GDPR: DATA PRIVACY NOTICE

Introduction

This Privacy Notice tells you what to expect in relation to personal information about you which is collected, handled and processed by SPQR Communications Ltd.

SPQR Communications Ltd, Somerset House, The New Wing, London, WC2R 1LA is the Data Controller.

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of the individuals whom we process personal information, including our employees, clients, journalists and visitors to our website. We will only collect and use personal data in a way that is consistent with our obligations and individual rights under the law.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

What is personal data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but also covers personal data you voluntarily provide to us.

Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’. The special categories of personal data specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin; political opinion; religious or philosophical beliefs; health data, sexual life or sexual orientation, trade union membership; and criminal records.

If you choose to provide special categories of personal data to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under local law, for us to collect and use that data in the ways described in this Notice or as described at the point where you choose to disclose this data.

Processing your personal data

For the purposes of this notice, processing data refers to the handling, collecting, protecting or storing of your personal data.

We may collect personal data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff and clients.

The personal data that we process includes:

  • Basic information, such as your name, the company you work for and your title or position;
  • Contact information, such as your postal address, email address and phone number(s);
  • Financial information, such as payment-related information;
  • Technical information, such as information from your visits to our website or in relation to materials and communications we send to you electronically;
  • Information you provide to us for the purposes of attending meetings and events (including dietary and access requirements);
  • Identification and background information provided by you or collected as part of our business acceptance processes;
  • Personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include sensitive personal data; or
  • Any other information relating to you which you may provide to us.

How we obtain personal data

  • The following are examples of how we may obtain personal data from you:
  • As part of our administrative and business processes including finance, administration and marketing processes;
  • Subscribing to or ordering newsletters and/or publications;
  • Subscribing to third party contact databases;
  • Registering for events and conferences;
  • Submitting CVs or resumes or otherwise for the purposes of recruitment;
  • Contacting us for further information;
  • Monitoring email communications sent to and from SPQR Communications Ltd;
  • Providing us with business cards or other contact information.

How we use personal data

  • We may use your personal data to:
  • conduct administrative or operational processes within our business;
  • process and respond to requests, enquiries or complaints received by you;
  • provide services requested by you (including the performance of our contractual obligations to you);
  • identify services you may be interested in;
  • communicate with you about our services;
  • invite you to meetings and events;
  • monitor and analyse our business;
  • send you marketing materials.

Journalists

As part of our business we may engage with journalists and other individuals who work in the media on behalf of clients. Where we obtain the personal data of journalists and others in the media arena, we use this in order to:

  • Send press releases;
  • Facilitate access to and arrange interviews with individuals employed by our clients which will be of benefit to both parties;
  • Respond to questions relating to communications issued by our clients;
  • Share information with our clients so that we can be transparent with them about who we are speaking to on their behalf and understand who they believe may be most relevant to speak to in respect of a particular matter;
  • Share insights with respect to possible areas of interest and topics that we think may be relevant; and
  • Send invitations to meetings or events hosted by us or our clients.

What is our legal basis for processing your personal data?

Under the GDPR, we must always have a lawful basis for using personal data. In such cases, we rely on one or more of the following processing categories:

  • As necessary for our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
  • As necessary for the performance of our contract with you or to take steps to enter into a contract to supply services with you;
  • As necessary to comply with a legal obligation where you exercise your rights under data protection law and make requests and to comply with any legal obligation or lawful request;
  • Based upon your consent or explicit consent where you have agreed to us processing your personal data for the relevant purpose.

Withdrawing your consent

Where we process personal data based upon consent, you may change your mind and withdraw your consent at any time by contacting us at GDPR@SPQRCommunications.com.

Sharing your personal data

Your personal data will be treated as strictly confidential. At times it may be necessary to share personal data with certain trusted third parties in accordance with contractual arrangements in place with them, including:

  • Our professional advisers, auditors and insurers;
  • Third parties to whom we outsource certain support services such as administration, photocopying and document review;
  • Our IT service providers (including website hosting and management, data analysis, data backup, security and storage services);
  • Third parties engaged in the course of the services we provide to our clients and with their prior consent; and
  • Third parties involved in hosting or organising meetings, events or seminars.

The third-party providers may use their own third party subcontractors that have access to personal data (sub-processors). We only use third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal data and to flow those same obligations down to their sub-processors.

We may be required to disclose your data to comply with legal or regulatory requirements; under those circumstances, we will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary to fulfil the purposes outlined in this Notice unless a longer retention period is required or permitted by law.

Our retention periods are based on the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal requirements to retain the data for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list or newsletter, we may keep certain limited information about you so that we may honour your request.

Marketing Communications

Most of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public on social media websites, to make an initial contact with a relevant individual at a client or other company.

Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so. We may send you further emails prompting you to refresh your consent from time to time.

You can also exercise the right to discontinue marketing communications to you. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again. If you have agreed to receive marketing but then later change your mind and no longer wish to receive marketing, please let us know so we can remove you from our distribution lists.

Please contact us on GDPR@SPQRCommunications.com if you do not wish to receive communications from us.

If you decide to unsubscribe from a service or communication, we will try to remove your data promptly, although we may require additional information before we can process your request.

When we keep your personal data, we are responsible for keeping an accurate record of the data that you have submitted to us and verified. We do not assume responsibility for verifying the ongoing accuracy of your personal data.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of personal data we hold about you and how we process it by way of a subject access request;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data, or restrict the way in which we use such personal data;
  • The right to object to our processing of your personal data, restrict our processing of that data, prevent unauthorised transfers of your personal data to a third party and, in some circumstances, require personal data relating to you transferred to another organisation; and/or
  • The right to withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing).

Transfer of Data

We do not transfer personal data outside the EEA.

Automated Decision Making

We do not use any form of automated decision making in our business.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy notice

We will keep our privacy notice under regular review and will update as necessary. Any changes will be communicated via our website and we recommend that you consult this page so that you are aware of our latest privacy notice. Your continued use of our services shall constitute your acceptance of any revised privacy notice.

How to contact us

Please contact us by email if you have any questions about our privacy notice or data we hold about you: GDPR@SPQRCommunications.com.

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact GDPR@SPQRCommunications.com.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the ICO.