- Independent Strategic Research Ltd is registered in England and Wales (No. 09534889) having its registered office at 34 Southwark Bridge Road, London, SE1 9EU, UK and for the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")), is the entity responsible for your personal data.
- ISR is an Appointed Representative of Purple Strategic Capital Limited which is authorised and regulated by The Financial Conduct Authority.
- You can contact us by: post, using the postal address, Independent Strategic Research, 34 Southwark Bridge Road, London, SE1 9EU; by telephone on +44 (0)80 8281 2906; or by email, using firstname.lastname@example.org.
Types of personal data collected
- The information described below is in addition to any personal data we are required by law to process in any given situation.
- We may collect, store and use contact details or the details of individual contacts at your organisation (such as names, telephone numbers, job title and email or postal addresses) in order to ensure our relationship runs smoothly, efficiently and effectively. We may also collect date of birth, payment details, tax residence information, copies of photo identifications such as your driving licence and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number and identity verification documents in order to comply with our legal and regulatory obligations. We also hold information relating to your online engagement related to materials published by us, which we use to ensure that our marketing communications to you are relevant, timely and in accordance with your marketing preferences. Where relevant, we may also hold additional information that someone in your organisation has chosen to disclose to us. If we need any additional personal data for any reason, we will inform you.
- We may collect, store and use your contact details or the details of individual contacts at your organisation (such as names, telephone numbers, job title and email or postal addresses) in order to ensure our relationship runs smoothly. Depending on the circumstances, we may also collect bank details for payment purposes. We may also hold extra information that someone in your organisation has chosen to provide us.
- We may collect store and use, device/session information, including; your device's IP address (collected and stored in an anonymised format), device screen size, device type and browser information, geographic location (by country and city), the length of your visit and the pages you navigated.
- Information that you provide us for the purpose of subscribing to our email notifications and/or newsletters, including; your first name, last name, email address and FCA number.
- Before you disclose personal information of another person, you must obtain the consent of that person to the disclosure and processing of that personal information in accordance with this policy.
How personal data is collected
Client and supplier data
We may collect data in the following ways:
- a) personal data we receive directly form you;
- b) personal data we receive from third party sources; and
- c) personal data that we collect automatically.
- Personal data received directly from you: where you contact or we contact you, usually by phone or e-mail.
- Personal data received from third party sources: where appropriate and in accordance with any local laws and requirements, we may seek more information about you or your colleagues from other sources generally by way of due diligence or other market intelligence including from third party market research and by analysing online and offline media (which we may do ourselves, or employ other organisations to do for us) and from other limited sources and third parties, to the extent that they provide us with your details in accordance with any regulatory requirements.
- Personal data we collect automatically: we collect your data automatically via cookies, in line with cookie settings in your browser (see cookies section below).
- When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via our website, for example when you submit a query.
- We collect your data automatically via cookies, in line with cookie settings in your browser (see cookies section below).
Using personal data
- We use client data for our business and marketing activities where we deem this necessary for our legitimate interests.
Business activities. We:
- a) process your data to your data in order to carry out anti-money laundering and "Know Your Client" checks in accordance with our legal and regulatory obligations;
- b) store your details (and update them when necessary) on our database, so that we can contact you in relation to our relevant activities; and
- c) keep records of our conversations and meetings, so that we can provide targeted services to you and in order to comply with our legal and regulatory obligations.
Marketing activities. We:
- a) may process your data for the purpose of targeting you with appropriate marketing campaigns. Subject to any applicable local laws and requirements, we will only send you marketing information. You have the right to opt out of receiving marketing materials from us at any time and can find out more about how to do so by emailing email@example.com.
We use supplier data to:
Website visitor data
- a) store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements or our dealings with you;
- b) obtain services from you;
- c) perform certain legal and regulatory obligations, such as carrying out anti-money laundering and "Know Your Client" checks;
- d) facilitate our payroll and invoicing processes, for example, in relation to consultants or self-employed contractors;
- We use your data to help us to improve your experience of using our website, for example by analysing your recent search criteria to help us to present information to you that we think you will be interested in.
- We may use your personal data to:
- a) personalise our website for you;
- b) send you non-marketing commercial communications;
- c) send you e-mail notifications; send you our email newsletter if you have requested it;
- d) send you marketing communications relating to our business which we think may be of interest to you by email;
- e) provide third parties with anonymous statistical information about our users; and
- f) deal with enquiries and complaints made by or about you relating to our website and verify compliance with the terms and conditions governing the use of our website;
- You have the right to opt out of receiving marketing materials from us at any time and can find out more about how to do so by emailing firstname.lastname@example.org.
Disclosing/sharing personal information
- Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:
- a) our staff and those of our sister companies;
- b) tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
- c) service providers who perform functions on our behalf (including suppliers, fund/platform administrators, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, insurance brokers (for PI cover purposes), fraud prevention agencies, transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- d) outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- e) to the purchaser or prospective purchaser of any business or asset that we are or are contemplating selling.
International data transfers
- We store your personal information on servers and on servers of cloud-based database management services engaged by us within the European Economic Area (“EEA”).
- Personal information may be processed by the staff of our sister companies in Jersey or Singapore.
- We wish to ensure that your data is stored and transferred in a way that is secure. We will, therefore, only transfer data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- a) by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
- b) by transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
- c) where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
- d) where you have consented to the data transfer.
Retaining personal information
- Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
- Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. When determining the relevant retention periods, we will take into account factors including:
- a) our contractual and business relationships with you (our legitimate business and risk management needs);
- b) legal obligations under applicable law to retain data for a certain period of time;
- c) potential or actual disputes; and
- d) guidelines issued by relevant regulatory or other competent authority.
- In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security of personal information
- We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
- We will store all the personal information you provide on our secure, restricted servers.
- You acknowledge that the transmission of information over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.
- One of GDPR's main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
- If you want to exercise any of these rights then please contact us at email@example.com or via mail or by phone using the details in section 2. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues that you raise.
- Specific rights:
- a) Right to object – you have the right to object to the processing of your personal information where we are relying on a “legitimate interests” or “sending you direct marketing materials”. If your objection relates to direct marketing, we must act on your objection by ceasing this activity. If your objection relates to us processing your personal data because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless we:
- - can show that we have compelling legitimate grounds for processing which overrides your interests; or
- - are processing your data for the establishment, exercise or defence of a legal claim.
- b) Data Subject Access Request – you have the right to request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
- c) Right to rectification – you have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- d) Right to erasure – you have the right to request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).
- e) Right to restrict data processing – you have the right to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. The circumstances in which you are entitled to request that we restrict the processing of your personal data are where:
- you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
- you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
- our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
- we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
- f) Right of data portability - you have the right to transfer your personal data between data controllers. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data to another controller.
- g) Right to lodge a complaint - you also have the right to lodge a complaint with the Information Commissioner. Full details of how to report concerns are available at https://ico.org.uk/concerns/. The Information Commissioner’s Office can also be contacted by phone on 0303 123 1113 or by post at:
Information Commissioner's Office
Third party websites
- Our website includes hyperlinks to, and details of, third party websites.
- We have no control over, and are not responsible for, the privacy policies and practices of third parties.
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser or set by the browser alone. The identifier is then sent back to the server each time the browser requests data from the server.
- Cookies may either be "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- We use persistent cookies on our website.
The names of the cookies that we use on our website, and the purposes for which they are use are set out below:
Most browsers allow you to refuse to accept cookies. Details of how to do this can be found below:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
- Blocking all cookies may have a negative impact upon the usability of many websites.
- If you block cookies, you will not be able to use all the features on our website.
- Deleting cookies may have a negative impact upon the usability of many websites.