Privacy Policy - Active Consultancy

Active Consultancy (“Active”, “we”, “us”, “our”) understands your privacy is important to you and we respect and value your privacy. We want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect online and offline.

Who are we?
Active is a company registered in England and Wales, number 2763281. Registered address: Active House, 51 Wolsey Road, 51 Wolsey Road, Esher, Surrey, KT10 8NT, UK. Active is registered with the United Kingdom Information Commissioner’s Office, registration number Z7121125.
What information do we collect?
1. “Personal Information” is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, the “Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal Information is, in simpler terms, any information about you that enables you to be identified.
  We may collect and process the following Personal Information:
  
  Personal contact information such as name, address, telephone number and email address;
  
  Business contact information such as business address, telephone number and email address;
  
  Information necessary to provide services or products to you;
  
  Comments and opinions you provide when you contact us directly by email, telephone or mail;
  
  Payment and transaction information for billing purposes.
2. “Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual.
  We may collect and process the following Other Information:
  
  Browser and device information;
  
  Usage data;
  
  Information collected through cookies, pixel tags and other technologies (for more information regarding our use of cookies please refer to section 12);
  
  Demographic information and other information provided by you that does not reveal your specific identity;
  
  Information that has been aggregated in a manner such that it no longer reveals your specific identity.
  
  If we are required to treat Other Information as Personal Information under applicable law, then we will collect, use and disclose it for the purposes for which we collect, use and disclose Personal Information as detailed in this Privacy Policy.
What are your rights?
Under the Data Protection Legislation, you have the following rights in respect of your Personal Information, which we will always work to uphold:
1. The right to be informed about our collection and use of your Personal Information. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 15.
2. The right to access the Personal Information we hold about you. Section 10 will tell you how to do this.
3. The right to have your Personal Information rectified if any of your Personal Information held by us is inaccurate or incomplete.
4. The right, in some circumstances, to be forgotten (i.e. the right to ask us to delete or otherwise dispose of any of your Personal Information that we hold) if the continued processing of that Personal Information is not justified.
5. The right, in some circumstances, to restrict (i.e. limit) the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified.
6. The right to object to us using your Personal Information for a particular purpose or purposes.
7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your Personal Information, you are free to withdraw that consent at any time.
8. The right to portability. This means that you have the right, in certain circumstances, to receive a copy of Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your Personal Information to another person or organisation.
9. Rights relating to automated decision-making and profiling.
If you wish to exercise one of these rights, please contact us using the details in section 15.

Further information about your rights can also be obtained from the Information Commissioner’s Office.

If you have any cause for complaint about our use of your Personal Information, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in section 15.
How and why do we collect information?
1. We need to collect Personal Information in order to provide our products and services to you. If you do not provide the information requested, we may not be able to provide our products or services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with our products and services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
2. We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
3. We and our service providers may collect Personal Information online in a variety of ways in connection with our services or products, including:
  
  Through our website(s);
  
  Through the software applications made available by us for use on or through computers and mobile devices;
  
  Through social media properties;
  
  Through email messages that we send to you that link to this Privacy Policy;
  
  Through extranet sites made available to our clients and third parties;
  
  Through services we provide to our corporate and institutional clients;
  
  Through our registration process for newsletters, seminars, webinars and events.
4. We and our service providers may also collect Personal Information offline in a variety of ways in connection with our services or products, including:
  
  When you participate in a contractual arrangement for services or products;
  
  When you provide information in conjunction with our services or products;
  
  When you interact with us at an event.
5. We may also collect Personal Information from other sources, including:
  
  Publicly available databases;
  
  Data service companies;
  
  Third party data providers;
  
  Joint marketing partners;
  
  Other entities to which we provide products and services;
  
  Referral sources;
  
  Social media platforms.
  
  We take steps to ensure that such sources and third parties are legally permitted or required to disclose such information to us.
6. Browser or device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the services you are using. We use this information to ensure that our services function properly.
7. Cookies: Cookies are pieces of information stored directly on the computer that you are using. Cookies enable us to provide important site functionality. We also use cookies for analytics purposes. Our cookies do not usually include Personal Information but we may be able to use them to identify you. By using your browser controls, you are always in control of the cookies we store and access on your computer. We do not currently respond to browser do-not-track signals. To learn more about how we use cookies, or to opt-out of the collection and use of cookies, please refer to section 12.
8. IP address: Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses our systems, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other systems.
  We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the systems. We may also derive your approximate location from your IP address.
  
  We use third parties to provide information about visitors to our website(s). Your IP address will be matched against public and proprietary IP address databases to provide us with information about your visit. This information may identify the organisation to whom the IP address is registered but not individuals. In some limited cases, e.g. single person organisations, it may be possible to identify personal data from publicly available ICANN data.
9. Pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of our services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of our services and response rates.
How do we use your Personal Information?
We and our service providers use Personal Information for legitimate business purposes, including:
1. Providing our products and services to you:
  
  To contact individuals (including employees of institutional clients) in connection with providing products and services;
  
  To respond to inquiries and fulfill requests from our clients and others, administer their project(s), provide products and services and manage our relationships;
  
  To personalise and tailor our products and services for you;
  
  To personalise and tailor your experience on our website(s).
  
  We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
2. Providing you with our marketing materials and facilitating social sharing:
  
  To send you information about our products and services and other news about products or services which we have reason to believe will be of interest to you and in accordance with your marketing preferences. You can stop receiving marketing-related emails from us by following the opt-out instructions included in every such email.
  
  We will engage in this activity with your consent or where we have a legitimate interest.
  
  A copy of our legitimate interests assessment is available on request as part of our commitment to managing your information rights. Please contact us using the details in section 15 to request this.
3. Providing the functionality of our products and services and fulfilling your requests:
  
  To provide our products and services functionality to you, such as providing and managing access to your registered account, and providing you with related goods and services;
  
  To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions, suggestions, compliments or complaints, or when you request other information about our products or services);
  
  To manage payments for our products and services;
  
  To send administrative information to you, such as information regarding our products and services, guarantees and warranties and changes to our terms, conditions and policies.
  
  We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
4. Accomplishing our business purposes:
  
  For data analysis, for example, to improve the efficiency of our goods and services and quality of our products;
  
  For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
  
  For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
  
  To meet our legal and regulatory obligations;
  
  For enhancing, improving, or modifying our current products and services;
  
  For identifying usage trends, for example, understanding which parts of our products and services are of most interest to customers;
  
  For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our customers;
  
  For operating and expanding our business activities, for example, understanding which parts of our services or products are of most interest to our customers so we can focus our energies on meeting our customers’ interests.
  
  We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
How long do we keep your Personal Information?
1. We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
  
  The length of time we have an ongoing relationship with you and provide our products and services to you (for example, for as long as you have an account with us or keep using our products and services);
  
  The length of time we have an ongoing relationship with you as our client and provide you with products and services;
  
  Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions or communications for a certain period of time before we can delete them);
  
  Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Do we share your Personal Information?
1. We may share your Personal Information with our clients in instances where we are providing a product or service to you on their behalf.
2. We may share your Personal Information with our third-party service providers to faciliate services they provide to us. These can include:
  
  Providers directly involved in the fulfilment of a product or service you have requested or ordered from us;
  
  Providers of services such as website hosting, services-related consulting and monitoring, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
3. We may also share your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
  
  To comply with applicable law and regulations;
  
  To co-operate with public and government authorities;
  
  To co-operate with law enforcement;
  
  For other legal reasons such as to enforce our terms and conditions and to protect our rights, privacy, safety or property, and/or that of you or others;
  
  In connection with a sale, merger or business transaction.
4. By using our services you may elect to disclose Personal Information on message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our social media), or through which you are able to send messages through the systems. Please note that any information you post or disclose through these systems will become public and may be available to other users and the general public.
How can you control your Personal Information?
In addition to your rights under the Data Protection Legislation as set out in section 3, you have choices regarding marketing-related communications. You may update your marketing preferences, or opt-out altogether, by following the instructions included in every marketing-related email, or by contacting us using the details in section 15. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us we may still send you important administrative messages from which you cannot opt-out.
Can you withhold information?
1. You may access certain areas of our website(s) without providing any Personal Information at all. However, to use all features and functions available on our website(s), and/or to open and hold an account on our website(s), you may be required to submit or allow for the collection of certain Personal Information.
2. You may restrict our use of cookies. For more information see section 12.
How can you access your Personal Information?
1. If you want to know what Personal Information we have about you, you can ask us for details of that Personal Information and for a copy of it (where any such Personal Information is held). This is known as a “Subject Access Request”. A Subject Access Request should be made in writing and sent to the email or postal addresses detailed in section 15.
2. There is not normally any charge for a Subject Access Request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
3. We will respond to your Subject Access Request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Information within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How do we keep your Personal Information safe?
We have implemented internal policies and technical measures to protect Personal Information from loss, accidental destruction, misuse or disclosure. Such internal policies and technical measures include:

The use of encryption of Personal Information where appropriate;

Procedures and controls to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

Procedures and controls to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident;

Procedures for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

Procedures to ensure that Personal Information is not accessed, except by individuals in the proper performance of their duties;

Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.

What are cookies and how do we use them?

Cookies are tiny text files, containing small amounts of information, which are saved to your computer when you visit websites. We use cookies to store information and preferences while you’re on our website(s) and for future visits. We also use cookies to collect analytical data which helps us improve our website(s) and the information we provide to you. You may choose whether you allow cookies or not, which you can do by adjusting your browser settings. Please remember, if you decide to block cookies our website(s) may not work as expected.

We use the following categories of cookies on our website(s):

Essential cookies are required for the operation of our website(s). They include, for example, cookies that enable you to log into secure areas of our website(s). If you disable this category of cookies some functionality of our website(s) may not be available.

Analytical cookies enable us to recognise and count the number of visitors and to see how visitors move around our website(s) when they are using it. This helps us make improvements to the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Performance cookies enable us to enhance your experience of our website(s). They include, for example, cookies which enable us to personalise our content for you, greet you by name and remember your preferences.

First-party cookies: Our website(s) may place and access certain first-party cookies on your computer or device. First-party cookies are those placed directly by us and are used only by us. We have carefully chosen these cookies and have taken steps to ensure that your privacy and Personal Information is protected and respected at all times.

The following first-party cookies may be placed on your computer or device:

Full tag (cookie) name	Lifespan	Description	Category	Stores personal data?	Instrusiveness
PHPSESSID	Session only	Records the PHP session ID.	Essential	No	ZERO – Standard session cookie served by the web server.
accept_cookies	1 year	Records acceptance of cookies.	Performance	No	LOW – Stores user preference.
optin_id	1 year	Record confirmation of opt-in via email.	Performance	No	LOW – Stores a reference ID.
required_form_data	1 year	Records acceptance of opt-in statement.	Performance		LOW – Stores user preference.

Third-party cookies: By using our website(s) you may also receive certain third-party cookies on your computer or device. Third-party Cookies are those placed by websites, services and/or parties other than us.

The following third-party cookies may be placed on your computer or device:

Third-party provider	Full tag (cookie) name	Lifespan	Description	Category	Stores personal data?	Instrusiveness
Google Analytics	_utma, _utmb, _utmc, _utmz		A random unique number or string of letters and numbers to identify your browser, the times and dates that you interacted with our website(s) recently and the marketing materials or referring pages that led you to our website(s).	Analytics	No	LOW – The data collected by Google Analytics is used to analyse how frequently the same people revisit our website(s), how the website is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from thousands of other users to create an overall picture of website use, and is never identified individually or personally and is not linked to any other information we store about you.
Google Maps	SID, SAPISID, APISID, SSID, HSID, NID, PREF		Various unique identifiers, except for PREF which stores your options such as preferred zoom level.	Essential / Performance	No	LOW – Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
Communicator	wow.session	Session only	IIS session code.	Analytics	No	ZERO – Standard session cookie served by the web server.
Communicator	wow.anonymousid	2 year	Anonymous visitor ID.	Analytics	No	LOW – Stores active menu node over post-back.

Third party services
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties.
1. Third-party content: Third parties whose content appears on our website(s) may use third-party cookies, as detailed in section 12. Please refer to section 12 for more information on controlling cookies. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves, and we advise you to read the privacy policies of any such third parties.
2. Links to third-party websites: Our website(s) may include links to other websites, whose privacy practices may be different from ours. The inclusion of a link does not imply endorsement of the linked website or service by us. However, once you have used these links to leave our website(s), you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We advise you to read the privacy policy of any website you visit.
3. Social media platforms and widgets: Our website(s) may include social media features, such as share buttons. These features may collect information about your IP address and which page you are visiting on our website(s), and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our website(s). We also maintain presences on social media platforms including Facebook, Twitter, and LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Changes to this Privacy Policy
1. We may change this Privacy Policy at any time. All updates and amendments are effective immediately upon notice, which may be given by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on our website(s).
2. We will take reasonable steps to draw your attention to any changes, however, we encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of our website(s) signifies your continuing consent to be bound by this Privacy Policy.
3. This Privacy Policy was last updated on 09 September 2019.
How can you contact us?
If you have any questions in relation to this Privacy Policy please contact our Data Protection Officer.

Data Protection Officer, Active Consultancy Ltd, Active House, 51 Wolsey Road, Esher, Surrey, KT10 8NT, UK.

[email protected]