Privacy Notice

Last updated: 21 October 2024

 

INTRODUCTION

Andrew Paul Limited (the “Company”, “we”, “our” or “us”) takes data privacy seriously and respects the privacy of Personal Data of the individuals with whom we interact. This Privacy Policy (the “Policy”) explains how the Company uses your Personal Data and our commitment to safeguard the privacy and security.

This Policy applies to personal information which is collected and/or used by Andrew Paul Limited in its capacity as a data Controller. By providing your Personal Data, you agree to it being processed in accordance with this Policy.

If you have any questions about this Policy or how we process your Personal Data, please contact us using the details below.

 

DEFINITIONS

“Consent” agreement by a Data Subject to the Processing of Personal Data related to them. Consent must be: given freely, specific, informed and an unambiguous of the Data Subject’s wishes.

“Controller” the natural or legal person, public authority, agency or other body which, along or jointly with others, determines the purposes and means of the processing of Personal Data.

“Data Subject” a living, identified or identifiable individual about whom we hold Personal Data.

“Personal Data” any information relating to a Data Subject.

“Processing” any operation or set of operations which is performed on information or sets of information such as: (a) collection, recording, organisation, structuring or storage; (b) adaption or alteration; (c) retrieval, consultation or use; (d) disclosure by transmission, dissemination or otherwise making available; (e) alignment or combination; or, (f) restriction, erasure or destruction.

“Processor” a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

 

PERSONAL DATA WE COLLECT

We may collect and process different types of Personal Data in the course of operating our business and providing services. Personal Data collected and processed could include:

Basic personal details such as your title, name and job title;

Contact data such as your telephone number(s) and postal or e-mail address(s);

Financial data such as payment-related information or bank account details;

Demographic data such as your gender, age, preferences or interests;

Website usage and other technical data such as online identifiers including your geographic location, operating system and browser type and the search terms you use;

Personal Data provided to us by, or on behalf of, our clients or generated by us in the course of providing our services. This may, where relevant, include special categories of Personal Data;

Data that you may provide to us for example in course of signing up for any newsletters or publications or attendance at organised events;

Any other Personal Data relating to you that you may provide.

 

HOW WE OBTAIN PERSONAL DATA

We may collect or receive your Personal Data in a number of different ways:

Where you provide it to us directly, for example, in correspondence with us (e.g. e-mail, telephone) or via other direct interactions such as completing a form on our website;

Publicly available sources, which we may use to help keep the contact details we already hold for you accurate and up to date for professional networking purposes e.g. Linkedin, your company website.

 

PROCESSING PERSONAL DATA

Andrew Paul Limited will only use your Personal Data where we are permitted to do so by the applicable laws. Under the UK General Data Protection Regulations, we are required to process information lawfully, fairly and in a transparent manner as well as ensuring Personal Data is accurate and secure. Any Personal Data will be collected for specified, explicit and legitimate purposes. The lawful bases we rely on for Processing this information are:

Consent: where you have consented to our use of your Personal Data. You are able to remove your consent at any time and can do this by contacting us using the details below.

Contract performance: where your Personal Data is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your Personal Data to comply with our legal obligations.

Vital interest: where we use your Personal Data to protect the vital interests of the data subject or another natural person.

Legitimate interest: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Public interest: where we need it to perform a task carried out in the public interest.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your personal information changes during your business relationship with us.

 

SHARING PERSONAL DATA

We may share your personal information with trusted third parties both within and outside the European Economic Area (EEA) pursuant to contractual arrangements or regulatory obligations we have with or owe to them, including:

Our professional advisors (e.g. legal, financial and audit);

Our bank;

Our insurers and insurance brokers;

Suppliers of goods and services to us (e.g. IT services).

We may need to share your Personal Data with regulatory authorities, government agencies and law enforcement agencies. Where permitted, or unless to do so would prejudice the prevention of detection of a crime, we will direct any such request to you or notify you before responding.

 

STORING PERSONAL DATA

In the course of business, including where we share information as set out above and where we are working overseas, we may need to transfer your Personal Data to locations outside the UK, including countries outside the European Economic Area (EEA) where data protection laws may not be as comprehensive.

We ensure that that the Personal Data we hold is secured by appropriate and organisation security measures.

 

HOW LONG WE KEEP YOUR PERSONAL DATA

We will retain your Personal Data for as long as is necessary to fulfil the purpose for which the data was collected and any other permitted linked purposes. Our retention periods are also based on our business needs, our legal or regulatory obligations to retain data for a certain period of time and good practice.

 

RIGHTS IN RELATION TO YOUR PERSONAL DATA

Under applicable data protection laws, you have rights including:

Right of access, known as a Subject Access Request. We may need to refuse any such request for Personal Data if it is subject of legal professional privilege;

Right of rectification;

Right to erasure;

Right to restriction of processing;

Right to object to processing;

Right to data portability.

You are not required to pay any charge for exercising your rights. If you make a request, we will respond to your request within one month of receipt. In some cases we may not be able to fulfil your request before this date, and may need more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request. Please contact us using the details below if you wish to exercise any of these rights.

 

UPDATES

We may update this Policy at any time without notice. Any changes will be notified to you using the e-mail address you have given to us and/or by announcement on our website.

 

CONTACT US

If you have any questions about this Policy or how we process your Personal Data, please contact us using the details below:

Andrew Paul Limited

M / +44 (0)7587 753996

E / info@andrewpaul.co.uk

 

HOW TO COMPLAIN

If you have any concerns about our use of your Personal Data, you can make a complaint to us using the contact details above. You can also complain to the Information Commissioner’s Office (“ICO” the “Commissioner”) if you are unhappy with how we have used your data. The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow, Cheshire

SK9 5AF

Tel: 0303 123 1113

Web: https:///www.ico.org.uk