowered to do so on your behalf. You have the individual right to withdraw consent at any time as outlined below.
4. Sensitive Personal Data
We may also collect and use certain sensitive personal information about you when you are attending one of our offices or one of our events, namely specific details of any relevant health conditions, disabilities, access requirements and special dietary requirements that you may have. Without this information we may be unable to ensure that you have the access or services that you need.
5. Lawful Basis for Processing
Where we have a contract with you or with your organisation
5.1 We use your data to provide information you have asked for, to enter into and fulfil contracts with you (where applicable), and to provide you with a good experience of our website and our services. Without this information, we may be unable to correspond with you, send you e-mail service notices, provide you with the information and/or services that you have requested, or enter into or fulfil contracts with you.
5.2 We may process your personal data in order to provide you with information about our other services and any offers you may from time to time be interested in. This does not affect your right in any way to ask us to stop contacting you in this way and you may do so by emailing firstname.lastname@example.org or through any of the contact means we provide on our website.
Where we rely on your consent
5.3 You may have given us your consent, via the appropriate opt-in box on a contact form or other communication, to provide you with information about our services and any offers you may from time to time be interested in. In some cases your organisation may have given consent on your behalf, and we operate under the reasonable assumption that they have a legal right to do so.
5.4 You may request that we cease processing your data at any time by emailing email@example.com or through any of the means advertised on our website.
5.5 If you give us your explicit consent to use your sensitive personal information as outlined above, you may withdraw your consent at any time, but this will not affect the lawfulness of any use of this information which took place before you withdrew your consent.
6. How We Use Personal Information
We collect and use personal information about you for the following purposes:
- Responding to messages from and corresponding with you and recording any communications.
- Providing the services and information that you ask us for and performing our obligations under any contracts that we enter into with you.
- Sending you marketing materials if you have agreed to receive these (these can be unsubscribed from at any time using links provided in the e-mails).
- Providing information about changes to our services.
- Allowing you to participate in interactive features of our services.
7. How We Share Personal Information
7.1 We share personal information as necessary with the following third parties:
- Financial institutions, in order that we may (where applicable) pay you or receive payment from you
- Service providers who store data on our behalf
- Other members of the Oxford Analytica International Group of companies
- Such third parties as may be required by law (such as duly authorised legal enforcement agencies).
7.3 Where we do share information with third parties, we review all contracts to ensure that they will protect your data with as much care as we do.
7.4 We do not share your personal information with third parties for the purposes of their contacting you, except where they do so directly and only on our behalf, as for example when we outsource our email delivery.
8. Automated Decisions and Profiling
We do not make any automated decisions about you.
9. Where We Transfer and Store Personal Information
9.1 Certain necessary personal information that we collect from you will be transferred to, and stored at, destinations outside the European Economic Area, (the "EEA”). To safeguard your personal information and to make sure that it is properly protected we rely on contractual safeguards with our third party providers and/or the third party’s membership of an EU-approved data protection scheme, such as EU-US Privacy Shield, which taken together ensure your data is properly protected. Such information is the minimum necessary to supply our service to you.
9.2 Where our staff outside Europe are processing your data, we train them and hold them to the same standards as we do our European staff. Your data is retained only for as long as is necessary in accordance with the same data retention policies as we operate in Europe.
10. Retention of Personal Information
10.1 We will keep your personal information for limited and appropriate periods of time only. How long we will keep your data for depends on your relationship with us.
10.2 In general, if you are providing or have provided services to us, or if we are providing or have provided services to you, then we will keep your data while the services are being provided, and for seven years after they complete.
10.3 If this has not been the case, in general we will keep your personal information for up to two years after our last communication from you. There are some exceptions to these general rules for employees, contractors and candidates, which are can be found in the relevant policies and contracts.
10.4 Although we have these policies on retention, you have the right to request the deletion of your personal information as outlined below.
11. Your Rights in Your Personal Information
11.1 You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of these rights, please contact us by emailing firstname.lastname@example.org or through any of the means advertised on our website.
11.2 We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will respect your personal information rights in respect of:
- Access. At your request we will confirm to you whether or not we are processing and using personal information about you. If we are we will provide you with information about the personal information we hold and other details to which you are entitled, including at your request either copies or summaries of the data.
- Rectification. We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about you.
- Erasure. We will erase your personal information at your request without undue delay.
- Restriction. We will restrict the processing of your personal information in certain circumstances, if you ask us to do so.
- Objection (including objection to direct marketing). We will respect your general rights to object to the processing of your personal information in certain circumstances, including for direct marketing purposes. We will usually inform you (before collecting your information) if we intend to use your information for such purposes. The fastest way to stop receiving marketing material from us is to use the unsubscribe links in all marketing emails we send you.
12.1 For protection of our clients’ data and our business, we regularly backup all our data. Back-ups are securely stored and not accessible in the ordinary course of business. Such backups may be kept for longer than the retention period that would otherwise apply, and given the way that they are stored it is not practical to remove individual items of personal information from them.
12.2 We will not restore data from these backups specifically in order to access data that has been deleted as a result either of the expiry of a retention period or on the basis of an erasure request.
12.3 Where such deleted data has been restored as a result of any wider data restoration required by the business, we will as soon as practicable re-delete data that we have deleted as a result of an erasure request, and within a reasonable time frame re-delete data which is beyond its retention period.
13.1 Our websites use “cookies” and other tracking technologies which are placed and stored on your computer hard drives or in their browser memory, when you visit our websites. You may review, delete, and in many cases block these at any time using the facilities provided in your web browser.
13.2 We use these technologies for:
- your convenience
- managing the site and ensuring it is safe and secure
- improving our websites and ensuring content is presented effectively.
- statistical and survey purposes (automatically collected and anonymous technical information about visits to the websites is used for these purposes).
15. Contact and Complaints
|7 November 2019||Clarification on how backups are held and what effect this has on GDPR retention and erasure rights|