“Prism Group” consists of three operating entities: Prism Financial Products LLP (“Prism LLP”), Prism Financial Products LP (“Prism LP”), and PrismFP Analytics Ltd (“Analytics Ltd”). This Privacy Notice is issued on behalf of Prism Group; references to “Prism Group”, "we", "us" or "our" refer to the relevant operating entity(ies) within Prism Group responsible for processing your data.
Prism Group respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you about how we look after your personal data when you interact with Prism Group, including when you use our brokerage businesses, visit our website(s) and/or use any of our online services (regardless of the geographical location from where you visit them), or provide us with services. It tells you about your privacy rights and how the law protects you.
1. IMPORTANT INFORMATION, WHO WE ARE & CONTACT DETAILS
Purpose of this Privacy Notice
This Privacy Notice sets out how Prism Group collects and processes personal data from external contacts. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
Data Controllers and Joint Controllership
Prism Group has three operating entities:
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA062960
130 West 42nd Street, 23rd Floor
New York, NY
ICO reg: ZA377778*
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA269746
* Prism LLP has been designated as the representative in the EEA of Prism LP.
References in this Privacy Notice to the “brokerage(s)” means Prism LLP and Prism LP, collectively or individually, as the circumstances require.
Generally speaking, we act as a data controller in all Prism Group’s relationships with clients, suppliers and other third parties. This includes where we provide you with brokerage/research services and/or direct electronic access to markets, exchanges and other trading venues (“Exchanges”) through our licensed-in third party platform(s) and technology (“DEA”).
Members of the Prism Group may sometimes (to the extent permitted under applicable laws, regulations and contracts) jointly determine the purposes and means of processing your personal data in relation to our business and, as such, we may sometimes share data and/or act as “joint controllers”. In essence, our respective responsibilities and roles in relation to compliance with applicable laws and, in particular, as regards providing you with information about how we use and look after your personal data and your privacy rights are: (i) centrally overseen by our Chief Information Security Officer (“CISO”) who, in turn, reports to senior management; (ii) governed by a data sharing arrangement between the Prism Group entities; and (iii) are further detailed in this Privacy Notice. Our CISO is your first point of contact for queries via: firstname.lastname@example.org. If these data sharing arrangements were ever to be terminated in respect of one of more of the Prism Group entities, personal data relating to you may be retained by or, as the case may be, transferred to the terminated entity(ies) or their successors and assignees.
Analytics Ltd acts as both data controller and a data processor where your company has an agreement with it to use the analytics service it makes available through its proprietary platform (“Platform”). Under that relationship Analytics Ltd is a data processor only in respect of the limited amount of personal data it uses to provide the core element of that service (and is a data controller for all other aspects of the relationship). The basis upon which Analytics Ltd acts as a data processor is set out in our subscription agreement with your company, and is also detailed in the Privacy Notice, which all users can access when they log-in to the service.
Chief Information Security Officer (“CISO”)
We have appointed a CISO, who is responsible for overseeing Prism Group’s data privacy compliance and initiatives, and for answering questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our CISO: email@example.com or write to the CISO at one of the above addresses.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) and/or potentially your local competent authority (if different). We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us via: firstname.lastname@example.org in the first instance.
Changes to this Privacy Notice
When we update this Privacy Notice we will (amongst other things) update the versions available on our website(s) and via the links in our emails. Historic versions can be obtained by contacting us at email@example.com.
Informing us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Anyone else’s personal data that you provide to us
If for any reason you provide us with any personal data about someone else, please ensure that you are entitled to do so, and please also provide them with a copy of (or send them a link to) this Privacy Notice.
Third-party links and third party services
Our website(s) and online services (including the Platform and DEA) may include links to third-party websites, plug-ins and applications. If you have a relationship with our brokerage business, you may also elect to communicate with us via messaging services such as Bloomberg. Clicking on those links, enabling those connections, or using those messaging services may allow the relevant third parties to collect or share data about you. We do not control these third-party websites, applications and services and we are not responsible for their privacy statements. When you leave our website(s) or use plug-ins, applications and other third party services, we encourage you to read their respective privacy notices.
Please be assured that any obligations of confidentiality we may have with you in respect of non-personal commercial data (such as details of trades), both under contract and, in the case of the brokerages, under their respective regulatory regimes, are not affected by this Privacy Notice.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information relating to an identified or identifiable natural person (a data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender. In limited circumstances it may include a copy of your passport for our Know Your Client/Anti-Money Laundering compliance activities.
- Contact Data includes billing address, delivery address, email address, telephone numbers, trader, DEA and similar identifiers, and Bloomberg ID.
- Financial Data includes bank account details (where you supply us with services in your own name or you provide one of the brokerages with details of a family office account bearing a family name).
- Transaction Data includes details about our various commercial interactions, including transactions that we may have executed for you as part of our brokerage business, DEA transactions, and services (including various types of research) that we have provided to you or (if you are a supplier) details about business you or your company has done with Prism Group.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s), the Platform, DEA or our other online services.
- Profile Data includes your Platform/DEA username(s) and password(s) and other online identifiers, credentials and personalisations.
- Usage Data includes information about how you use our products and services – this may overlap with/relate to the Transaction Data referred to above.
We also collect, use and share Aggregated Data relating to use of Prism Group services for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal you or your company’s identity, nor can your specific trades or analysis habits be identified or attributed to you via reverse engineering or otherwise. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website/service feature and to identify which, and to analyse why, services are over or under-used.
Other than in very limited circumstances where you provide us with a copy of your passport for our Know Your Client/Anti-Fraud and Anti-Money Laundering compliance activities, and from which your race, ethnicity or religious beliefs might be apparent, we do not collect any Special Categories of Personal Data about you such as sexual orientation, political beliefs, health, genetic or biometric data.
If at any time we collect any information about your criminal convictions and offences, it will be disclosed by you (or at your request), or it will be obtained from the public domain and we will use it only in relation to our Know Your Client/Anti-Fraud/Anti-Money Laundering compliance activities.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you or your company, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide brokerage services). In this case, we may have to cancel or refuse to provide a service, but we will notify you if this is the case at the time.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including:
- Direct interactions. You may give us your Identity, Contact, Profile, Transaction, Usage and Financial Data by filling in forms or by corresponding with us by post, phone, email, Bloomberg, through our website(s) and online services or otherwise. This includes personal data you provide when you:
- undertake our client/DEA initial onboarding and subsequent review processes (which includes our Know Your Client/Anti-Money Laundering compliance activities);
- interact with our brokerage(s) in relation to trading strategies and opportunities;
- receive/request research and analysis from us;
- ask us to execute trades;
- apply/register for our products or services;
- register and log-in to the Platform/DEA or create an account on our website(s);
- use the Platform, DEA and/or any other online services we offer;
- contact us or visit us in the normal course;
- provide us with references or other information in relation to job applicants;
- provide us with, or contact/negotiate with us about, goods or services (including in relation to our recruitment activities); or
- provide us with feedback.
Automated technologies or interactions. As you interact with our website(s) and online services (including the Platform/DEA), we (and/or our service providers) may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see section 4 below for further details. We will also collect Usage and Transaction Data to generate Aggregated Data.
PLEASE NOTE: to ensure that Prism Group meets its legal and regulatory obligations, communications of any sort, including email, Bloomberg messages, transactional data feeds and telephone calls, may be recorded/monitored.
- Third parties or publicly available sources. We may receive personal data about you from your company/employer and various other third parties and public sources, including as set out below:
- Identity, Contact and Transaction Data from your employer or your colleagues in the normal course of their creation and pursuit of a commercial relationship with us.
- Identity, Contact, Usage and Transaction Data from regulators, relevant authorities, clearers, Exchanges and service providers in the normal course of our brokerage/research relationship with you and your company.
- Identity, Contact, Usage, Profile, Technical and Transaction Data from the third parties we use to help us provide (and any third parties you use to access) our products and services, such as the Platform, DEA, our trading platform(s) and helpdesk providers. In particular, we will receive various personal data via any supported order management system which you or your employer uses to access our DEA platform.
- Technical Data from analytics providers and search information providers such as Google.
- Identity and Contact Data from publicly availably sources such as Google, LinkedIn, Facebook, Twitter, Companies House and the Electoral Register.
- Identity and Contact Data from people and companies who have a current or proposed relationship with you and who introduce us, including recruitment firms.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to and in accordance with this Privacy Notice. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) – normally where a Prism Group entity has a current or prospective business relationship with you and/or your company.
- Where we need to comply with a legal or regulatory obligation – this is particularly relevant in relation to our brokerages, which are both regulated entities and this includes using and testing various monitoring services.
- Where we need to perform the contract we are about to enter into or have entered into with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person as we do not have individual persons as clients).
Generally, we do not rely on consent as a legal basis for processing your personal data.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use personal data, and on which of the legal bases we rely to do so. We have also identified what our legitimate interests are, where appropriate.
For these purposes, “legitimate interest” means the interest of Prism Group in conducting and managing our business to enable us (if you are a client) to give you the best service/product and the best and most secure and compliant experience/interaction; and (if you are a supplier/service provider or other external contact) to manage our relationship in an efficient, mutually beneficial and legally compliant manner. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us via firstname.lastname@example.org.
Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using it. Please contact us via email@example.com if you have any questions about this.
Type of data
Lawful basis for processing including basis of legitimate interest
Corresponding with you about our actual/ potential relationship, to onboard you/your company as a new client or as a new supplier/service provider to one or more Prism Group entities, and ongoing in relation to our compliance-related activities and obligations.
(a) Necessary for our legitimate interests (to negotiate, implement and perform our contract/pursue our commercial relationship with you/your employer/company)
(b) Necessary to comply with a legal obligation. For example, we have Know Your Client and Anti-Money Laundering obligations to fulfil as part of our onboarding processes for the brokerages and periodically thereafter
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, we do not have individual persons as clients)
Where you are (or interact with us on behalf of) a client, to manage our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) Prism Group entities interacting and using/sharing personal data between themselves and with their respective service providers for the purposes of that relationship.
In the case of the brokerages, Prism Group will use personal data to:
(a) contact and interact with you both proactively and reactively about the markets, trading strategies and opportunities
(b) provide research and analysis
(c) execute trades
(d) report, record, reconcile and charge for business that has been undertaken, including reporting to the relevant Exchanges and regulators
(e) answer enquiries and provide updates about our services
(f) collect, use and share Aggregated Data
(g) comply with our regulatory obligations
(h) manage the ongoing relationship
(i) undertake backups and archiving
In the case of Analytics Ltd/the Platform, Prism Group will use personal data to:
(a) contact and interact with you both proactively and reactively about our services and to provide you with user and technical support
(b) provide you with, and update you about, the relevant services including onboarding you and potentially, as the service matures, building your user profile and preferences with you
(c) manage your user account(s) and your relationship with us more generally including potentially, as the service matures, by personalising the service to provide a richer user experience
(d) collect, use and share Aggregated Data
(e) undertake backups and archiving
In the case of DEA, Prism Group will (either itself or through its service providers/clearers) use personal data:
(a) to contact and interact with you both proactively and reactively about the service and the trades you execute via DEA and to provide you with user and technical support
(b) to provide you with, and update you about, the service including onboarding you and potentially, as the service matures, building your user profile and preferences with you
(c) to manage your user account(s) and your relationship with us more generally including potentially, as the service matures, by personalising the service to provide a richer user experience
(d) when systems send and receive pre-trade communications and trade execution data containing small amounts of personal data as necessary in the course of DEA. This data is part of standard protocols and is required to meet Exchange and/or other legal/regulatory requirements
(e) to collect, use and share Aggregated Data
(f) to undertake backups and archiving
Any and all Prism Group entities will use personal data:
(a) to notify you about changes to our terms or privacy practices
(b) for general business as usual correspondence and managing our relationship
(c) to ask you to leave a review or take a survey
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how our products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular, both of the brokerages are regulated
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, as we do not have individual clients)
Generally to administer and protect our business and our website(s), the Platform, DEA and our other online services (including troubleshooting, collecting, using and sharing Aggregated Data, data analysis, testing/piloting of current and future systems and services, system maintenance, support, reporting (including, where required by the licensor, reporting usage of licensed-in third party data), hosting of data, backups and archiving, and compliance.
(a) Necessary for our legitimate interests (for understanding, running and improving our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with legal obligations
Where you are (or interact with us on behalf of) a supplier or service provider, to manage all aspects of our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) Prism Group entities interacting and using/sharing personal data between themselves and with service providers.
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how your products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular with regard to both of the brokerages, which are regulated entities
If you are providing us with a reference or other information in relation to a job applicant, to process and record the application. This may include sharing your Identity and Contact Data with the relevant regulator(s)/authority(ies) where the applicant is seeking a regulated role. For example, if an applicant is to be registered as a CF4 with the FCA, some or all of the personal data you provide will need be shared with the FCA as part of the registration process.
(a) Necessary for our legitimate interests (for ensuring that we recruit the best candidates and that the candidates are fit and proper persons to work for us and our clients)
(b) Necessary to comply with a legal obligation
To use data analytics and Aggregated Data to improve the Platform, DEA and our website(s) and other Prism Group products/services, marketing, client relationships and experiences.
Necessary for our legitimate interests (to define types of customers for our products and services, to keep them updated and relevant, to develop our business and to inform our product/service development and other strategies)
Communications and interactions of any sort with Prism Group, including email, Bloomberg messages, transactional data feeds, systems usage and telephone calls, may be recorded/monitored.
Necessary to comply with a legal obligation – in particular with regard to both of the brokerages, which are regulated entities
Necessary for our legitimate interests (for understanding, running and improving our business and improving your interactions with us)
Where you have subscribed or agreed to receive research/analysis from us via one or more of our curated email groups (as opposed to via personalised email interactions with specific Prism Group staff) we may use MailChimp (or a similar service) to help us to record and analyse the extent to which the group emails are opened and/or their contents viewed/acted upon/consumed to enable us to record/report consumption, improve/tailor the service and make it more relevant for you and/or other recipients more generally. Each such email you receive will give you the option to opt-out of receiving further emails in the relevant group.
Necessary for our legitimate interests (for understanding, running and improving our business and improving your interactions with us)
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not currently envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Prism Group currently grows its business through recommendations and one-to-one interactions with personal contacts. Updates about what we do are routinely provided as part of our ongoing account management. We do not currently conduct direct marketing initiatives in the commonly understood sense, nor will we sell your data to third parties for their own marketing activities. If our approach to marketing changes in the future, we will update this Privacy Notice and obtain consents/provide opt-outs if and to the extent required by law.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you want an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via firstname.lastname@example.org.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.
- Other companies within Prism Group acting jointly or individually as controllers or processors and who are based in the UK and the US. Prism Group entities and their respective personnel often (subject to applicable laws and regulations) work both together and interchangeably when dealing with our clients and other third parties with whom we have a business relationship (and their respective personnel), and personal data is shared between them with a view to giving our clients the best service/product; and to giving everyone with whom we have a business relationship the best and most secure and compliant experience/interaction we can.
- We will disclose personal data to the following categories of external third parties:
Service providers who provide IT and system administration services underpinning Prism Group operations generally and/or the services we provide to our clients.
In the case of the brokerages and DEA, these third parties provide the trading, clearing, reporting and other platforms that are used to execute, clear, record and report trades and for compliance purposes. They in turn will interact with and report to the Exchanges in various countries on which we do business for you and with the relevant clearing banks and regulators as necessary to conclude and report trades.
In the case of Analytics Ltd and the Platform, the service providers (in addition to providing some general IT infrastructure for Analytics Ltd) host the Platform and provide a follow-the-sun helpdesk facility.
- Exchanges, regulators and other authorities based in the UK, the US and other territories where the brokerages conduct business for you in accordance with their disclosure/ reporting requirements.
- Our clearers and market makers.
- Bloomberg, where you elect to communicate with the brokerage(s) using Bloomberg systems.
- The platform known as “Docs” (hosted by FIA Tech), for the generation and recording of Give Up Agreements in relation to our brokerage relationship.
- Third parties at your or your company’s/employer’s request. For example, their reporting/data depository portals/service providers.
- Professional advisers including lawyers, bankers, auditors, accountants and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Any person or entity to whom we have a right or duty to disclose personal data. For example, to authorities and other official bodies and to relevant trading parties/service providers to assist in the prevention/detection of terrorism, money laundering and other crimes.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We require our service providers to respect the security and confidentiality of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and/or in accordance with our instructions.
Depending upon the nature of your relationship with us we may also need to share your personal information with clearers, Exchanges, regulators, suppliers and advisers, or otherwise to comply with the law. Generally speaking, these third parties are data controllers and will hold and process personal data shared in this way in accordance with their own privacy policies and the laws and regulations applicable to them.
6. INTERNATIONAL TRANSFERS
We share personal data within Prism Group in the UK and US in order to provide the best possible experience for our clients, suppliers and other external contacts. This will involve transferring your data both into and out of the European Economic Area (“EEA”). We have in place between Prism Group entities a global data transfer agreement, which incorporates approved “model clauses” (see the second bullet below for more detail) to ensure that there are adequate safeguards in place for personal data that is transferred between them.
Some of our service providers are based outside the EEA so their processing of your personal data will also involve a transfer of data into and out of the EEA.
When we transfer your personal data out of the EEA to our service providers, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission – for example, we retain records for our brokerages’ compliance purposes using a provider that is based in Canada. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- Where we use certain service providers, we may use specific “model clauses” approved by the European Commission that give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
- Where we use service providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
For international transfers of your personal data (primarily email addresses and trader IDs) between the brokerages and you or your company/employer (and/or the relevant regulators/Exchanges), during the normal course of our communications and business with you, where no other legitimate basis for transfer applies, we may make those transfers on the basis that they are necessary for the performance of the contract we have with your company/employer which was concluded in the interest of allowing you to use our brokerage/research/DEA or other services.
Please contact us via email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Additionally, we limit access to your personal data to those employees, agents, contractors and our service providers who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements in the relevant jurisdictions (e.g. for/to the FCA/NFA).
To determine the appropriate retention period for personal data, we consider the applicable legal and regulatory requirements in each relevant jurisdiction and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In some circumstances you can ask us to delete your data: see paragraph 9 below for further information.
As referred to above, when creating Aggregated Data, we will anonymise your personal data (so that it can no longer be associated with you or your company/employer) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to: access, update or correct it; restrict or object to our processing of it; ask for it to be erased; have it provided to another controller; or withdraw your consent in respect of it, where we have obtained your consent for processing.
If you wish to exercise any of the rights set out above, please contact us via firstname.lastname@example.org.
No fee usually required
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee where we are legally entitled to. For example, if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.