Dated: 6th of July 2020
Introduction to General Data Protection Regulation (GDPR) 2018
As part of our arrangements with you, Pirkx Limited [“pirkx”] has certain obligations under privacy laws and General Data Protection Regulation (GDPR) to notify individuals how we will process their personal information we collect. We may maintain personal records for a minimum of at least six years.
We will inform individuals how information collected is used, where it is transferred, and how they may view or amend it. We will treat all personal information as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss, destruction or damage to the information.
The information provided to us may include personal and sensitive data. By using our services, you consent to us and any company associated with us (including, but not necessarily restricted to business partners and strategic alliances, as well as product and insurance providers) processing your data for the purposes of providing agreed services, administration and management. This processing includes obtaining, recording or holding information or data, transferring it to other companies associated with us such as service and product providers, insurers or statutory, governmental or regulatory bodies for legitimate purposes. The examples of third parties provided is not exhaustive and may be updated from time to time as business needs and legal requirements dictate. We will not sell personal data to any third party.
Some services are provided to our organisation by third parties such as processing business or obtaining consultancy, legal or regulatory advice, which may warrant the disclosure of more than just your basic contact details. Personal information held by us may be disclosed on a confidential basis, and in accordance with the GDPR, to any such third parties. This information may be transferred electronically (e.g. e-mail) and we, or any such third party, may contact you in future by any means of communication which we consider appropriate at the time. We will not pass any of your data – including payment details – to any third parties, without your consent or for any purpose other than that which consent was given.
Some of the companies we work with will hold data on you in countries outside of Europe that do not always have the same standard of Data Protection laws as the UK. If this is the case appropriate due diligence will be completed to ensure that your information is adequately protected, and the organisations concerned will be bound by their obligations under the GDPR when your personal information is processed outside Europe.
Where we introduce you to other business partners in order to support service delivery to you, they will also have obligations under GDPR to process your personal information securely. The parties will share information about you, i.e. we may provide updates about the progression and development of your matter for legitimate business purposes. We consider this will be of benefit to you in respect of the services that we are providing
We may use your data to contact you in the future to provide you with details of products, services or information that we feel may be of interest or benefit to you. Please be aware that pirkx may record calls for training and quality purposes. If you wish us or any company associated with us to cease processing your data or you would like to obtain copies of the information we hold about you, please write to: The Data Protection Ocer, Pirkx Limited, 60 St. Martins Lane, Covent Garden, London WC2N 4JS. Under the terms of the GDPR, Pirkx have a period of a month to provide the copies. Pirkx Limited is registered with the Information Commissioner’s Oce (ICO) as a Data Controller. Registration number: ZA425782
Our principles for processing personal data are:
Information we collect
We collect information to provide better services to all of our users
We collect information in the following ways:
Pirkx collects several different types of personal data for various purposes.
Personal Data may include, but is not limited to:
How we use information that we collect
To process your order and manage your account.
We use the information we collect from our services to provide, maintain, protect and improve your user experience and to develop new ones. We also use this information to oer you tailored content
With consent, we use data to:
We facilitate the above functions by using technology providers:
When you contact us, we keep a record of your communication to help solve any issues you might be facing. We may use your e-mail address to inform you about our services, such as letting you know about upcoming changes or improvements.
Legal basis for collecting and processing personal data
Pirkx limited, legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information
Retention of personal data
“pirkx” will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy.
“pirkx” will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Information that you share
Remember that when you share information publicly, it may be indexable by search engines.
Accessing and updating your personal information
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we will strive to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical.
Where we can provide information access and correction, we will do so free of charge, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Information that we share
We do not share personal information with companies, organisations and individuals outside of pirkx unless one of the following circumstances applies:
We may share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our services.
Transfer to other countries
pirkx shares your personal data globally with the pirkx group of companies in order to carry out the activities specified in this policy. pirkx may also subcontract processing to, or share your personal data with, third parties located in countries other than your country and this can be outside the European Union. Your personal data, therefore, may be subject to privacy laws that are different from those in your country.
Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the European Union and Switzerland. In such instances pirkx shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.
Categories of Recipients Reason for sharing
Service providers We work with service providers that work on our behalf which may need access to certain personal data in order to provide their services to us. These companies include those we've hired to provide, services, customer service support, operate the technical infrastructure that we need to provide the pirkx platform, assist in protecting and securing our systems and services
Payment processors We will share your personal data with our payment processors as necessary to enable them to process your payments, and for anti-fraud purposes.
pirkx partners Depending on how you sign up for the pirkx platform (e.g. through a third party service or an Introducer), we share your pirkx username or other User Data as necessary to enable your account. We may also share personal data with that third party about your use of the pirkx platform, such as whether and to what extent you have used the oer, activated a pirkx account, or actively used the pirkx platform. We also may share your personal data with an Introducer for the purpose of allowing them to understand if you joined pirkx or not
Other pirkx group companies We will share your personal data with other pirkx group companies to carry out our daily business operations and to enable us to maintain and provide the pirkx platform to you.
Law enforcement agencies and data protection authorities We share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process. We also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
We work hard to protect pirkx and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
Data protection rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
Compliance and cooperation with regulatory authorities
Please be assured of our utmost commitment to keep your personal information private and safe.