Terms and conditions of the contract: your rights under GDPR (General Data Protection Regulation) & PECR (Privacy and Electronic Communications Regulations).
This contract is between you, the data subject, and Executive Grapevine International Limited.
The contract is at the request of the data subject.
Your privacy is important to us and we take it very seriously. We want to help everyone who uses Executive Grapevine International Ltd’s (EGIL) services to get the most out of them. This policy covers all our brands – HR Grapevine, HR Grapevine Live, HRGrapevineVirtual Live Events, Executive Grapevine and myGrapevine and their associated products and services including webinars, virtual round tables, lead generation, solus campaigns, advertising, and third party partner licenses hosted on our platforms.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. The UK has voted to leave the EU but currently remains in transition until the end of 2020 and therefore, the GDPR will be applicable until that date. Furthermore, the Information Commissioner's Office (ICO) has laid out its intention to continue with a similar level of regulation post 31/12/2020 or on whichever date the UK does leave the EU should that be sooner or later.
The policy below lays out in simple English how the GDPR and the current PECR (soon to be updated to a new e-Privacy Regulation) applies to the way EG handles your personal data. Our aim is to be responsible, relevant, and secure when using your data.
As a company, we are dedicated to safeguarding the personal data of our customers and employees. In accordance with this commitment, we comply with the principles of the General Data Protection Regulation (GDPR) when collecting, utilizing, and handling personal data. This includes adherence to principles of legality, fairness, and transparency; limiting data collection to specific purposes; minimizing the amount of data collected; ensuring accuracy; limiting data storage; maintaining integrity and confidentiality; and being accountable for data protection.
Executive Grapevine International Ltd specialises in business and industry news, commercial product information and professional networking across of range of professional industries and services. Our expectation is that individuals giving consent by share these aims and objectives. If this is not your expectation, please do not subscribe or enter into a positive or confirmatory action on our platforms. Entering your personal data into the subscription box, creating an account on myGrapevine either online or via the app or downloading a whitepaper are all examples which indicate that you have read and understood the terms and conditions of the policy. Entering a comment, question, like or follow or request to join a virtual or social media group controlled by EGIL will also be considered to be a positive action and consent to data processing for marketing under GDPR.
Please take a moment to read through what information we collect about you, who we share it with and how they might use it.
Who controls my personal data?
- The Data Controller is Executive Grapevine International Limited. It is Registered in the UK Company Number 2789779
- Rosanne House, Parkway, Welwyn Garden City, Hertfordshire, AL8 6HG
- The Data Controller’s representative is the Director of Data Protection
- You can contact them at [email protected]
- You can call them on 01707 351 451
- Executive Grapevine International Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number Z4934840
What is the purpose and legal basis of the processing?
- At EGIL we will rely on your ‘consent’ to process personal data. This is defined by the new General Data Protection Regulation (GDPR) standard of ‘consent’ as it’s legal basis for processing personal data
- GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subjects’ wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’
- By agreeing to the consent box you have accepted that you understand and accept this as a valid legal basis for processing your personal data
- We may also contact you on behalf of some carefully selected, GDPR compliant and professionally relevant group of industry suppliers to share their knowledge and insights with you through our branded channels. We will identify these clients in advance either via a dedicated email (solus), or on our website or social media channels so you can be sure of who you are giving consent to.
- Until such time as PECR is repealed, we may also share your details with clients of EGIL who demonstrate that they satisfy the requirements of Recital 47 through the submission of a Legitimate Interest Assessment. This assessment will be lodged with EGIL and reviewed by EGIL’s Head of Data Protection to ensure compliance in advance of any data sharing. These LIA are available to view on request. EGIL guarantee not to pass on your details to any company which fails to provide the necessary evidence of GDPR compliance in regard to safeguarding your personal details.
What data will the Controller collect and process?
- The categories of personal data are your name, your job title, your company name, your company address and your business email. We also collect data on website usage to improve your online experience and serve up more focused content.
- If you have an entry in our professional directories it may also include information you have provided on your areas of sector expertise or specialism
- Personal Data may also include a link to a professional profile photograph if one is available in the public domain e.g. LinkedIn, Twitter, Business Facebook or your Corporate website
- No links to personal or private websites – even if they are in the public domain will be collected, stored or processed
Who will have access to the data?
- Executive Grapevine International Limited. All our employees and data processors that have access to, and are associated with, the processing of your personal information are legally obliged to respect the confidentiality of your data and are bound by contract to do so.
- It may be necessary for the purposes of delivering digital communication to share personal data with technology platforms like Twitter, LinkedIn, Facebook, Google, Salesforce, Pardot, Stripe and Sage. There may be others of a similar nature. We guarantee to only to use suppliers who meet the GDPR standards.
- Under current PECR guidelines, we may also share your electronic details with clients of EGIL who satisfy the criteria for processing under legitimate interest. Clients may include HR & Recruitment professionals, as well as supplier firms who serve those areas, including HR & Recruitment Consultancies and Business Services. We charge them for this service. Part of this provision means you will always be given a straightforward way to opt out from receiving communications each time.
- We prioritize the security and safe storage of your personal information. Our robust measures include physical, administrative, and technical safeguards to prevent unauthorized access, theft, loss, or misuse of your data. Your information is securely stored on restricted-access servers and transmitted with encryption for enhanced protection. Our security practices undergo regular review to align with the latest standards. It's important to note that while we make every effort to safeguard your data, no method of transmission or storage over the internet can guarantee absolute security.
Will the data leave the UK? If so, what safeguarding measures are in place?
- Executive Grapevine International Limited has advised all parties that data may not be transferred outside of the UK without submitting satisfactory proof of their safeguarding methods and proof of a certified privacy shield
How long will the data be kept for?
- The Retention period for personal data is 5 years. We have chosen five years because it is the average length of time a UK Manager remains in their post.
- EGIL will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period
- What are my rights?
Executive Grapevine confirms the following rights to each Data Subject:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
For data subjects based in the European Union our representative under Article 27 of the GDPR is:
INSTANT EU GDPR REPRESENTATIVE LIMITED
Office 2, 12A LOWER MAIN STREET
LUCAN CO. DUBLIN
Email: [email protected]
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the supervisory authority.
Privacy notice for California Consumer Privacy Act
This section is intended for California residents and supplements the above.
Rights for California residents
If you are a California resident, the California Consumer Privacy Act (CCPA) may provide you with additional rights regarding the use of your personal information. These rights include:
- The right to access the personal information we process about you;
- The right to know what personal information is collected about you and if any information is sold or disclosed, and to whom;
- The right to request the deletion of your personal information, if applicable;
- The right to opt-out from the sale of your personal information, if applicable;
- The right to not be discriminated against for exercising any of the rights above.
You can exercise any applicable rights by emailing [email protected] or contacting us using our online enquiry form. You may be required to submit proof of your identity and/or address, if we are unable to confirm your identity or cannot verify that you are a California resident. We endeavor to respond to a verifiable consumer request within 45 days. You may also designate an authorised agent to make a request on your behalf, subject to proof of identity and authorisation.
Categories of Personal Information We Collect and the Sources
- We collect the following categories of personal information:
- Identifiers (such as name, postal address, email address, phone number, or IP address)
- Legally protected classifications (such as gender and marital status)
- Commercial information (such as transaction data)
- Financial data (such as billing information)
- Internet or other network or device activity (such as browsing history or app usage)
- Location information (e.g. inferred from your IP address)
- Professional or employment-related data (such as the name of your employer)
- Inferences drawn from other information we collect
- Other information that identifies or can be reasonably associated with you
Some of the personal information we collect may also be treated as "sensitive personal information" under the CCPA. We collect the following categories of "sensitive personal information":
- Your account log in details (username and password)
- The contents of a consumer’s email where EGIL provides email services
All of the categories of personal information we collect about you come from the following categories of sources:
- You, including through your use of our services
- Automatically collected from you
- Other parties, including when you give permission to social networks to disclose your information with us or where you have made your personal information publicly available online
Categories of Third Parties with Whom We Share Personal Information
We disclose all of the categories of personal information we collect about you (as detailed above) with the following categories of third parties:
- Our affiliate companies
- Aggregators (such as analytics services)
- Third parties (such as vendors that provide services to us and our integration partners)
We also use service providers to serve you with advertisements that we believe are relevant to you. These third parties are permitted to process your personal information only for the purposes of providing services to EGIL this may include the use of their own cookies or similar technologies to collect your personal information (IP address or other unique identifier) as part of providing their services to EGIL.
Do Not Sell My Personal Information
If you are a California resident, the CCPA also provides you with a right to opt-out of the sale of your personal information. The definition of sale is extremely broad under the CCPA, and may include sharing certain pieces of information with our advertising partners, such as cookie identifiers, geolocation and interactions with advertisements, for the purposes of showing you advertising that is relevant to your interests.
You can choose to block sharing of this data with advertisers. This means that we turn off some types of advertising based on information you have given us and your use of our Sites, ensuring that our advertising partners do not receive this data. By opting out, you will stop receiving adverts that are targeted specifically to you; however, you will still see the same number of adverts on our Sites.
We keep our privacy notice under regular review to make sure it is up to date and accurate. This policy was last updated: December 2023