(A) This Notice
This Notice is issued by Ispahani Advisory Limited (“we” or “our”) and is addressed to clients, candidates, referees, sources and other individuals outside our organisation with whom we interact, as well as other users of our website and services (together, “you”).
For the purposes of this Notice Ispahani Advisory Limited is the Controller and responsible for your personal data. If you have any questions about this Notice or have any requests to exercise your rights, our contact details are provided in Section (P) below.
This Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Notice. Where we make any material changes to this Notice, these will be communicated to you via our website.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
(B) Collection of Personal Data
Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect Personal Data about you from the following sources:
• Data you provide: We may obtain your Personal Data when you provide it to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your CV or business card).
• Relationship data: We may collect or obtain your Personal Data in the ordinary course of our relationship with you (e.g., if you purchase a service from us).
• Third parties or data you make public: We may collect or obtain your Personal Data from various third parties that you choose to make public, including via social media (e.g., we may collect personal details and other information from your social media profile(s) such as your LinkedIn account).
• Content and advertising information: If you choose to interact with any third party content or advertising on a website, we may receive Personal Data about you from the relevant third party.
(C) Creation of Personal Data
We may also create Personal Data about you, such as records of your interactions with us, and any interactions we have with clients on your behalf.
(D) Categories of Personal Data we may collect, use, store, transfer and Process
We may collect, use, store, transfer and Process the following categories of Personal Data about you:
• Personal details: given name(s); preferred name; photograph; employment history; education; and other typical CV content.
• Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
• Contact details: correspondence address; telephone number; email address; and details of your public social media profile(s).
• Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
• Employer details: where you interact with us in your capacity as an employee, the name, address, telephone number and email address of your employer, to the extent relevant.
(E) Lawful basis for Processing Personal Data
In Processing your Personal Data in connection with the purposes set out in this Notice, we may rely on one or more of the following legal bases, depending on the circumstances:
• Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
• Contractual necessity: We may Process your Personal Data where the Processing is necessary in connection with any contract that you may enter into with us; and
• Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law; or
• Legitimate interests: We may Process your Personal Data where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
(F) Sensitive Personal Data
We do not seek to collect or otherwise Process your Sensitive Personal Data in the ordinary course of our business (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Where it becomes necessary to process your Sensitive Personal Data for any reason, we rely on one of the following legal basis:
• Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
(G) Purposes for which we may Process your Personal Data
We set out below the purposes for which we may Process your Personal Data, subject to applicable law, and our legitimate interests in brackets (where appropriate). These include:
• Provision of services to you: providing you with services that you have requested; providing you with promotional items at your request; and communicating with you in relation to those services (contractual necessity).
• Compliance checks: fulfilling our compliance obligations, including ‘Know Your Client’ checks; and confirming and verifying your identity; and screening against government and/or law enforcement agency sanctions lists and other legal restrictions (compliance with applicable law).
• Communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required (contractual necessity and our legitimate interest to grow our business and inform our marketing strategy).
• Communications and IT operations: management of our communications systems; operation of IT security systems; and IT security audits (necessary to comply with a legal obligation and our legitimate interests for the running of the business and the provision of IT services).
• Financial management: sales; finance; corporate audit; and vendor management (contractual necessity and our legitimate interest to keep our records updated).
• Legal compliance: compliance with our legal and regulatory obligations under applicable law (compliance with applicable law).
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
(H) Disclosure of Personal Data to third parties
We may disclose your Personal Data to:
• legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
• accountants, auditors, lawyers and other outside professional advisors to Ispahani Advisory Limited, subject to binding contractual obligations of confidentiality; and
• any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.
(I) International transfer of Personal Data
Because of the international nature of our business we may transfer your Personal Data to other countries outside the European Economic Area (EEA) that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
However, if we send your Personal Data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information.
(J) Data security
We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us is sent securely.
(K) Data accuracy
We take every reasonable step to ensure that:
• your Personal Data that we Process is accurate and, where necessary, kept up to date; and
• any of your Personal Data that we Process that is inaccurate are erased or rectified without delay.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
(L) Data minimisation
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Notice.
(M) Data retention
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Notice.
The criteria for determining the duration for which we will keep your Personal Data are as follows: we will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Notice, unless applicable law requires a longer retention period. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.
(N) Your legal rights
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:
• the right not to provide your Personal Data to us;
• the right to request access to, or copies of, your Personal Data, together with information regarding the nature, Processing and disclosure of those Personal Data;
• the right to request rectification of any inaccuracies in your Personal Data;
• the right to request:
o erasure of your Personal Data; or
o restriction of Processing of your Personal Data;
• the right to object to the Processing of your Personal Data by us or on our behalf; and
• the right to have Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable; and
• the right to withdraw consent where we are relying on consent to process your Personal Data.
This does not affect your statutory rights and you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights).
To exercise one or more of these rights, to ask a question about these rights or any other provision of this Notice, or about our Processing of your Personal Data, please use the contact details provided in Section (P) below.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
(O) Direct marketing
Where you have not opted our of receiving marketing, we may from time to time Process your Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding services such as roundtable events or educational programmes that may be of interest to you. If we provide services to you, we may send information to you regarding our services, and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law.
You can ask us to stop sending you marketing messages at any time by contacting us at any time.
(P) Contact details
If you have any comments, questions or concerns about any of the information in this Notice, or any other issues relating to the Processing of Personal Data carried out by us, or on our behalf, please contact:
Ispahani Advisory lIMITED
Company number: 08084764
Registered office address: Suite 1, 3rd Floor 11-12 St. James’s Square, London, United Kingdom, SW1Y 4LB
Chief Administrative Officer
Telephone number: 020 7052 9094
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
This notice was last updated on 25 May 2018.