Aperio Audio Visual Ltd transparency notice for clients, contractors and suppliers

Aperio Audio Visual Ltd (registered number 8728209), whose registered office is at Lime Kiln House, Lime Kiln, Royal Wootton Bassett, Wiltshire, England, SN4 7HF (“Aperio” and “We”), know that you care how information about you is used and shared and We appreciate your trust in us to do that carefully and sensibly. This notice describes our Transparency Notice and how we collect and use your during personal information and after your relationship with us.

1.1. Aperio is a “data controller”. This means that We are responsible for deciding how we hold and use personal information about you and explaining it clearly to you.

1.2. This notice applies to prospective, existing and former clients of Aperio, (including employees and representatives of our corporate clients); individual and business contacts and prospects; referrers; individuals who request information from us; any person who provides services to Aperio, either as an individual or as the employee or representative of a corporate service provider; third parties acting for our clients; parties on the other side of our client matters and lawyers acting for such parties.

1.3. It is important that you read this notice, together with any other privacy information or notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1.4. We reserve the right to update this transparency notice at any time, and we will provide you with a new Transparency Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

1.5. We have appointed a Data Protection Manager (DPM) who is responsible for overseeing Aperio’s compliance with data protection law. If you have any questions about this Transparency Notice or how we handle your personal information, please contact the DPM on 01793 220525 or by email to info@aperio-av.co.uk.

1.6. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the course of our engagement with you.

2.1. Personal data, or personal information, means any information about an individual from which that person can be identified.

2.2. There are special categories of more sensitive personal data which require a higher level of protection (see further at section 5, below).

2.3. We collect different information depending on your relationship with us (to see more about the categories of personal information from you and purposes for which we use it below).

2.3.1. Individual Clients

We process:

2.3.1.1. Your name, address and contact details. Such processing is necessary for performance of the contract between us.

2.3.1.2. Information relating to your instructions. Such processing is necessary for the purpose of providing our services.

2.3.1.3. Your bank details, such processing is necessary where these are required for payment by you of funds for works and for the provision of our services.

2.3.1.4. Your marketing preferences and details of any services you have subscribed to and/or events you have attended. Such processing is necessary for the legitimate interest of promoting and growing our business (provided that your interests and fundamental rights do not override our interests).

2.3.1.5. Background information about you and your relationship with Aperio, to inform and improve the service we provide to you. This may include lifestyle information and information about your family. Such processing is necessary for the legitimate interest of informing and improving the service we provide to you (provided that your interests and fundamental rights do not override our interests).

2.3.1.6. Feedback you provide to us on our services . Such processing is necessary for the legitimate interest of managing our business and improving our services (provided that your interests and fundamental rights do not override our interests).

2.3.1.7. To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

2.3.1.8. We may, from time to time, approach you for your consent to allow us to process your personal information for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

2.3.2. Individual prospects and other non-client contacts

We process:

2.3.2.1. your name, address and contact details;

2.3.2.2. your marketing preferences and details of any services you have subscribed to and /or events you have attended;

2.3.2.3. feedback you provide on events or marketing campaigns; and

2.3.2.4. background information about you and your relationship with Aperio, to inform and improve the service we provide to you. Such processing is necessary for the legitimate interest of promoting and growing our business and improving our services (provided that your interests and fundamental rights of do not override our interests).

2.3.2.5. To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

2.3.2.6. We may, from time to time, approach you for your consent to allow us to process your personal information for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

2.3.3. Individual service providers

We process:

2.3.3.1. Your name, title and business contact information including addresses, telephone numbers and email addresses.

2.3.3.2. Details relating to the performance of the contract between us, including financial information and bank details for payment. Such processing is necessary for performance of the contract between us.

2.3.3.3. We may perform due diligence in the form of credit checks. We do this as necessary for our legitimate interests (provided that your interests and fundamental rights do not override our interests).

2.3.3.4. To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

2.3.3.5. We may, from time to time, approach you for your consent to allow us to process your personal information for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

2.3.4. Corporate clients, suppliers and third party business contacts and prospects

We process:

2.3.4.1. Names, titles and business contact information including addresses, telephone numbers and email addresses for your employees and representatives. Such processing is necessary for performance of the contract between us.

2.3.4.2. We process information relating to your instructions. If you are an employer, this may include information about your staff.

2.3.4.3. We process personal information contained in documents reviewed by us as part of any due diligence. Such processing is necessary for the purpose of providing our services.

2.3.4.4. We process your marketing preferences and details of any services you have subscribed to and any events your employees and representatives have attended. Such processing is necessary for the legitimate interest of promoting and growing our business (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).

2.3.4.5. We process any feedback you (your employees or representatives) provide to us on our services . Such processing is necessary for the legitimate interest of managing our business and improving our services (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).

2.3.4.6. We process background information about you, and your employees and representatives, and your relationship with Aperio. Such processing is necessary for the legitimate interest of informing and improving the service we provide to you (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).

2.3.4.7. To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

3.1. We collect personal information direct from you when we establish you as a client, when you complete our website enquiries, if you register with us for an event or to receive updates and information from us, or where we enter into a contract to receive services from you.

3.2. We collect further information from you during the period of our retainer or for the duration of you providing services to us.

3.3. We collect information from other third parties, such as other professionals advising our clients on a matter, from referrers and partner organisations (if we have run a joint event)

3.4. We may collect information about you from public sources, from an online search or from social media sites.

4.1. We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

4.1.1. Where we need to perform the contract we have entered into with you.

4.1.2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we will advise you of the relevant interest.

4.1.3. Where we need to comply with a legal obligation.

4.1.4. Otherwise, with your consent.

4.2. We may also use your personal information in the following situations, which are likely to be rare:

4.2.1. Where it is needed in the public interest.

4.3. We may check your details with fraud prevention agencies. If you provide false or inaccurate information and we suspect fraud, we will record this.

4.4. We may allow other people and organisations to use Personal Data we hold about you in the following circumstances:

4.4.1. If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Data held by us, about our customers, will be one of the transferred assets.

4.4.2. If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.

4.4.3. We employ companies and individuals to perform functions on our behalf and we may disclose your Personal Data to these parties for the purposes set out in clause 2 or, for example, for fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit and debit card payments and providing customer service. Those parties are bound by strict contractual provisions with us and only have access to Personal Data needed to perform their functions, and may not use it for other purposes. Further, they must process the Personal Data in accordance with this Transparency Notice and as permitted by the General Data Protection Regulations. From time to time, these other people and organisations to whom we may pass your Personal Data may be outside the European Economic Area. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Transparency Notice and as permitted by the General Data Protection Regulations.

4.5. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

4.6. We will only use your personal information for the purposes for which we collected it, as outlined above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4.7. Where you give us Personal Data on behalf of someone else, you confirm that you have provided them with the information set out in this Privacy Policy and that they have not objected to such use of their Personal Data.

4.8. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5.1. If we are required to transfer information outside the EEA, we only do so where permitted by law, and where we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.

5.2. If you are based outside the EEA we may transfer personal information to the correspondence address you provide to us. We will take all reasonable steps to ensure that such transfers are secure, including use of encryption for all transfers. By instructing us from outside the EEA you acknowledge and agree that such transfers are necessary for us to provide services to you.

6.1. We have put in place measures to protect the security of your information. Details of these measures are available upon request.

6.2. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

6.3. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

6.4. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

6.5. Further details of the security measures we take are available from the DPM.

7.1. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7.2. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

7.3. Where a minimum retention period is required by law (such as retaining records for HMRC purposes) we comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

7.4. If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so.)

7.5. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

8.1. Under certain circumstances, by law you have the right to:

8.1.1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

8.1.2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

8.1.3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

8.1.4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

8.1.5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

8.1.6. Request the transfer of your personal information to another party.

8.1.7. Withdraw consent in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.

8.2. To exercise any of the above rights, please contact the DPM contact the DPM on 01793 220525 or by email to info@aperio-av.co.uk

8.3. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

8.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

9.1. Our website may include third-party advertising and links to other websites. We do not provide any personally identifiable customer Personal Data to these advertisers or third-party websites.

9.2. These third-party websites and advertisers, or internet advertising companies working on their behalf, sometimes use technology to send (or ‘serve’) the advertisements that appear on the Website directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. We do not have access to or control over cookies or other features that they may use, and the information practices of these advertisers and third-party websites are not covered by this Privacy Policy. Please contact them directly for more information about their privacy practices. In addition, the Network Advertising Initiative offers useful information about internet advertising companies (also called ‘ad networks’ or ‘network advertisers’), including information about how to opt-out of their information collection.

9.3. To the fullest extent permitted, we exclude all liability for loss that you may incur when using third party websites.

Last updated: 1st August 2019