This privacy statement describes the practices Aurexia and Aurexia entities follow to respect the privacy of our clients and potential clients, including all visitors to our website.
In this statement, personal information means data which relates to an individual and which identifies this individual, either directly or indirectly.
Table of contents
- What does this privacy statement cover?
- What information do we collect and how do we use it?
- The legal grounds we have to use your personal information
- To whom we disclose your personal information
- How do we protect your personal information?
- How long do we keep your personal information for?
- Your rights
- Right to complain
- Changes to this privacy statement
What does this privacy statement cover?
This privacy statement describes our commitment to protecting your privacy and handling your information in an open and transparent manner.
This privacy statement sets out how we will collect, handle, store, and protect information about you when you use our website, or we perform any other activities that form part of the operation of this website.
What information do we collect and how do we use it?
We may obtain personal information about you if you choose to provide it – for example, if you contact us or register on our website for certain services. If you do not provide any personal information through our website, we will not collect or store it.
If you log into our website through a third party platform or website, such as LinkedIn, we may receive any personal data that you have permitted the social media provider to share with us, such as your name and email address. Other information we collect will depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service.
The personal information that we collect or obtain in such circumstances may include: your name; e-mail address; country of residence; employment and education details; your IP address; your browser type, and language settings.
We do not intentionally collect any special categories of personal data (sensitive personal information) via our website, unless in specific cases, for example, for recruitment purposes. Any sensitive personal information we collect will be for monitoring purposes only to ensure we are delivering on our commitment to diversity and inclusion. Sensitive personal information includes: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade-union membership; genetic or biometric data for the purpose of uniquely identifying a natural person; data concerning health; or data concerning a natural person’s sex life or sexual orientation.
We understand the importance of protecting children’s privacy. Our website and services are not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.
Aurexia generally only collects the personal information necessary to manage and respond to any request you submit through our website.
The legal grounds we have to use your personal information
We are required by law to set out in this privacy statement the legal grounds which we rely on, in order to process your personal information.
We will only use your personal information if:
- It is necessary for us to deliver a contract; or
- We have a legal and regulatory obligations (e.g. we need to maintain the information to be able to provide it to a public body or law enforcement agency); or
- We have a legitimate reason, and interest to help run our business, as long as it does not outweigh your interests.
We will only process sensitive personal information relating to you if:
- You have given us your explicit consent to process that data; or
- The processing is necessary for the establishment, exercise or defence of legal claims; or
- You have made the data manifestly public.
Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can contact us to unsubscribe from our distribution list, by sending an email to firstname.lastname@example.org.
To whom we disclose your personal information
We may share information about you to:
- Other member firms of the Aurexia network as part of international engagements; and/or
- Third parties that provide services to us and/or the Aurexia network, such as hosting and supporting IT applications; and/or
- Competent authorities (including courts and authorities regulating us or another member of the Aurexia network) and other third parties that reasonably require access to personal information relating to you.
We will not transfer the personal information you provide to any third parties for their own direct marketing use.
Please note that some of the recipients of your personal information referenced above may be based in countries outside of the European Union, whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal information that comply with our legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses, approved by the European Commission for transfers of personal information to third countries.
How do we protect your personal information?
We use a range of physical, electronic and managerial measures to ensure that we keep your personal information secure, accurate and up to date. These measures include:
- Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;
- Administrative and technical controls to restrict access to personal information;
- Technological security measures, including firewalls, encryption, and anti-virus software;
- Physical security measures, such as staff security passes to access our premises.
Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secure. Despite our best efforts to protect personal information, we cannot guarantee the security of data transmitted to us or by us against all threats.
How long do we keep your personal information for?
We will hold your personal information on our systems for the longest of the following periods:
- As long as the information is necessary for the relevant activity or services;
- Any retention period that is required to comply with legal, regulatory, or policy requirements;
- The end of the period in which litigation or investigations might arise in respect of the services;
- Until you ask for your information to be deleted.
You have various rights in relation to your personal information. These include:
- Being informed that we are processing your personal information and requesting a copy of the personal information we hold about you (“subject access request”). We will endeavour to provide you with access to your personal data with one month of you submitting the subject access request, as long as your request is not manifestly unfounded or excessive;
- Being able to ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- Being able to ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- Restrict, or object to the processing of your personal information.
To exercise any of your rights, or if you have any other questions about our use of your personal information, please contact us at email@example.com.
Right to complain
If you are unhappy with the way we have handled your personal information or any privacy query or request that you have raised with us, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction. For example, in the UK, you have a right to complain to the Information Commissioner’s Office. If you would like to be directed to the appropriate DPA, please contact us at firstname.lastname@example.org.
Changes to this privacy statement
We may modify or amend this privacy statement from time to time. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting y