Privacy Policy

1. Introduction

This policy sets out the basis on which any personal data we collect from you or from third parties or other sources, or that you provide to us, will be processed by us. Please read it carefully to understand how we will treat your personal data. For the purposes of the European Union (EU) General Data Protection Regulation 2016/679 (the “GDPR”) and the UK GDPR (as defined in section 3(10) of the UK’s Data Protection Act 2018), Fleet Street Research Limited (“FSR”, "we," "us," or "our") a company having its headquarters at Second Floor, 150-151 Fleet Street, London EC4A 2DQ, registered in United Kingdom under the number 03226573, acts controller in relation to the processing of your personal data. A ’controller’ is responsible for deciding how we hold and use personal information about you and is required under the GDPR to notify you of the information contained in this privacy policy.

Where we refer in this Policy to ‘GDPR’ this includes the relevant equivalent provisions of the UK GDPR.

This Privacy Policy applies to the following Data Subjects: Users of the Website, including Customers, Partners, Contractors and Employees and also visitors to our sites.

 

2. How we collect data

FSR may collect your Personal Data through our communication and your usage of our services. Personal Data can be directly provided by you or indirectly collected by us (i.e. from your interactions, use, and experiences with our services).

 

3. Where We process your personal data

We predominantly store personal data in our database system which is based in the UK; we also process and store personal data in countries within the European Economic Area (“EEA”) which have the same data protection laws as the United Kingdom.

To provide for adequate protection your personal data will otherwise only be transferred or stored outside the UK/EEA where we have a contract in place applying (i) for transfers from EU/EEA countries to non-EU/EEA countries the EU Standard Contractual Clauses for the Transfer of Personal Data to Third Countries pursuant to Commission Decision 2021/914 of 4 June 2021 (“SCCs”), and (ii) for transfers from the UK to non-UK countries the SCCs amended as may be recommended by the UK Information Commissioner’s Office, which contract gives your personal data protection equivalent to that within the UK/EEA.

 

4. Type of data we collect 

​

​

​

​

​

​

​

​

​

​

​

​

 

​

​

​

​

​

​

​

​

​

5. How we use your data

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

 

 

Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal information where that reason is compatible with the original purpose. Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

In some circumstances we may anonymise the personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal information without your consent, in accordance with this policy, where we are legally required or permitted to do so. We do not process your personal data to make any decisions based on exclusively automated processing, including profiling, which has a legal effect with regard to you or which materially adversely affects you in a similar manner.

 

6. What is "lawful basis"?

Under the GDPR, we need to have a lawful basis to legally process your Personal Data. For the described Data Processing, we rely on the following legal grounds:

• Consent: (Art. 6(1)(a) GDPR) when we rely on this basis we only process Personal Data about you for the specific purposes you expressly authorise. You can withdraw your consent whenever you wish.

• Performance of a contract: (Art. 6(1)(b) GDPR) when we rely on this basis the Data Processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.

• Compliance with a legal obligation: (Art. 6(1)(c) GDPR) when we rely on this basis we are obliged to process the relevant Personal Data to comply with our legal obligations.

• Legitimate interests: (Art. 6(1)(f) GDPR) when we rely on this basis we process Personal Data as necessary in pursuit of our own, our business partners', or your legitimate interests. When we do this we must ensure that the interests we pursue do not override your fundamental rights and freedoms.

• Substantial public interest: (Art. 9(2)(g) GDPR) when we rely on this basis we do it to prevent harm, fraud, money laundering, terrorist financing, child labour and to enable trust safety and compliance. 

 

7. How we store your personal data

We take appropriate measures to ensure that your personal data is kept secure, including preventing it from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a legitimate business need to view it.

Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means.

 

8. Data Subjects rights

Under the GDPR you have several important rights. In summary, these include rights to:

1. access your personal data;

2. require us to correct any mistakes in your information which we hold;

3. request the erasure of personal data concerning you in certain situations;

4. request the data to be transferred to a third party in certain situations;

5. object at any time to processing of personal data concerning you for direct marketing;

6. object in certain other situations to our continued processing of your personal data;

7. otherwise restrict our processing of your personal data in certain circumstances; and

8. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the above rights, please contact us using the contact details below.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

 It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

 

9. Personal Data Disclosures

We disclose your data only if the legal conditions are fulfilled, in particular Article 6 GDPR. In accordance with these provisions, a transfer is permissible in particular if

• it is necessary for the performance of a contract with you;

• it is necessary to fulfil a legal obligation;

• processing is necessary for the purposes of our legitimate interests;

• you have given your consent.

Sometimes the recipients to whom we transfer your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data.

Provided the legal requirements have been met, we may disclose your personal data to:

• our Customer who have requested FSR's services for the performance of a contract with you;

• our suppliers who help us run our business (for example, we use suppliers for web-hosting, secure cloud storage, email delivery, customer relationship management, financial institutions, lawyers or notaries, licensed auditors assisting or supervising us in connection with our compliance obligations, HR and payroll providers, and others);

• various authorities such as regulators, tax authorities, law enforcement agencies, courts of law.

 

10. How long we keep your personal data 

In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity. The relevant retention periods depend on the national legislation of the country you are based in. To determine the appropriate retention period we consider the amount, the nature and sensitivity of the personal data, the potential risks of harm from unauthorised use or disclosure, the purposes, whether we can achieve those purposes by other means.

If the Personal Data is no longer required for the performance or enforcement of contractual or legal obligations, we will delete it regularly, unless its further temporary storage is still necessary to:

• fulfil FSR's obligations pursuant to the agreement between FSR and the Customer;

• fulfil FSR's obligations pursuant to employees or contractors agreements with you;

• establish, exercise, and defend a legal claim;

• fulfil statutory obligations to which FSR is subject, such as continued storage pursuant to accounting legislation.

 

11. Privacy of minors

We do not knowingly collect any Personal Data from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Data to FSR.

If you have reasons to believe that a person under the age of 18 has provided Personal Information to us, please contact us, using the contact details below.

 

12. Changes and amendments

We reserve the right to modify this Policy at any time. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. You can find the date of our last update at the end of the page.

 

13. How to complain

The GDPR gives you the right to lodge a complaint with the competent data protection authority. For the United Kingdom the contact details of the data protection authority are:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

e-mail: dpo@ico.org.uk

Website: https://ico.org.uk

We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.

 

14. Contact us

We hope that we can resolve any query or concern you raise about our use of your personal data. Questions and requests regarding this privacy policy should be addressed to: privacy@fleetstreetresearch.com

 

This policy was last updated in January 2023.