GDPR & ePrivacy Policy

Terms and conditions of the contract: your rights under GDPR (General Data Protection Regulation) & PECR (Privacy and Electronic Communications Regulations).

This contract is between you, the data subject, and Executive Grapevine International Limited.

The contract is at the request of the data subject.

Your privacy is important to us and we take it very seriously. We want to help everyone who uses Executive Grapevine International Ltd’s (EGIL) services to get the most out of them. This policy covers all our brands – HR Grapevine, HR Grapevine Live, HRGrapevineVirtual Live Events, Executive Grapevine and myGrapevine and their associated products and services including webinars, virtual round tables, lead generation, solus campaigns, advertising, and third party partner licenses hosted on our platforms.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. The UK has voted to leave the EU but currently remains in transition until the end of 2020 and therefore, the GDPR will be applicable until that date. Furthermore, the Information Commissioner's Office (ICO) has laid out its intention to continue with a similar level of regulation post 31/12/2020 or on whichever date the UK does leave the EU should that be sooner or later.

The policy below lays out in simple English how the GDPR and the current PECR (soon to be updated to a new e-Privacy Regulation) applies to the way EG handles your personal data. Our aim is to be responsible, relevant, and secure when using your data.

As a company, we are dedicated to safeguarding the personal data of our customers and employees. In accordance with this commitment, we comply with the principles of the General Data Protection Regulation (GDPR) when collecting, utilizing, and handling personal data. This includes adherence to principles of legality, fairness, and transparency; limiting data collection to specific purposes; minimizing the amount of data collected; ensuring accuracy; limiting data storage; maintaining integrity and confidentiality; and being accountable for data protection.

Executive Grapevine International Ltd specialises in business and industry news, commercial product information and professional networking across of range of professional industries and services. Our expectation is that individuals giving consent by share these aims and objectives.  If this is not your expectation, please do not subscribe or enter into a positive or confirmatory action on our platforms. Entering your personal data into the subscription box, creating an account on myGrapevine either online or via the app or downloading a whitepaper are all examples which indicate that you have read and understood the terms and conditions of the policy. Entering a comment, question, like or follow or request to join a virtual or social media group controlled by EGIL will also be considered to be a positive action and consent to data processing for marketing under GDPR.

Please take a moment to read through what information we collect about you, who we share it with and how they might use it.

Who controls my personal data?

  • The Data Controller is Executive Grapevine International Limited. It is Registered in the UK Company Number 2789779
  • Rosanne House, Parkway, Welwyn Garden City, Hertfordshire, AL8 6HG
  • The Data Controller’s representative is the Director of Data Protection 
  • You can contact them at [email protected] 
  • You can call them on 01707 351 451 
  • Executive Grapevine International Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number Z4934840

What is the purpose and legal basis of the processing?

  • At EGIL we will rely on your ‘consent’ to process personal data. This is defined by the new General Data Protection Regulation (GDPR) standard of ‘consent’ as it’s legal basis for processing personal data
  • GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subjects’ wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’
  • By agreeing to the consent box you have accepted that you understand and accept this as a valid legal basis for processing your personal data
  • We may also contact you on behalf of some carefully selected, GDPR compliant and professionally relevant group of industry suppliers to share their knowledge and insights with you through our branded channels. We will identify these clients in advance either via a dedicated email (solus), or on our website or social media channels so you can be sure of who you are giving consent to.  
  • Until such time as PECR is repealed, we may also share your details with clients of EGIL who demonstrate that they satisfy the requirements of Recital 47 through the submission of a Legitimate Interest Assessment. This assessment will be lodged with EGIL and reviewed by EGIL’s Head of Data Protection to ensure compliance in advance of any data sharing. These LIA are available to view on request. EGIL guarantee not to pass on your details to any company which fails to provide the necessary evidence of GDPR compliance in regard to safeguarding your personal details.

What data will the Controller collect and process?

  • The categories of personal data are your name, your job title, your company name, your company address and your business email. We also collect data on website usage to improve your online experience and serve up more focused content. 
  • If you have an entry in our professional directories it may also include information you have provided on your areas of sector expertise or specialism
  • Personal Data may also include a link to a professional profile photograph if one is available in the public domain e.g. LinkedIn, Twitter, Business Facebook or your Corporate website
  • No links to personal or private websites – even if they are in the public domain will be collected, stored or processed

Who will have access to the data?

  • Executive Grapevine International Limited. All our employees and data processors that have access to, and are associated with, the processing of your personal information are legally obliged to respect the confidentiality of your data and are bound by contract to do so.
  • It may be necessary for the purposes of delivering digital communication to share personal data with technology platforms like Twitter, LinkedIn, Facebook, Google, Salesforce, Pardot, Stripe and Sage. There may be others of a similar nature. We guarantee to only to use suppliers who meet the GDPR standards.
  • Under current PECR guidelines, we may also share your electronic details with clients of EGIL who satisfy the criteria for processing under legitimate interest. Clients may include HR & Recruitment professionals, as well as supplier firms who serve those areas, including HR & Recruitment Consultancies and Business Services. We charge them for this service. Part of this provision means you will always be given a straightforward way to opt out from receiving communications each time.
  • • We prioritize the security and safe storage of your personal information. Our robust measures include physical, administrative, and technical safeguards to prevent unauthorized access, theft, loss, or misuse of your data. Your information is securely stored on restricted-access servers and transmitted with encryption for enhanced protection. Our security practices undergo regular review to align with the latest standards. It's important to note that while we make every effort to safeguard your data, no method of transmission or storage over the internet can guarantee absolute security.

Will the data leave the UK? If so, what safeguarding measures are in place?

  • Executive Grapevine International Limited has advised all parties that data may not be transferred outside of the UK without submitting satisfactory proof of their safeguarding methods and proof of a certified privacy shield

How long will the data be kept for?

  • The Retention period for personal data is 5 years. We have chosen five years because it is the average length of time a UK Manager remains in their post.
  • EGIL will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period
  • What are my rights?

Executive Grapevine confirms the following rights to each Data Subject:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

EU Representative

For data subjects based in the European Union our representative under Article 27 of the GDPR is:

K78 X5P8
Email: [email protected]

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the supervisory authority n dissatisfied, you can make a complaint about the way we process your personal information to the supervisory authority.

We keep our privacy notice under regular review to make sure it is up to date and accurate. This policy was last updated: May 2023