Consilio Data Protection Notice
Clients and Potential Clients
(GDPR Act 13)
Consilio understands that privacy is important to all of its clients and potential clients and that you consider carefully how your Personal Data is used and shared. We respect and value the privacy of everyone who interacts with us and will only collect and use Personal Data in ways that are described here, and in a manner that is consistent with our obligations and your rights at law.
Please read this Data Protection Notice carefully and ensure that you understand it. If you do not accept and agree with the way that Consilio processes your Personal Data then we request that you let us know, using the contact details below so that we can address any concerns.
1. Definitions and Interpretation
In this Notice, the following terms shall have the following meanings:
“Personal Data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means Personal Data that you give to us or that we have collected up to now. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
2. Information About Us.
We are Consilio Global SPRL, a limited company registered in Belgium with registered number 0883.063.353, whose registered address is Place du Champ de Mars 5, Tour Bastion – Etage 20, 1050 Brussels (Ixelles), Belgium and its foreign branch office, Consilio Europe, registered in England with number FC027259 and registered office at 10 Aldersgate Street, London, EC1A 4HJ (“Consilio”). We are part of the Consilio group of companies, being companies sharing the same ultimate parent/controlling shareholder company as Consilio Global SPRL (“Consilio Group”).
3. What Does This Notice Cover?
This Data Protection Notice applies only to Personal Data that we hold as a Controller.
4. Your Rights
As a Data Subject, you have the following rights under the GDPR, which this Notice and our use of Personal Data have been designed to uphold:
- The right to be informed about our collection and use of Personal Data;
- The right of access to the Personal Data we hold about you;
- The right to rectification if any Personal Data we hold about you is inaccurate or incomplete;
- The right to be forgotten – i.e. the right to ask us to delete any Personal Data we hold about you (we only hold your Personal Data for a limited time, as explained below but if you would like us to delete it sooner, please contact us);
- The right to restrict (i.e. prevent) the processing of your Personal Data;
- The right to data portability (obtaining a copy of your Personal Data to re-use with another service or organisation);
- The right to object to us using your Personal Data for particular purposes; and
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your Personal Data, please contact us using the details below and we will do our best to resolve the concern. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s at https://ico.org.uk/concerns/.
5. What Data Do We Collect?
We may collect some or all of the following personal and non-Personal Data about you:
b. business/company name
c. job title;
e. contact information such as email addresses and telephone numbers;
f. information such as preferences or interests that you have shared with us.
6. How Do We Use Your Data?
All Personal Data is processed and stored securely, for no longer than is necessary for the purpose(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on security, please see the security section, below.
Our use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you or your organisation or because it is in our legitimate interests to offer you services which we reasonably believe you will have an interest in obtaining from us. Specifically, we may use your data for the following purposes:
- Negotiating, servicing and managing contracts with you or your organisation (and to the extent that we have a contract for services or a non-disclosure agreement or similar document with you or your organisation, which contains additional restrictions over our collection, handling or use of your Personal Data, the terms of such document will prevail);
- Replying to emails or other contact from you;
- With your permission or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone or post with information, news and updates about our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to object to us using your Personal Data at any time, and to request that we delete it.
7. How and Where Does Consilio Store Your Data?
We only keep your Personal Data for as long as we need to in order to use it as described above, and/or for as long as you are content for us to do so.
Some or all of your data may be stored or accessed from outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein) and specifically in our Client Relationship Management system (“CRM”) that is hosted by Salesforce in Chicago, Illinois.
8. Data Security and International Transfers of Personal Data
When you provide information to any part of Consilio you will in most cases be providing it to the Consilio Group of companies as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country. However, where we do store data outside the EEA, we take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Consilio’s main operations outside of EEA are in the United States, and Consilio US is part of the United States Privacy Shield certification scheme, Consilio US seeks to apply similar privacy and data protection standards to Personal Data in the United States as are applicable in the EEA.
Data security is extremely important to us, and to protect your data we have taken suitable technical and organisational measures to safeguard and secure data collected.
Steps we take to secure and protect your data include:
- Our UK, US and German operations are certified for ISO27001-2013; and
- All Consilio staff are committed to confidentiality; and
- We ensure the resilience of our processing systems and have processes that allow us to restore Personal Data in a timely fashion in the event of a physical or technical event, and
- We have processes for testing the effectiveness of our organisation and technical measures that are designed to protect Personal Data.
9. Do we Share Your Data?
We do not and will not share any of your data with any third party outside of the Consilio Group for any marketing or monitoring purposes. Each Consilio company in the Consilio Group is bound by contractual clauses that mean that each will adhere to the same standards of Data protection as our companies in the European Union.
We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where we transfer any Personal Data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EU and under the GDPR.
If we need to obtain processing services from any third party, such as the hosting of a CRM platform, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
In certain circumstances, we may be legally required to share certain data held by us, which may include your Personal Data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
10. What Happens If our Business Changes Hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Data Protection Notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you may not be contacted in advance or informed of the changes.
11. How Can You Control Your Data?
When we collect your Personal Data, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
12. How Can You Access Your Data?
You have the right to ask for a copy of any of your Personal Data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details at GDPR@consilio.com, or using the contact details below.
You also have the right to ask us to rectify or erase your data.
13. Contacting us
If you have any questions about this Data Protection Notice, please contact us by email at GDPR@consilio.com, by telephone on 020 3695 0200, or by post at 10 Aldersgate Street, London, EC1A 4HJ. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
14. Changes to our Data Protection Notice
We may change this Data Protection Notice from time to time (for example, if the law changes). Any changes will be immediately posted on our website at http://uk.consilio.com/privacy-policy/