Privacy Notice
Effective date: April 3, 2023
Privacy Notice
(A) Who we are: Perrenial is the controller of your personal information, and is responsible for your personal information. Perrenial is the trading name of Apache Risk Consulting Limited, registered in England and Wales under company number 11644634. Its registered office is at International House 36-38 Cornhill, London EC3V 3NG, United Kingdom. All references in this policy to "our website" refer to the website owned by Perrenial at website address www.perrenial.co.uk.
This Privacy Notice covers scenarios in which Perrenial is the controller of your personal information. There may be situations in which Perrenial acts as a processor of your personal information. Where Perrenial acts as processor, please refer to the Privacy Notice of the relevant controller to find out more about how your personal data is being processed and how to exercise your rights.
(B) What this policy is for: We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information which you can find in section 11.
In line with these values, this Privacy Notice contains information about Perrenial’s policies governing the collection and use of your personal information. It describes the personal information that we collect, how we use this information, the legal basis on which we process it, with whom it is shared and how it is stored.
Please read this Privacy Notice carefully to understand how we handle personal information.
(C) Who this policy applies to: We value the privacy of those who provide personal information to us and this Privacy Notice applies to:
1. our customers and potential customers;
2. personnel who work for our customers;
3. members of the schemes to which we provide services;
4. website visitors, people who contact us with enquiries and people who engage with us via social media; and
5. suppliers, contractors (including potential suppliers and contractors) and other third parties with whom we engage on a business-to-business basis.
(D) What this policy contains: This policy describes the following important topics relating to your information:
1. How we obtain your personal information;
2. Information we collect;
3. Use of information and our legal basis for processing;
4. Cookies;
5. Sharing your personal information;
6. Retention of personal information;
7. Security of your information;
8. Transfers of personal information;
9. Third-party websites;
10. Marketing;
11. Your rights; and
12. Comments and questions.
(E) Your rights to object: You have various rights in respect of our use of your personal information as set out in section 11. Two of the fundamental rights to be aware of are that:
1. you may ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
2. you may ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person's, legitimate interest.
You can find out more information in section 11.
What you need to do and your confirmation to us: Please read this Privacy Notice carefully to understand how we handle your personal information.
By accessing or browsing our website, contacting us on social media, using any of the services that we provide or otherwise providing your information to us, you confirm that you have read and understood this Privacy Notice.
From time to time we may need to make changes to this Privacy Notice. In the event that we update our Privacy Notice the updated version will be on our website and, where appropriate, notified to you by post or email. We advise you to regularly review this Privacy Notice. By continuing to use the services and our website to supply services to us you are confirming that you have read and understood the latest version of our Privacy Notice.
1. How we obtain your personal information
1.1 You may provide us with your personal information voluntarily. We may also receive information about you from third parties such as marketing agencies, market research companies, our suppliers, contractors and consultants, group companies, public websites and public agencies, which we refer to as "third-party sources" or "suppliers" throughout this policy. If you are a member of a scheme to which we provide services, we may acquire personal information from third parties such as insurance companies and medical professionals.
1.2 If you are a customer, an employee of one of our customers or a scheme member, you, your employer or your scheme trustee/administrator may give us personal information about you by using the online forms provided on our website, completing order forms, setting up an account with us, or by contacting us by phone, email or other means. If you are a customer or a potential customer, we may also obtain information about you from your company's website.
1.3 If you are a contractor or supplier (or a potential contractor or supplier) or other third-party with whom we engage on a business-to-business basis, you or your employer may give us personal information about you when you are, or it is offering or providing services, to us. We may also obtain information about you from your company's website.
1.4 If you are a journalist or work for an institution/trade association in our industry, we may collect information about you from public sources.
1.5 If you are a visitor to our website, you may give us personal information about yourself by using the online forms provided on our website, setting up an account with us, using bulletin boards or forums on our website, or by contacting us by phone, email or other means.
1.6 If you contact us on social media, we will collect certain information about you from your social media page and through your interactions with us or with information about our services.
1.7 We may acquire personal information from third-party providers in order to promote and market our services. Any such marketing will be carried out in accordance with section 10.
2. Information we collect
Please go to the section or sections below that best describes our relationship with you to find out the information that we collect about you and how we use this information. We refer to this as ‘personal information’ throughout this Privacy Notice:
2.1 Customers and potential customers; personnel who work for our customers; and members of the schemes to which we provide services
We, or third parties on our behalf, may collect and use any of the following information about you:
(a) Information about you:
(i) Your name
(ii) Address and post code
(iii) Email address
(iv) Telephone number
(v) Your job title
(vi) Company name
(vii) Company address
(viii) Account information
(ix) Gender
(x) Date of birth
(xi) Salary and pension details (and other financial information such as information about employee benefit schemes)
(xii) Marital status
(xiii) Health information
(xiv) Information provided in correspondence
(xv) Updates in information provided to us
(b) Information about the services we provide to you:
(i) Information needed to provide services to you
(ii) Customer services information
(iii) Customer relationship management and marketing information
Some of the personal information that we collect about you or which you or your employer provides to us about you may be special categories of data. Special categories of data include information about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, your physical and mental health or sexual life.
Please note that we need certain types of personal information so that we can provide services to you or so you, or your employer, can provide services to us. If you do not provide us with such personal information, or ask us to delete it, you may no longer be able to access our services or provide goods and services to us.
2.2 Suppliers, contractors (including potential suppliers and contractors) and other third parties with whom we engage on a business-to-business basis
We, or third parties on our behalf, may collect and use any of the following information about you:
(a) Information about you:
(i) Your name
(ii) Your work contact information (email address, postal address, telephone number)
(iii) Your job title
(iv) Company name and company details
(v) Information provided in correspondence
(vi) Updates in information provided to us
(b) Information about services we receive from you or your employer:
(i) Your website
(ii) Supplier due diligence information
Some of the personal information that we collect about you or which you or your employer provides to us about you may be special categories of data. Special categories of data include information about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, your physical and mental health or sexual life.
Please note that we need certain types of personal information so that we can provide services to you or so you, or your employer, can provide services to us. If you do not provide us with such personal information, or ask us to delete it, you may no longer be able to access our services or provide goods and services to us.
2.3 Visitors to our website, people who contact us with enquiries and people who engage with us via social media.
2.4 Personal information we collect about you:
(a) Your name
(b) Address and post code
(c) Email address
(d) Telephone number
(e) Information provided in correspondence
(f) Updates in information provided to us
(g) Your social media handle and/or other username
(h) Each time you visit our website we may automatically collect any of the following information:
(i) Technical information, including the Internet protocol (IP) address used to connect your computer to the internet, domain name and country which requests information, the files requested, browser type and version, browser plug-in types and versions, operating system and platform;(ii) Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.
3. Use of information and our legal basis for processing:
We, or third-party data processors acting on our behalf, collect, use and store the personal information listed above for the following reasons:
3.1 Visitors to our website, people who contact us with enquiries and people who engage with us via social media:
Purpose for processing | Legal basis for processing |
---|---|
To allow you to access and use our website. | Necessary for the performance of a contract (i.e. our website terms of use). |
To provide technical support. | Necessary for the performance of a contract (e.g. if you are unable to access services). Our legitimate interest in operating and improving our websites, and protecting your personal data. |
To provide you with the information and services that you request from us. | Necessary for the performance of a contract (i.e. where necessary to respond to enquiry). Our legitimate business interest in running, growing and developing our business. |
To ensure the security of our services and our website. | Our legitimate business interest in operating and improving our websites, and protecting your personal data. |
To recognise you when you return to our website. | Necessary for the performance of a contract (i.e. where necessary to remember and give effect to your preferences). Our legitimate business interest in operating and improving our websites. |
For improvement and maintenance of our website and preparing reports or compiling statistics in order to improve our services. Such details will be anonymised as far as is reasonably possible and you will not be identifiable from the information collected. | Our legitimate business interest in operating and improving our websites. |
3.2 Customers and potential customers; personnel who work for our customers; and members of the schemes to which we provide services
Purpose for processing | Legal basis for processing |
---|---|
To provide relevant services and support to you, your employer or scheme trustee/administrator. | Necessary for the performance of a contract. |
To deal with any enquiries or issues you have about our services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. | Necessary for the performance of a contract (i.e. to provide you with our service or where necessary to respond to your enquiry). Compliance with a legal obligation (i.e. assisting you to give effect to your rights with respect to the processing of your personal data). |
To send you certain communications (including by email or phone) about our services such as service announcements and administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges). | Necessary for the performance of a contract (i.e. where the communication is necessary for you to receive or continue to receive our service). Our legitimate interest in running, growing and developing our business. |
To allow you to attend our events. | Necessary for the performance of a contract (i.e. where such events are part of the service we provide). Our legitimate interest in running, growing and developing our business. |
For health and safety and quality assurance. | Compliance with a legal obligation. Our legitimate interest in improving our services. |
To carry out statistical analysis and market research. | Our legitimate interest in running, growing and developing our business. |
We may intercept, monitor and/or keep records of email communications entering and leaving our systems for security and training reasons and in line with our information handling policies. | Our legitimate interest in preventing violations of our terms and policies or other harmful or illegal activity, and in improving our customer service. |
3.3 Suppliers, contractors (including potential suppliers and contractors) and other third parties with whom we engage on a business-to-business basis
Purpose for processing | Legal basis for processing |
---|---|
To enable us to receive and manage services from you (including supplier due diligence, payment and expense reporting and financial audits). | Necessary for the performance of a contract. |
For health and safety records and management. | Compliance with a legal obligation. |
To assess your working capacity. | Necessary for the performance of a contract. |
To confirm information on CVs and perform reference checks, to assess you or your employer’s suitability to work for us. | Compliance with a legal obligation. Our legitimate interest in managing our workforce, minimising our risks and maintaining effective business operations. |
For equal opportunities monitoring. | Compliance with a legal obligation. Our legitimate interest in ensuring effective business management and diversity within our business. |
We may intercept, monitor and/or keep records of email communications entering and leaving our systems for security and training reasons and in line with our information handling policies. | Our legitimate interest in preventing violations of our terms and policies or other harmful or illegal activity, and in improving our customer service. |
3.4 Whatever our relationship with you is, we may collect, use and store the personal information listed above for the following reasons:
Purpose for processing | Legal basis for processing |
---|---|
For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. | Our legitimate business interest in running, growing and developing our business. |
To comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so. | Compliance with a legal obligation. Our legitimate interest in preventing and addressing frauds, violations of our terms and policies, or other harmful or illegal activity. |
To establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so. | Our legitimate interest in responding to complaints; preventing and addressing any harmful or illegal activity; seeking legal advice and protecting ourselves, our users or others. |
If you contact us on social media, to monitor your interactions with us and our brand online, where it is in our legitimate interests to do so for market research and for planning future marketing campaigns. | Our legitimate business interest in running, growing and developing our business. If you are a consumer, the lawful basis for this activity will be consent – please see below for more details. |
If you are a journalist, where it is in our legitimate interests to contact you to invite you to write a news article about our services; to invite you to events, send you promotional material and for press releases. | Our legitimate business interest in running, growing and developing our business. |
3.5 We may use your special categories of data where you have provided your consent (which you may withdraw at any time after giving it, as described below).
3.6 In the future, other use of other personal information may be subject to your consent (which can be withdrawn at any time after giving it, as described below). Where this is the case, that need for consent will be identified in this Privacy Notice.
3.7 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at asad.khalil@perrenial.co.uk and we will stop doing so. However, if you withdraw your consent, this may impact the ability for you to be able to provide services to us (for example, if those services require health assessments that involve use of your special categories of data) or for us to provide services to you.
4. Cookies
4.1 To ensure that our website is well managed and to facilitate improved navigation within the website, some pages use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to:
(a) Offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences;
(b) Manage our website by enabling us to develop the content and functionality of the website to better meet the needs of users;
(c) Track information on our systems and identify categories of users by items such as address, browser type and pages visited; and
(d) Analyse the number of visitors to different areas of the website and to ensure that the website is serving as a useful, effective information source.
4.2 Where we use cookies on our website, you may block these or save your preferences for cookies at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies or set your preferences in our online cookie management platform. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.
4.3 For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy here: Cookie Policy.
5. Sharing your personal information
5.1 We may share your personal information with any company that is a member of our group, where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of services to our customers, management information, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance). We may also share your personal information with our group companies where they provide products and services to us.
5.2 We will share your personal information with the following categories of third parties:
(a) Our service providers and sub-contractors, including but not limited to our online benefits software provider, payment processors, suppliers of technical and support services, insurers, auditors, logistic providers, and IT service providers;
(b) Companies that assist us in our marketing, advertising, and promotional activities; and
(c) Analytics and search engine providers that assist us in the improvement and optimisation of our website.
Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws.
5.3 We will also disclose your personal information to third parties:
(a) Where it is in our legitimate interests to do so to run, grow and develop our business:
(i) If we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
(ii) If substantially all of Perrenial or any of its affiliates’ assets are acquired by a third-party, in which case personal information held by Perrenial will be one of the transferred assets;
(b) If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
(c) In order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third-party, to protect the safety of any person or to prevent any illegal activity; or
(d) To protect the rights, property, or safety of Perrenial, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.
5.4 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third-party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.
6. Retention of personal information
6.1 We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights, for example:
(a) In general, customer personal information will be deleted when the customer relationship ends (however personal information may be retained if such information needs to be transferred to an alternative service provider or if required to defend any legal claims);
(b) FCA regulated activity advice will be retained in line with regulatory requirements.
6.2 Further information on the length of time during which we retain your personal information can be found in our Records Management Policy. A copy is available upon request. Please contact asad.khalil@perrenial.co.uk if you would like to request a copy.
7. Security of your information
7.1 Perrenial is committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access, unavailability and destruction and takes all reasonable precautions to safeguard the confidentiality of personal information, including through use of appropriate organisational and technical measures. Organisational measures include physical access controls to our premises, restricting access on a need-to-know basis, staff training, adequate business continuity and disaster recovery procedures and locking physical files in filing cabinets. Technical measures include use of encryption, using secure web portals to send special categories of personal information, passwords for access to our systems and use of anti-virus software. Additionally, Perrenial has secured Cyber Essentials certification and is ISO 27001 accredited.
7.2 In the course of provision of your personal data to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk.
7.3 Where we have given you (or where you have chosen) a password which enables you to access an online account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
8. Transfers of personal information
8.1 The personal information may be used, stored and/or accessed by third-party data processors. This may be for the purposes listed in section 3 above, i.e. the provision of our services to you, your employer or scheme trustee/administrator, the receipt of services from you or your employer, the processing of transactions and/or the provision of support services.
8.2 If we provide any personal information about you to any non-UK third-party data processors, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice. These measures include:
(a) In the case of data passed from the UK to an EEA country, the UK government has recognised these countries as providing adequate protection;
(b) In the case of entities based in countries outside the UK and the EEA (including US based entities), entering into approved standard contractual arrangements with them.
8.3 Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting us by email asad.khalil@perrenial.co.uk at any time.
9. Third-party websites
9.1 Our website may, from time to time, contain links to websites operated by third parties including partner networks and our group companies. Please note that this Privacy Notice only applies to the personal information that we collect, and we cannot be responsible for personal information collected and stored by third parties. Third-party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party, websites or third-party terms and conditions or policies.
10. Marketing
10.1 We may collect and use your personal information for undertaking marketing by email, or phone.
10.2 We may send you certain marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.
10.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third-party for such marketing.
10.4 If you wish to stop receiving marketing communications, you can contact us by email at asad.khalil@perrenial.com at any time, by calling +44 (0)7399025851 during business hours or by clicking on the unsubscribe link which will be located in all our marketing communications.
11. Your rights
11.1 You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us by email at asad.khalil@perrenial.com at any time. You have the right to request that we:
(a) Provide access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom;
(b) Update any of your personal information which is out of date or incorrect;
(c) Delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances using the details given above;
(d) Restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances using the details given above;
(e) Prevent the processing of your personal information for direct-marketing purposes;
(f) Provide your personal information to a third-party provider of services. This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means; or
(g) Consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person's legitimate interest.
11.2 We will consider all such requests and provide our response within a reasonable period (and in any event any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.
11.3 If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
12. Comments and questions
12.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact +44 (0)7399025851 or asad.khalil@perrenial.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
You may also make a complaint to the data protection authority. In the UK, the relevant supervisory authority is the Information Commissioner’s Office (‘ICO’). Information on how to lodge a complaint can be found on the ICO’s website www.ico.org.uk/concerns. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.