At Infomentum, it’s very important to us that we protect your privacy in all areas of our business - and we must be transparent about how we do that.

 

What is the scope of this Privacy Policy?

 

We are Infomentum Ltd. with registered number 6306839 and address Dawson House, 5 Jewry Street, London EC3N 2EX. Our Data Protection Team can be contacted at dataprivacy@infomentum.co.uk.

 

This Privacy Policy governs our data collection, processing, usage practices and disposal and monitoring of data with regards to users of the Infomentum website (www.infomentum.com and its subdomains) and recipients of marketing emails. Our usage of cookies can be found in a separate document cookie policy.

 

This privacy policy may be updated from time to time to ensure that our processes are up to date and transparent. You can check back to this page to read the latest privacy policy at any time. This version was created in April 2018.

This policy does not cover external websites that may be referenced on our site.

All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation

 

What are your rights?

 

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:

  • The right to be informed of how your Personal Data is used (through this notice)
  • The right to access any personal data held about you
  • The right to withdraw consent at any time, by email
  • The right to rectify any inaccurate or incomplete personal data held about you;
  • The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent
  • The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
  • The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.

How does Infomentum’s ISO 27001 certification apply to data protection?

 

ISO 27001 is an international management standard that provides a proven framework for managing information security, using an integrated set of recommended policies, procedures, documents and technology in the form of an ISMS (information security management system). Infomentum is ISO 27001 certified, which means that we adhere to the principles of ISO 27001. This provides guidance for implementing appropriate measures to mitigate data security risks, with recommended technical measures in line with the requirements of GDPR.

It also means that Infomentum as a business is equipped with an appropriate level of technical controls, policies and procedures, processes for monitoring, and continual improvement but also promotes a culture and awareness of information security that makes sure data security is entrenched across the business.

 

Who has access to your data?

 

Any data that Infomentum collects through our website is used only by Infomentum. We do not sell or share your details with third parties.

 

Who is the Data Controller?

  • If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
  • If we have been passed your personal data from a third-party for our own purposes, we are the Data Controller. We will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
  • If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint Data Controller. We will contact you to let you know before we first start to use your data, or, at the latest, within one month of acquiring it.
  • If we have received your personal data as part of a direct administrative relationship between our business and yours, the Data Controller is your employer for that purpose.

How is data collected by Infomentum?

 

Data is collected through our website either in the form of cookies, or if you fill out one of our website forms.

Below you can see specific information related to our website forms. Information on cookies can be found in our cookie policy.

 

What data do we collect, why and how is it used?

 

We may collect data such as your name, address, email address, job title, company and telephone number. The different kinds of data are grouped like this:

Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.

Contact Data such as addresses; email addresses and telephone numbers.

Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.

Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.

Usage Data such as analytics relating to how you use the website.

Marketing and Communications Data such as your preferences about receiving communications from us or third parties.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.

Infomentum does not collect any Special Categories of Personal Data about you or any information about criminal convictions/offences.

 

What are the lawful bases for processing personal data?

 

Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:

  1. your consent
  2. performance of a contract
  3. compliance with a legal obligation
  4. protection of your, or another’s vital interests
  5. public interest/official authority, and
  6. our legitimate interests.

Specific uses of how we use these data are described below:

 

Website browsing

 

When you browse our website, we collect cookies. Please see our full cookie policy for more information on what cookies we collect, and why.

 

Footer contact form

 

On each page of our website, in the footer, we offer a quick ‘Get in Touch’ button. If you fill out one of these footer forms on our website, we will email you in order to answer your query. We ask for your name so that we can address you correctly, and we ask for your email address so that we can reply to you to share the information you need.

Unless you specifically request it, we won’t add you to any other marketing lists to receive further information; we’ll simply answer your initial request unless you ask us to do otherwise.

We store your name and email address in our database to keep track of requests that we receive, in order to ensure that they are answered. We keep this information for 2 years to make sure that we have a history of our enquiries. If, after 2 years, we have no further interaction with you, your information will be deleted from our system.

If we process your data on the basis of ‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every 12 months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.

 

Contact Us Form

 

On our contact page, we offer users the option to fill in a form to send us a specific enquiry. This asks for more information than the footer forms, because we know that some website users have more specific needs and want to share more in-depth details. In this case, we ask for an email address and telephone number to give us more than one option to contact you.

If you fill out the contact form on our website, we will get in touch through email or telephone in order to answer your query. We ask for your name so that we can address you correctly, and all other details to ensure that the enquiry is sent to the most relevant person in our team to deal with your query, for example, if your job title is Business Development, we’ll know that the best team to help you will be our Business Development team.

Unless you specifically request it, we won’t add you to any other marketing lists to receive further information; we’ll simply answer your initial request unless you as us to do otherwise.[1]

We store your name and email address in our database to keep track of requests that we receive, in order to ensure that they are answered. We keep this information for 2 years to make sure that we have a history of our enquiries. If, after 2 years, we have no further interaction with you, your information will be deleted from our system.

 

Research Report Download Forms

 

On our website, we offer a series of research reports which users can download by filling in their contact details.

We ask for an email address in order to send you the research report as requested.

We need to understand the demographics of the people who are interested in our content so that we can make sure our future content is relevant for the right people. All other information collected via these forms is used for this purpose.  

We store your details in order to keep a record of requests that we receive. We may use these details to send you other relevant information that we think you may be interested in, based on the content you’ve read on our website. This is based on the grounds of legitimate interest under GDPR guidelines. For example, we may email you about future research reports.

You can opt out of receiving these emails at any time by visiting our preference centre or unsubscribing.

When you fill out any form on our website, additional cookies are used to personalise your experience. Please read the full cookie policy for details on how we use cookies.

 

Existing customer information

 

Under the basis of legitimate interest, we may use data on our existing customers to share news and information which we think will be relevant to their interests, based on the work we do with them. All rights remain the same; customers have the option to opt out at any time, to remove their details, or to request access to their data using a Subject Access Request.

Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. Our Data Protection Team does this balancing as objectively as possible. You are able to object to our processing, and we will consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact dataprivacy@infomentum.co.uk

 

Removing your details

 

You have the right to ask for your details to be removed from our database at any time by filing a Subject Access Request at dataprivacy@infomentum.co.uk.

Please be aware, we will need to verify your identity before granting this request.

We will remove your details free of charge, and our response will be made within 30 days, unless our Data Protection Team deems that your request is excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request.

 

Storage of your data

 

Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein), due to the data storage location of our provider being in the United States of America. You are deemed to accept and agree to this by using our website and submitting information to us.

Our provider, Hubspot, Inc., maintains a Privacy Shield certification with the U.S. Department of Commerce, which ensures that adequate safeguards are in place when personal data is transferred from the EU to the US. You can find out more about this on https://legal.hubspot.com/privacy-policy

 

Monitoring

 

As described above, we review our data every two years to update or remove contacts as appropriate. If you choose to opt out of all communications, you will still remain on our database. This is because we need to keep a record of those who have opted out of communications, to ensure we do not contact them again. You will remain on the database unless you request to be forgotten, or until the two year period has ended, at which time you will be removed.

 

Queries?

If you have any queries related to this privacy policy, including to make a Subject Access Request, please contact dataprivacy@infomentum.co.uk