Privacy Notice – How Infospectrum treats your personal information
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Infospectrum Ltd ("Infospectrum") collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK General Data Protection Regulation (UK GDPR) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Who this policy applies to
Infospectrum is a business to business research organisation so we only process limited amounts of personal data. Most of this will relate to contact details of individuals at our clients, suppliers and prospective clients with whom we need to communicate in order to market and/or provide services to, and/or receive services from, the organisations these individuals belong to or represent.
In addition, in conducting our business research we may collect limited amounts of personal data about individuals at or related to the organisations we are researching ("research targets"); this is usually, but not always, from public sources.
The personal information we collect and use
Information collected by us from you
- e-mail address and other contact details at your organisation
- information relevant to the research target
Information we collect about you automatically each time you visit our website
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information if applicable, geographical location, domain name from which you access the internet, browser type and version;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs).
Information collected from other sources
- data available from records and registers whether open to the public or proprietary
- data available from news sources
- data available from financial documents
- data others supply to us regarding your ownership and relationship with a research target
Occasionally this may also include criminal offence data as further explained below.
How we use your personal information
We use your personal information to:
- communicate with you
- market you (where relevant)
- perform our contract with the organisation you represent
- exercise the rights granted by our contract with the organisation you represent
- carry out research relating to the research target in question
Who we share your personal information with
- our clients in the context of providing research reports and analysis to them (where relevant)
Other sharing of your information
We may also share your information with any IT outsourcing providers and our auditors and professional advisers where required and also within the Infospectrum group of companies where this is required for our group's activities and reporting purposes.
We may also share your information with third parties where required in connection with the sale or reorganisation of our business or that of our group.
We will share personal information with law enforcement or other authorities if required by applicable law.
Whether information has to be provided by you, and if so why
The provision of contact information from you and other relevant information is required from you to enable us to communicate with you and where relevant to enable us to enter into and perform our contract with your organisation. We will inform you at the point of collecting information from you (including via this Privacy Notice), whether you are required to provide the information to us.
How long your personal information will be kept
- We will hold information relating to tax for as long as we are required to retain this information by applicable tax law
- We will keep information relating to our research reports for as long as required in the context of our research and related future research activities
- Account information is kept as long as the customer/client/supplier is active and thereafter at the latest for the relevant legal limitation period under UK or other applicable law
- Other information is kept for as long as we have a legitimate need to retain and use
Reasons we can collect and use your personal information
As a business we rely in general on our legitimate interests in order to lawfully process your personal information. We are processing your personal data in a business context and as part of a mutually beneficial business relationship if you are working for a client, a prospective client or a supplier. The information we collect is limited to what is necessary to communicate with you or your organisation in the context of our business relationship with the organisation you represent.
If you are an individual related to a research target (e.g. a director, founder or a beneficial owner) we will be processing your personal information in order to provide business research to our clients which we consider to be in the legitimate interests of both ourselves and our clients. In this case your personal data is only being processed in relation to research on business organisations (rather than in relation to you as an individual). Where reasonably possible it is also our practice to seek to verify such information either from you or from a third party.
In addition, where we have a contract with you we may need to process your personal information to perform the contract and this is also a lawful basis for our processing.
We may also rely on your consent as the lawful basis processing where the law requires us to obtain consent (e.g. for certain categories of electronic marketing).
For criminal offence data, Infospectrum relies on legitimate interests as the lawful basis to process the data as well as regulatory requirements relating to unlawful acts and dishonesty, and/or manifestly made public by the data subject, as part of the required condition under Schedule 1 of the DPA 2018.
Transfer of your information outside of the UK
We may transfer your personal information to the following which are located outside the UK as follows:
- [to our clients located outside the UK]
- to any outsourced service providers we may use to process data on our behalf
- to our affiliated companies (Infospectrum entities and regional branches, such as our companies in Singapore and Australia]
Such countries may not have the same data protection laws as the United Kingdom.
If you would like further information please contact us (see ‘How to contact us’ below).
Under the UK GDPR you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information that this Privacy Notice is already designed to address
- access to your personal information and to certain other supplementary information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- withdraw your consent to our processing where we are relying on consent as the lawful basis for the processing in question
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on rights for individuals under the UK GDPR.
If you would like to exercise any of those rights, please:
- email, call or write to us
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates,
If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’
button at the bottom of the email newsletter. It may take up to 10 business days for this to take place.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this privacy notice
This privacy notice was published on 15 June 2021 and last updated on 15 August 2023.
We may change this privacy notice from time to time. Please check this page periodically to inform yourself of any changes.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
Our Data Protection Officer is Matthew Pickin. You can contact him at firstname.lastname@example.org or via our postal address: 60 St. Aldates, Oxford, OX1 1ST