Who is responsible for your personal data?
Aftermap is responsible for your personal data. Aftermap comprises Aftermap Limited (a company incorporated in England & Wales, company number 11378129) (referred to collectively as “Aftermap” or “we” or “our”).
Personal data we collect
We collect and process the following personal data from you:
- Identity and Contact Data, including your name, address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data concerning your preferences relevant to our services;
- Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Business Information, including information provided in the course of the contractual or client relationship between you or your organisation and Aftermap or entities in the Aftermap Group, or otherwise voluntarily provided by you or your organisation;
- Information relevant to our services, including personal data relevant to any dispute, grievance, investigation, arbitration, or other services we have been asked to provide to our client;
- Profile and Usage Data, your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs).
- Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform.
- Physical Access Data, relating to details of your visits to our premises.
Information about other people
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How do we collect your personal data?
The circumstances in which we can collect personal data about you include:
- when you or your organisation seek services from us or use any of our online client services;
- when you or your organisation offer to provide, or provides, services to us;
- when it is provided to us by a third party because you are the subject of, or your data is otherwise included in, services we are asked to provide to that third party client;
- when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our consultants and staff;
- when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
- when you attend our seminars or other events or sign up to receive personal data from us, including training;
- by making enquiries from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.
If you fail to provide personal data
Where we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.
How will we use your personal data?
We use your personal data only for the following purposes:
- To fulfil a contract, or take steps linked to a contract, with you or your organisation. This includes:
- to provide and administer services or solutions, as instructed by you or your organisation;
- to process payments, billing and collection; and
- to process applications for employment.
- As required by Aftermap to conduct our business and pursue our legitimate interests, in particular:
- to administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
- to carry out background checks, where permitted;
- to analyse and improve our services and communications and to monitor compliance with our policies and standards;
- to manage access to our premises and for security purposes;
- to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for insurance purposes;
- to exercise or defend our legal rights or to comply with court orders;
- to provide services to our clients; and
- to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of client surveys, marketing campaigns, market analysis, or other promotional activities; and
- to collect information about your preferences to personalise and improve the quality of our communications with you.
Please note that we will only provide you with marketing related information when we have a previous contractual relationship or a business relationship with you and provided you do not opt-out to receive those communications. You have the opportunity to opt-out at any time as explained in the “Right to withdraw consent” section of this Notice.
For purposes required by law, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes.
We will not use your personal data for taking any automated decisions affecting or creating profiles other than as described above.
Disclosure of your personal data
We share your personal data, in the following circumstances:
- with our subsidiary undertakings, with subsidiary undertakings of Aftermap and/or affiliates for the purposes of providing you with our services as described in this Privacy Notice;
- with third parties including certain service providers we have retained in connection with the services we provide;
- if we have collected your personal data in the course of providing services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
- on a confidential basis with third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
- with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- with service providers who we engage within or outside of Aftermap, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only;
- if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Information we transfer
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Notice. We may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses or arrangements.
Security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to firstname.lastname@example.org or use our contact form. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
You have various rights with respect to our use of your personal data:
Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using our contact form.
Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
Erasure: You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting email@example.com or using our contact form together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
Right to withdraw consent
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
To opt-out of receiving our marketing communications please follow the opt-out links on any marketing message sent to you or contact firstname.lastname@example.org or use our contact form. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our services.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Aftermap or entities to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at email@example.com.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.