REP27 UK LIMITED
PRIVACY POLICY
1. INTRODUCTION
Rep 27 Limited (collectively referred to as, “Rep27”, “we”, “us” or “our” in this Policy) respects your privacy and is committed to protecting your personal data. This Policy will tell you how we look after your personal data when you visit our website (the “Site”), use our Services, and your privacy rights.
2. WHO WE ARE
Rep27 Limited is a limited liability company incorporated in England and Wales with registered number 12959654 and whose registered office is at 48 Chancery Lane, London WC2A 1JF.
As set out in this Privacy Notice, in relation to personal data which is processed by us, Rep27 acts as:
- data processor for personal data provided to us by our clients or agents on their behalf; and
- data controller for personal data provided to us by third parties other than our clients, including without limitation (i) customers and contacts of our clients and (ii) the UK Information Commissioner’s Office (“UK ICO”)).
You can contact us either by post at the above address or by email at [email protected]. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at [email protected].
3. DATA COLLECTED BY REP27
We will collect and process the following personal data:
A From our clients, their advisers or agents:
- Name(s) of our contact(s) within your organisation
- Postal and email address(es)
- Telephone number(s)
B Where you contact us as UK representative for our clients (as applicable):
- Name
- Address
- Email address
- Phone number(s)
- Concerns around you use of their personal data which may potentially refer to sensitive personal data. By providing us with sensitive personal information, you consent to us processing that information for the purposes set out in this Privacy Notice or any collection notice provided to you.
C Where you contact us as a third party in relation to the Rep 27 business:
- Name
- Address
- Email address
- Phone number(s)
We may collect information about your browser and/or device that you use to access our Site (like the type of browser and browser settings and the device identification number). Device information may or may not be personally identifiable depending upon whether it is linked to the identity of the user.
We may also automatically log information, such as your IP address, domain name, browser type, date and time of access, and other log file data. This information may be used to analyse trends and help us with administration of our Site. We may collect statistical or non-personally-identifiable information about you including, for example, which pages you visit, how long you remain on a particular page, the website from which you came to our Site, or similar information.
Please see our Cookie Policy as to how we also use cookies to gather certain non-identifiable information.
4. WHAT DO WE DO WITH YOUR DATA
Subject to applicable data protection laws, we may process your personal information in the following ways/for the following purposes:
Purpose | Legal Basis |
To provide clients with the services contracted as their UK Representative | Perform necessary steps at your request – contractual fulfilment |
To process requests and respond to enquiries | Perform necessary steps at your request – contractual fulfilment |
Register you for any services you have signed up for and administer your account generally | Perform necessary steps at your request – contractual fulfilment |
For business administration, including statistical analysis | It is in our legitimate interests to do so |
To personalize your visit to our Site and to assist you while you use our Site | It is in our legitimate interests to do so |
To improve our Site by helping us understand who uses the Site | It is in our legitimate interests to do so |
To contact you about products and services offered by us which we believe may interest you | It is in our legitimate interests to do so |
For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice. in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. | For compliance with our legal obligations |
5. Who Will Have Access to Your Personal Information?
Your personal information may be stored by a third party contracted by us for that purpose whose servers may lie outside the UK, which therefore involves an international transfer outside the UK (see below). We also sometimes employ other companies and individuals to perform functions on our behalf, e.g., providing technical support for the systems where your personal data is held. They may need access to your personal data to perform their functions but will not use your personal data for any other purpose.
We may also disclose personal data to comply with our legal or regulatory obligations, in response to a non-mandatory request for information made by a governmental or state body, or as part of an investigation of unlawful activity.
6. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to countries located outside the UK (e.g. cloud-based where the servers are not located in the UK), including to countries that may not provide a similar or adequate level of protection to that provided by the UK, in which case we will only do so subject to the necessary protections mandated by GDPR as adopted in the UK post-Brexit, or such others including the UK ICO as may be applicable to the UK following Brexit. We have considered the specific risks in doing so and are satisfied that the security, technical and organizational measures which we have put in place provide a satisfactory level of protection to maintain our ability to do so. A copy of this information can be obtained by contacting us.
7. SECURITY AND RETENTION OF YOUR PERSONAL DATA
The security of your personal data is important to us. We take reasonable steps, including technical, administrative and physical safeguards, designed to protect the personal data submitted to us from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will ask any agents and service providers to whom we may transfer your personal data take comparable steps to protect that security. However, no method of security or method of transmission over the Internet is entirely secure. You should always use caution when transmitting personal data over the Internet.
As a client, we may retain your personal data for as long as your account is active or as needed for the specific business purpose for which it was collected. As a third party contacting us to communicate with our clients, we may retain your personal data for a maximum of 12 months. In some cases, we may be required to retain personal data to comply with laws or regulations or other legal obligations, resolve disputes and enforce our agreements.
8. EXTERNAL LINKS
The Site may, from time to time, contain links to external sites operated by third-parties. We are not responsible for these third-party sites or the content of such third-party sites. Once you have left the Site, we cannot be responsible for the protection and privacy of any personal data which you provide.
9. MARKETING
We may contact you periodically by email to provide personal data regarding programs, products, services and content that may be of interest to you. If applicable law requires that we receive your explicit consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your explicit consent. If you wish to stop receiving these types of communications from us, you can opt-out by contacting us at the email and address as described below.
10. YOUR RIGHTS
Under certain circumstances, you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected;
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) but you feel it impacts on your fundamental rights and freedoms;
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
- Request the transfer of your personal data to you or to a third party; and
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you wish to exercise any of these rights, please Contact Us as set out in Section 2 above.
You also have the right to lodge a complaint in relation to any processing which we undertake in relation to your personal data with the UK supervisory authority, the Information Commissioners Office (ICO) at www.ico.gov.uk.
Last updated: 1st December 2020