Aspirant Analytics, the Controller and Data Protection Officer
Aspirant Analytics is a limited company registered in England and Wales (Company Number 08406864) whose registered office is 3rd Floor, 8-9 Talbot Court, London, EC3V 0BP, United Kingdom. For the purposes of this Policy, Aspirant Analytics is the Controller.
Many of the capitalised terms used in the Policy derive their meaning from defined terms in applicable data privacy law and we use those terms in the same way as they are used in applicable data privacy law. The definitions of the terms which are capitalised in this Policy are in Section 19 below. If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data carried out by us, or on our behalf, please contact our Data Protection Officer:
40-42 Scrutton Street
Collection of Personal Data
We may collect or obtain Personal Data about you: directly from you (e.g., where you contact us); in the course of our relationship with you (e.g., if you subscribe to any of our Services); when you make your Personal Data public (e.g., if you make a public post about us on social media); when you use any of our Software; when you visit our Sites; when you register to use any of our Sites, Software, or Services. We may also receive Personal Data about you from third parties (e.g. credit reference agencies and regulatory bodies). See below for more detail on the way in which we collect your Personal Data.
Creation of Personal Data
We may also create Personal Data about you, such as records of your interactions with us, and details of any Services agreed between you and us.
Processing of Personal Data
We may Process: your personal details (e.g., your name); your contact details (e.g., your office phone number and office email address); records of your consents; purchase details; payment details (e.g., your billing address); information about our Sites and Software (e.g., the type of device you are using); and details of your employer (where relevant); and any views or opinions you provide to us.
Lawful Basis for Processing of Personal Data
We may Process your Personal Data where: you have given your prior, express consent; the Processing is necessary for a contract between you and us; the Processing is required by applicable law; or where we have a valid legitimate interest in the Processing for the purpose of managing, operating or promoting our business (and where that legitimate interest is not overridden by your interests, fundamental rights or freedoms).
Purposes for which we may Process your Personal Data
We may Process your Personal Data for the following purposes: providing services to you; operating our Sites and Software; communicating with you; managing our IT systems; financial management; conducting surveys; ensuring the security of our systems; conducting investigations where necessary; compliance with applicable law; and improving our Sites, Software, and Services.
Sensitive Personal Data
We do not seek to collect or otherwise Process your Sensitive Personal Data. Where we need to Process your Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.
Disclosure of Personal Data to Third Parties
We may disclose your Personal Data to: legal and regulatory authorities; our external advisors; our Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third party providers of advertising, plugins or content used on our Sites, or Software.
International Transfer of Personal Data
We may transfer your Personal Data within Aspirant Analytics, and to third parties as noted in Section 10, in connection with the purposes set out in this Policy. We may transfer your Personal Data for such reasons to other countries that are considered to be Adequate Jurisdictions - please note, this may mean these countries have different laws and data protection compliance requirements to those that apply in the country in which you are located.
We have appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law. The transmission of information via the internet is not completely secure given that it is an open system. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
We take reasonable steps to ensure that:
Your Personal Data that we Process are accurate and, where necessary, kept up to date; and
Any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay
From time to time we may ask you to confirm the accuracy of your Personal Data.
We take reasonable steps to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. However, the period of time for which we hold your Personal Data will vary depending upon the type of information and the reason why we Process it.
The criteria for determining the duration for which we will keep your Personal Data are as follows: we will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.
Your Legal Rights
Under applicable law, you may have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. We may require proof of your identity before we can give effect to these rights.
Exercising Your Legal Rights
To exercise one or more of the legal rights in Section 16, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please contact our Data Protection Officer whose details are provided in Section 2.3. Please note that:
We may require proof of your identity before we can give effect to these rights; and
Where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Terms of Service
All use of our Sites, our Software, or our Services is subject to our Terms of Service. We recommend that you review our Terms of Service regularly, in order to review any changes we might make from time to time.
“Adequate Jurisdiction” a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
“Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs and any other tracking devices.
“Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
“Relevant Personal Data” means Personal Data in respect of which we are the Controller. It expressly does not include Personal Data of which we are not the Controller.
“Services” means the services provided under any applicable agreement between Us and you which includes use of our Sites and/or Software.
“Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
“Software” means any application, software or platform made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).
“Site” means any website operated, or maintained, by us or on our behalf.