percipio.london: Privacy Policy

The General Data Protection Regulations (GDPR)applicable from 25^th May 2018, is one of the strictest pieces of privacy legislation globally. Percipio Global Ltd (hereafter referred to as Percipio) believes that privacy is an important right for everyone and assures all customers that we have the appropriate measures in place to ensure compliance in all areas of our business.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Percipio collects information about current and prospective clients. In particular names, email addresses, job roles, business addresses and telephone numbers. We collect and retain this information so that we can manage and track our interaction with our customers whilst providing our services. Our lawful basis for this processing is legitimate interests.

We also generate invoices and maintain history of the work we have conducted on behalf of our customers. This may include some personal data i.e. a name, but will mostly consist of company information. Where there is personal data, our lawful basis is again legitimate interests.

We anonymise all data collected through our website and do not store IP addresses, usage data or profile data. We purposely omit a contact form from our website so that your email address is not captured or stored in our content management system.

In addition to this, we might also have access to third party software / web applications that our customers have given us access to i.e. Google Analytics, MailChimp, Eventbrite, Slack, Hosting and domain companies and more. Where we have access to these systems we may have access to personal data. Percipio would be a data processor in this regard. We do not collect or harvest client data for our own use. Upon request, we can provide a list of all third party software / web applications that Percipio has access to.

We do not conduct any automated decision-making, including profiling.

We do not proactively share your personal information with anyone without your consent. We do however store and process your personal information on IT platforms that are provided and managed to us by third party suppliers. In these cases, it is possible

that the third party suppliers may have access to your information as part of providing their service to us, however we ensure that their handling of our personal data is compliant with the GDPR.

We aim to keep all the personal data we collect inside the EEA however sometimes it is necessary to transfer data outside. For us, this mostly occurs in relation to the third party IT platforms that we use. These platforms will sometimes store data outside of the EEA. In these situations, we ensure that our contracts with those suppliers incorporate the EU’s Standard Contractual Clauses (SCCs) for international transfers.

Percipio continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access. Our work computers and devices are fully encrypted at root level using the 256-bit AES encryption standard. All passwords, software licences, usernames and passwords we hold (client or otherwise) are further encrypted using salted hashes – a fixed-length cryptographically-strong random value; for example, Jane Doe might exist on our machines as ​‘695ddc- cd984217fe8d79858dc485b67d66489145a- fa78e8b27c1451b27cc7a2b‘ – so that data, even in the event of a data breach remains unidentifiable.

We have established processes that enable us to manage data breaches effectively in particular ensuring that we can meet our legal obligations to notify the Information Commissioner’s Officer (ICO) and data subjects or data breaches where we are the data controller. The same processes also enable us to notify our customers of any data breaches

that affect them where we are the data processor. In these situations we would provide the controller with a description of the breach, contact details of our Data Protection Lead, the likely consequences of the breach and the proposed and imposed measures that have been or will be taken to the limit the breach’s harmful effects.

We retain your personal data for as long as necessary to fulfil the purposes we collected it for. For example satisfying any legal, accounting, or communication requirements.

Under the GDPR you have a number of rights including:

the right to be informed about the data we hold;

• the right to request that we erase your data;

• the right to object to our processing of your data;

• the right to restrict our processing of your data;

• the right to have access to the personal data we hold about you;

• the right to rectify any personal data we hold about you that is inaccurate;

If you wish to make one of the above requests, please contact us using the details in the ​“How to contact us or complain” section.