We respect the privacy rights of individuals and are committed to handling personal data responsibly and in accordance with applicable law. This notice sets out the personal information that we collect and process as a data controller and/or a data processor, the purposes of the processing and the rights connected with it.
If you have any comments or questions about this notice, please contact the Data Protection Officer (details included within this notice).
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is:
A “data processor” is a person or organisation which processes personal data for the controller.
Ebury may act as data processors in the following situations:
Personal data relates to any information about a natural person that makes you identifiable. The personal data we may collect includes the following:
Sensitive personal data refers to the above but includes genetic data and biometric data. For example:
Normally, we will not collect or process any sensitive personal data relating to our clients, unless authorised by law or where it may affect when or how we communicate e.g. religious holidays.
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
Ebury, as a Data Controller and/or a Data Processor, is bound by the requirements of the General Data Protection Regulations (GDPR).
You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge our services and for other related purposes including;
We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc. Website usage information is collected using cookies (please see section below).
When submitting forms on our website we may use a third-party software provider for automated data collection and processing purposes, they will not use your data for any purposes and will only hold the data in line with our policies.
Our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal data from you where we need the personal information to perform a contract with you, your business or your employer (i.e. provision of services or goods), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may other otherwise need the personal information to protect your vital interests or those of another person. Further information on this is set out below.
Contractual purposes– We use this personal information when it is necessary for the provision of our goods or services. This also includes steps taken at your request before entering into a contract.
Legal obligation– We may use personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member or individual personal information as required by law (e.g. for tax purposes), for meeting our legal responsibilities in terms of money laundering, and crime prevention regulations, under judicial authorisation, or to exercise or defend the legal rights of our firm.
Legitimate interests– We may also collect and use personal information when it is necessary for other legitimate purposes (if we have a genuine reason and we are not harming any of your rights and interests), such as to help us conduct our business more effectively and efficiently or for marketing or prospecting purposes. We may also process your personal data to investigate violations of law or breaches of our own internal policies.
We have policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, is not accessed without authorisation, and only accessed or used for specific legal purposes.
We take care to allow access to personal information only to those who require such access to perform their tasks and duties in relation to the provision of our services, and to third parties who have a legitimate interest purpose for accessing it to support these purposes. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this notice and that the security and confidentiality of the information is maintained.
We may also disclose personal information to third parties on other lawful grounds, including:
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Economic Area. For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
We would like to send you useful articles, advice, information about our services and events which may be of interest to you. If you receive marketing, you may opt out at any point by emailing email@example.com, or by clicking on the ‘unsubscribe’ button on any marketing email.
We may collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
Cookies are used on our website.
The following rights are available under applicable data protection law:
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Please note, our ability to facilitate aspects of any of the above rights will depend on whether we are a Data Processor or a Data Controller in relation to any specific data. Any requests received relating to data processed on behalf of clients should be referred to the Data Controller (the client company).
What is a Subject Access Request?
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email or write to us using the contact details at the bottom of this notice. We will respond to your request within one month of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by emailing or writing to us using the contact details at the bottom of this notice.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means
Your Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you please let us know by emailing or writing to us using the contact details at the bottom of this notice
If you feel that your personal data has been processed in a way that does not meet the GDPR, please contact our Data Protection Officer in the first instance. You do have a right to lodge a complaint with the relevant supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office.
Please address any questions or requests relating to this Notice to our Data Protection Officer at firstname.lastname@example.org or write to: