- 2. ABOUT US AND HOW TO MAKE CONTACT
“We” are Quantifire Ltd, and our registered office is at Quest House, Suite 2, Ground Floor, 125-135 Staines Road, Hounslow, United Kingdom, TW3 3JB(which we will refer to as “QuantiFire” or “us”).
Our company is registered in England and Wales, company number 08204416. Our Email address is: firstname.lastname@example.org
The person responsible for our data protection is Mr Tim Dew whom you can contact:
- By Post/mail: Mr Tim Dew, Quantifire Ltd, Quest House, Suite 2, Ground Floor, 125-135 Staines Road, Hounslow, United Kingdom, TW3 3JB.
- By Email: email@example.com
- 3. HOW WE COLLECT PERSONAL AND OTHER RELEVANT DATA
(1). What is the personal data that we use and where do we get it from?
Personal data is any information that identifies, or could reasonably be used to identify, an individual. We do not collect special categories of personal data, (such as information about race, ethnic origin, politics, religion, trade union membership, health, genetics, biometrics, sex life or sexual orientation).
The personal and other relevant data that we collect and use (process) includes:
- Contact data: your name, your employer’s identity, your address, telephone number and email address
- Profile data: including job function and expertise, investment interests (i.e. asset class, sector focus etc), employer investment profile (i.e. AUM, public share ownership information, etc)
- Response data: the product of global business to business research relating to investment interests
- Website data: data that you submit to us via our website
- Client data: information provided to us by clients who use our services
- Recruitment: data for job opportunities including role, education, skill set, experience, work history and any information required during recruitment. These may be provided by recruitment organisations you use when you apply for work with us.
- Billing information: any applicable billing information, particularly relating to clients who use our services and those who work with or for us
We collect personal data and other relevant both directly and indirectly:
A. Directly: when an individual provides information to us directly, for example:
- When contacting us by email, post, phone, via our website or otherwise, for example, to make an enquiry, make a complaint or to provide feedback
- By entering information into a feedback form or other online form or interactive website feature
- By engaging with us on social media or register or attend an industry event
- When using our services or provide products and/or services to us
- By submitting a CV and/or applying for work with us (including attending an interview).
- B. Indirectly: when we collect information from other sources of information, for example from:
- B2B contact and market intelligence databases
- Client databases
- Colleagues or individuals within an organisation (who may refer us to a specific individual)
- Social media sites such as LinkedIn
- Trade organisations
- Trade events
- Government filings
- Other public sources.
A legal basis will always be relied on to process the information from these sources.
(2). What happens if you don’t want to give us your personal or other relevant data?
If you do not supply us with personal data, then you may not be able to benefit from our services as we may be unable to act on your behalf. For example, if you provide feedback or requests which are intended to be relayed to a third party, we may be unable to relay this information.
- 4. HOW WE USE PERSONAL AND OTHER RELEVANT DATA
We use the information that we collect in a variety of ways, including when we:
- Provide our services to our clients, in order to fulfil our contractual obligations to them, which may include combining and reporting data that we have collected from direct and indirect sources
- Enable individuals to participate in market research relating to investor relations, on the basis that participating individuals are Investment Specialists (or equivalent professionals) and either we, or our clients, have a legitimate interest in doing so
- Share data within our internal teams and / or with our clients, including for legitimate purposes
- Manage our relationship and communicate with individuals whose data we hold
- Ask third parties to provide services to us including professional advisors, IT (including cloud providers), marketing, and outsourced services to help run our business properly and efficiently
- Obtain consent where applicable (for example, any marketing where individual consent is required)
- Interact and respond to individuals on social media
- Assess the ability and suitability of individuals who may wish to work with or for us
- Fulfil our contractual obligations to suppliers and other third parties
- Comply with relevant regulations and legislation
- Resolve complaints and issues and establish and defend our legal rights or manage any claims which are made against us
- Manage our business properly and efficiently
- Have other legitimate interests to do so.
- 5. THE LEGAL BASIS OF PROCESSING YOUR PERSONAL DATA
We will only process (collect, use or store) your personal data when we have a lawful basis for doing so and there are several lawful basis which we rely on: –
(1). Contractual obligations
Some processing is necessary to fulfil the contract/s that we have with our client/s.
(2). Legitimate Interest
Sometimes we will process personal data when:
- It is in our legitimate interests to do this and
- These interests are not overridden by data protection rights
Our legitimate interests include:
- Supplying services to our clients
- Making sure that our services are secure and operate effectively
- Fulfilling our obligations, including to employees, clients and shareholders
- Protecting our employees and clients
- Protecting, promoting and improving our services and our business
When an individual has provided us with their express consent. Consent can be withdrawn at any time by emailing firstname.lastname@example.org . If consent is the only basis for lawfully processing an individual’s personal data, then once their consent has been withdrawn, we will no longer process it.
(4). Legal obligation
Sometimes we will process personal data when we must comply with our legal and regulatory responsibilities such as preventing, investigating and detecting crime, including helping law enforcement agencies.
- 6. DATA RETENTION: HOW LONG DO WE KEEP PERSONAL DATA FOR?
Unless we have specifically agreed otherwise, we will only keep personal data for as long as it is:
- Necessary for the purposes for which the personal data are processed
- To enable us to comply with our legal obligations, for example for tax purposes
Retention depends on our relationship with the individual in question. Our data retention policy is detailed below:
|Data Subject||How long personal information/data is retained|
|Potential Clients||We will retain personal information for 2 years from the date of our last communication.|
|Clients||We will retain personal information for 7 years from the date that an individual ceased to be a client.|
|Potential employees who are not placed in employment using our services||We will retain personal information for 12 months from the date of our last communication, unless it is requested otherwise.|
|Employees / workers||We will retain personal information for 7 years from the date that you ceased to be an employee/worked with us.|
|Potential Suppliers||We will retain personal information for 2 years from the date of our last communication.|
|Suppliers||We will retain personal information for 7 years from the date that an individual ceased to be a supplier.|
|Investment specialists||Investment specialists who work within the capital markets are regularly contacted in their professional capacity, by corporate entities who are typically QuantiFire’s clients. Because QuantiFire cannot know when a new or existing client might ask us to contact investment specialists on their behalf, we will retain information relating to these individuals until such time as it needs to be updated or deleted. This benefits individual investment specialists by enabling us to contact them in a targeted way, with information or requests which are appropriate to their interests. If an investment specialist asks to “unsubscribe” or be removed from QuantiFire’s database, we will honour this request.|
- 7. YOUR PERSONAL DATA RIGHTS
Individual rights depend on our reason for processing personal information but may include the following:
- Access to your personal data – you can find out more about this right by visiting https://ico.org.uk/your-data-matters/your-right-of-access/
- Rectify your personal data – you can find out more about this right by visiting https://ico.org.uk/your-data-matters/your-right-to-get-your-data-corrected/
- Erasure of your personal data – you can find out more about this right by visiting https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/
- Restriction of processing of your personal data – you can find out more about this right by visiting https://ico.org.uk/your-data-matters/your-right-to-limit-how-organisations-use-your-data/
- Data Portability – you can find out more about this right by visiting – https://ico.org.uk/your-data-matters/your-right-to-data-portability/
- Object to processing your personal data – you can find out more about this right by visiting https://ico.org.uk/your-data-matters/the-right-to-object-to-the-use-of-your-data/
We will deal with all requests as soon as we are able and usually within one month of receipt. If there is going to be a delay (which could be up to 3 months) in dealing with your request or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.
You also have the right to lodge any data protection complaints with the Information Commissioner’s Office (ICO) who is the UK’s supervisory authority – see the Complaints and Dispute Resolution section below.
- 8. WHO DO WE SHARE PERSONAL AND OTHER RELEVANT DATA WITH?
When personal data and other relevant data is provided to QuantiFire Ltd that information is provided to our whole organisation. We share may share this data with the following third parties in the following circumstances:
- Our clients, during the course of providing our services such as processing feedback or other research
- Our third-party agents and suppliers who need to hold this data in order to provide services to QuantiFire, for example, data storage providers. All of QuantiFire’s third-party agents are contractually committed to keeping secure any data that we share with them and cannot do anything with this data unless we have specifically instructed them to do so. A copy of our third-party agents and suppliers can be obtained by emailing us at email@example.com
- To meet our legal and regulatory obligations such as to HMRC for taxation purposes
- Public authorities who make a lawful request, including to meet national security or law enforcement requirements
- When selling our business or carrying out associated business activities
We have written agreements with all relevant third parties to ensure that they:
- Provide the same level of protection that the law requires, including where applicable as the Privacy Shield requires (see our Security section)
- Transfer the minimum data necessary and anonymise or encrypt data wherever reasonably practical or possible
- Limit their use of the data to the specified services they provide on our behalf
- Process data on our behalf in accordance with our joint legal obligations
- 9. TRANSFERRING PERSONAL DATA OUTSIDE OF THE EU
Where we need to transfer data outside the EU, we will ensure that we have procedural and technical safeguards to protect the privacy of the data being transferred and to comply with the law and our own obligations, including under GDPR. For example, data transfer outside the European Union to:
(a) the United States takes place in accordance with the U.S. Privacy Shield Framework. You can discover more about this at https://www.privacyshield.gov/Program-Overview
(b) use service providers will only take place where we have contracts with specific clauses and safeguards, which have been approved by the European Commission
Data may also be transferred to countries whom the European Commission has deemed have an adequate level of protection for personal data.
- 10. SECURITY OF YOUR PERSONAL INFORMATION
(1). What we do
We have implemented appropriate technology and operational security, including policies and measures to protect personal information and other data under our control including from unauthorised access, improper use, alteration, unlawful or accidental destruction, and accidental loss on a “privacy by design” basis. This includes:
- Anonymising or pseudonymising data wherever this is possible
- Storing personal data in our internal systems (such as CRM (client relationship management) software) on secure servers that are not accessible by third parties without our express permission
- Encrypting data where possible, including using Secure Sockets Layer (SSL)
- Adhering to safeguards if personal data is transferred from the European Union – see our Transferring Personal Data Outside the EU section
- Providing internal policies, procedures and training about data protection to our employees and, where relevant, those who work with us
- Regularly reviewing how we process data in accordance with our internal data protection policies and procedures
- Restricting access to personal data to those who need it
- Physical security of our premises and our equipment
(2). Your role
Please ensure that:
- Any personal data that you provide is accurate and up-to-date
- Take reasonable care and safety when using your devices and the internet
- Contact us immediately if you think or know your personal data has been used, compromised, or accessed without your express permission or if you have any other such concerns
- 11. EXTERNAL WEBSITE LINKS AND SOCIAL MEDIA
- 12. NON-PERSONAL INFORMATION
We also collect other relevant data and information which does not identify you personally (non-personal information). We may also aggregate information which you have submitted to us, or which we have obtained from other sources (see section 3 ‘How we collect personal and other relevant data’) and from which you cannot be personally identified.
- 13. COMPLAINTS AND DISPUTE RESOLUTION
(1). Contacting us
If you have a complaint, please contact Mr Tim Dew:
- By Post/mail: Attn: Mr Tim Dew, Quantifire Ltd, Quest House, Suite 2, Ground Floor, 125-135 Staines Rd, Hounslow, United Kingdom, TW3 3JB
- By Email: firstname.lastname@example.org
(2). Contacting the Information Commissioner’s Office
You can also lodge any data protection complaints with the Information Commissioner’s Office (ICO) who is the UK’s supervisory authority. You can visit https://ico.org.uk/ for more information including the best ways to contact them.